what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 333 RSS Feed

Files Date: 2016-04-01 to 2016-04-30

Digitalstrom Konfigurator 1.10.0 CSRF / Cross Site Scripting
Posted Apr 22, 2016
Authored by W. Schober | Site sec-consult.com

Digitalstrom Konfigurator version 1.10.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | c1222ada6c904eee3c1aae5b05d9e712fcff0d0139e72dc176f4270549e20f32
my devolo 1.2.8 Insecure Data Storage
Posted Apr 22, 2016
Authored by A. Nochvay | Site sec-consult.com

my devolo version 1.2.8 suffers from an insecure data storage vulnerability.

tags | advisory
SHA-256 | 415a9667d7875e4ffab1d65d9e2cf1a4f4419c8a28f4fcc72dddbb4c9b7a0e90
HP Security Bulletin HPSBMU03573 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03573 1 - A potential security vulnerability has been identified with HPE System Management Homepage (SMH) on Windows and Linux. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2016-0800
SHA-256 | 0f9a8afa3e02fde39f49085d5941c36ef63fb1b0db9a70d41a775c34c9b30791
HP Security Bulletin HPSBGN03580 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-2808, CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008
SHA-256 | fe555940ce11a58464ddf248fb5f34613b1577e3c29742dd8f78b82baddfc1de
Debian Security Advisory 3553-1
Posted Apr 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3553-1 - Regis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-8852
SHA-256 | bc657fff411ae02e679a1648904473ae77ce5c8698e470789184f8f669a61b43
Debian Security Advisory 3554-1
Posted Apr 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3554-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3158, CVE-2016-3159, CVE-2016-3960
SHA-256 | eaab15a54a41ea6970b80c6129c79cc7bf582d226649ce50c14c4881102bb949
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
SHA-256 | eb65f546694378db27ee102831851f498e62d4fb03e39ac60cfe0233903e6505
Pcapteller 1.0
Posted Apr 22, 2016
Authored by Juan J. Guelfo | Site encripto.no

Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.

Changes: Support for multiple / simultaneous address manipulation (both for MAC and IP addresses), and support for pcap replay without manipulation has been added. Improved argument validation.
tags | tool
systems | unix
SHA-256 | 9817c5848356d1c681ec4d7673067caf73002458ea45865f096169c58e3f4474
Red Hat Security Advisory 2016-0679-01
Posted Apr 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0679-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 115. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 0340146d9888ba15286481bf065ec18c2d5a4ddf8079084b846383f0f04b7c15
Ubuntu Security Notice USN-2953-1
Posted Apr 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2953-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668, CVE-2016-2047
SHA-256 | 9c12ded85963841122600225020c8b57b79a49ee77bbd119512b585e2069ce08
phpLiteAdmin 1.9.6 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 22, 2016
Authored by Ozer Goker

phpLiteadmin version 1.9.6 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 292be8d16f4261cf491c35a9bc824f7659e683907e5529a5962c98fc7707acbd
Gemtek CPE7000 WLTCS-106 Authentication Bypass / Code Execution
Posted Apr 22, 2016
Authored by Federico Ramondino

Gemtek CPE7000 WLTCS-106 suffers from authentication bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
SHA-256 | 745cfcf489634daa60147be08fb47f037b6814b4b22fc0372c239b663d014cce
Linux/x86 Bind Shell Shellcode Generator
Posted Apr 22, 2016
Authored by Ajith KP

This python script generates bind shell shellcode for Linux x64.

tags | tool, shell, shellcode, python
systems | linux
SHA-256 | da456f340343df29f1fbf4bb7a56af35e8d6ff0df790903d7442feff3a72fdd3
Microsoft Security Bulletin Revision Increment For April, 2016
Posted Apr 22, 2016
Site microsoft.com

This bulletin summary lists MS16-039 which has undergone a major revision increment.

tags | advisory
SHA-256 | 0ac741de4428df0121953939d51fee062a375e8acec222ddc150a90301918fe7
libgd 2.1.1 Signedness
Posted Apr 21, 2016
Authored by Hans Jerry Illikainen

A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.

tags | exploit, overflow
advisories | CVE-2016-3074
SHA-256 | 3a2ce455a8601a1585ae58c370524696afc5c9cf036efab381d9622a8c9decf1
Symantec Brightmail 10.6.0-7 LDAP Credential Grabber
Posted Apr 21, 2016
Authored by Fakhir Karim Reda

Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be retrieved.

tags | exploit
advisories | CVE-2016-2203
SHA-256 | 88d3d8221a33175dc392a1dde9b17ac2dce0186a796efa0efdcc5c79c77bb457
Exponent CMS 2.3.5 File Upload Cross Site Scripting
Posted Apr 21, 2016
Authored by Sachin Wagh

Exponent CMS version 2.3.5 suffers from a file upload vulnerability that allows for cross site scripting.

tags | exploit, xss, file upload
advisories | CVE-2015-8684
SHA-256 | c4ece7a07c3fa3b38dd0fb113aad54aacd042e613d452d326da6237d70179fcc
Exponent CMS 2.3.5 Cross Site Scripting
Posted Apr 21, 2016
Authored by Sachin Wagh

Exponent CMS version 2.3.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-8667
SHA-256 | 6a585b0745893b5ede86522555e556bf41c3aa59e50576817c204b6240bf2ae1
Ubuntu Security Notice USN-2952-1
Posted Apr 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2952-1 - It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-9767, CVE-2015-8835, CVE-2015-8838, CVE-2016-1903, CVE-2016-2554, CVE-2016-3141, CVE-2016-3142, CVE-2016-3185
SHA-256 | 4d6db38bd4a4eeeff3a87c17afbc7413a7d3d1c3b63225f6e73d061b71d981c9
ImpressCMS 1.3.9 SQL Injection
Posted Apr 21, 2016
Authored by Manuel Garcia Cardenas

ImpressCMS versions 1.3.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 61197cfbac59fcda7b4cf54107bb9e3be6d92521823d8c532388723addffcece
Red Hat Security Advisory 2016-0678-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0678-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 101. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 63a203916e8946bb559b14bc46107ba6a1973b9155ec04c0330c9d74b5feb030
Red Hat Security Advisory 2016-0677-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0677-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 91. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 998b4e01ddd98bf99e316038c9799396bb83ab95f8c668a5bfc4e7d7fb84c82b
Red Hat Security Advisory 2016-