what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files Date: 2015-12-10 to 2015-12-11

Debian Security Advisory 3414-1
Posted Dec 10, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3414-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2015-3259, CVE-2015-3340, CVE-2015-5307, CVE-2015-6654, CVE-2015-7311, CVE-2015-7812, CVE-2015-7813, CVE-2015-7814, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104
SHA-256 | 78a4693f6a6b43fb82c9d63e085c9afe3e278de9ff692fe7f1d211ef3c565859
HP Security Bulletin HPSBHF03432 1
Posted Dec 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03432 1 - Potential security vulnerabilities have been identified with HPE Networking Comware 5, Comware 5, Low Encryption SW, Comware 7, and VCX, Using NTP. The vulnerabilities could be remotely exploited resulting in resulting in remote access restriction bypass and code execution. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295
SHA-256 | 678f73403ca3b8273f6c81a3451515dff3b523d9531d109874052b4d1c0be3a4
HPE Security Bulletin HPSBHF03433 SSRT102964 1
Posted Dec 10, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBHF03433 SSRT102964 1 - A potential security vulnerability has been identified with HP-UX Running Mozilla Firefox and Thunderbird. This may allow remote disclosure of information. Note: This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2015-4000
SHA-256 | 3e81b5eb4278ca6044b20d0deec6038c426e3ae3d970a9d87173dff635aa4758
HP Security Bulletin HPSBMU03520 1
Posted Dec 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03520 1 - A potential security vulnerability has been identified with HP Insight Control server provisioning that could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.

tags | advisory, info disclosure
advisories | CVE-2015-6858
SHA-256 | dd04ee39aca05468333e84603aecf008d62d53a7cf49f581f3f2038f3d28c236
Debian Security Advisory 3415-1
Posted Dec 10, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3415-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-1302, CVE-2015-6764, CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6776, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786
SHA-256 | 277ab7bf454ee5435c2846f79d78aea1abfd54b960a2af4ba6ec25ba4d587ea2
Cisco Security Advisory 20151209-java-deserialization
Posted Dec 10, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. After the vulnerable library on the affected system deserializes the content, the attacker could execute arbitrary code on the system, which could be used to conduct further attacks. Cisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

tags | advisory, java, remote, arbitrary
systems | cisco
SHA-256 | c5a4ebcf1166c860b0b9e2dfffc2c555bd3286e04e16fdc3619f440519651cc1
Cisco Security Advisory 20151209-pca
Posted Dec 10, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to log in to the system shell with the default cmuser user account and access the shell with a limited set of permissions. The vulnerability is due to an undocumented account that has a default and static password. This account is created during installation and cannot be changed or deleted without impacting the functionality of the system. The first time this account is used the system will request that the user change the default password. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH by using the undocumented account. Successful exploitation could allow the attacker to access the system with the privileges of the cmuser user. This vulnerability allows the attacker to: access some sensitive data, such as the password file, system logs, and Cisco PCA database information; modify some data; run some internal executables; and potentially make the system unstable or inaccessible. Cisco has released software updates that address this vulnerability. Workarounds are available.

tags | advisory, remote, shell
systems | cisco
SHA-256 | d64e29508c852dfb295d954b6f3d5f1cb35149ab6e04faffe75dc242b23aae6b
Apple Security Advisory 2015-12-08-4
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-4 - watchOS 2.1 is now available and addresses 30 security issues.

tags | advisory
systems | apple
advisories | CVE-2011-2895, CVE-2015-6978, CVE-2015-6979, CVE-2015-6997, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7046, CVE-2015-7047, CVE-2015-7053, CVE-2015-7054, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7064, CVE-2015-7066, CVE-2015-7068, CVE-2015-7072, CVE-2015-7073, CVE-2015-7075, CVE-2015-7083, CVE-2015-7084, CVE-2015-7105, CVE-2015-7111
SHA-256 | 35e6c7749d96dbf64e523cf50d19919b547c725da825f7a56fc848495736ffe5
Apple Security Advisory 2015-12-08-2
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-2 - tvOS 9.1 is now available and addresses 48 security issues.

tags | advisory
systems | apple
advisories | CVE-2011-2895, CVE-2015-3807, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7048, CVE-2015-7051, CVE-2015-7053, CVE-2015-7054, CVE-2015-7055, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7068, CVE-2015-7072, CVE-2015-7073
SHA-256 | 86a1c0b0064c65e2ba9f9e35f71969a6953435935620d00089199e7d216c3ef8
Apple Security Advisory 2015-12-08-3
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-2895, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-3807, CVE-2015-5333, CVE-2015-5334, CVE-2015-6908, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063
SHA-256 | 78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92
Apple Security Advisory 2015-12-08-6
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-6 - Xcode 7.2 is now available and addresses four vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2015-7049, CVE-2015-7056, CVE-2015-7057, CVE-2015-7082
SHA-256 | 888d23a76dd87a6d1410e71117dd4acfde735c449c0fafa370a9628e0f9f9fa9
Apple Security Advisory 2015-12-08-5
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-5 - Safari 9.0.2 is now available and addresses a dozen vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2015-7048, CVE-2015-7050, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
SHA-256 | faaf3e0fe6e71c38f9144a2dd495d91c2b0f9a58927a98823d0a255b0656d424
Apple Security Advisory 2015-12-08-1
Posted Dec 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-12-08-1 - iOS 9.2 is now available and addresses at least 50 security vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2011-2895, CVE-2015-3807, CVE-2015-7001, CVE-2015-7037, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7046, CVE-2015-7047, CVE-2015-7048, CVE-2015-7050, CVE-2015-7051, CVE-2015-7053, CVE-2015-7054, CVE-2015-7055, CVE-2015-7058, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7068, CVE-2015-7069, CVE-2015-7070, CVE-2015-7072, CVE-2015-7073, CVE-2015-7074
SHA-256 | e95c0155e9a3059625dc58d7286d266927a20daeeadb4db49bcc96e0e4c2eafc
Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow
Posted Dec 10, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2015-6130
SHA-256 | d65fab95536006f5a8a8545eff4d02524698f63bed04d5515fe21776d1ea97e1
Arro Insecure Transit
Posted Dec 10, 2015
Authored by Shaftek Security Research

The Arro taxi hailing application failed to use SSL for transit of secrets.

tags | advisory
SHA-256 | 8dcf2660cdb2ece0a5f125068e93da61a9d85afaf0af734dda03f2a9dbb76927
appRain 4.0.3 Code Execution
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

appRain version 4.0.3 suffers from code execution and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution
SHA-256 | b014b43098c86f53eda01d8e981d7501de7585a22761e3064f5a3c321fd72ba2
appRain 4.0.3 Cross Site Request Forgery
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

appRain version 4.0.3 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | bc0624e70c181166f2c7d7b035b0a841ed95b529240c3be4138ef02231dc0146
appRain 4.0.3 Path Traversal
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

appRain version 4.0.3 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | ed7376d3b7c28ede70e48ea7c3aae862305c0fb53ebf749f039c92e8edbdedb3
appRain 4.0.3 Cross Site Scripting
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

appRain version 4.0.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 54b49f563bacb15583f83004717acfdcaaae15e893f1340b353e9182863f9257
redaxscript 2.5.0 Code Execution
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

redaxscript version 2.5.0 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | cf5470fd255fbe9de2b3a7762546247b2173f1d01d3fff8aaa9c994caabb0228
redaxscript 2.5.0 Cross Site Scripting
Posted Dec 10, 2015
Authored by Tim Coen | Site curesec.com

redaxscript version 2.5.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f29644ab6a120c3a87864d21e7ea388a0a0b1f39b536699a05b19f332bd33fe3
7-Zip DLL Hijack
Posted Dec 10, 2015
Authored by Stefan Kanthak

7-Zip executable installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | a259b0953e210ae02ad72512f7e8c51dc0cd1cf3d177364e8af93dd658d937b4
Red Hat Security Advisory 2015-2594-01
Posted Dec 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2594-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7981, CVE-2015-8126, CVE-2015-8472
SHA-256 | 0a20de8b0299da5566af857a071951410140d34f6aaeb77c80535ea079bde800
Red Hat Security Advisory 2015-2593-01
Posted Dec 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2593-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406
SHA-256 | d5dc0f9a309ed83f88463eaa694276f2a32498032be2764a6f466014f34f56fc
Red Hat Security Advisory 2015-2596-01
Posted Dec 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2596-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8126, CVE-2015-8472
SHA-256 | 0031e7373b39060ea4661594cb1b8dba07adeabfd1c2fccfe7cc824bec5ca1e8
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close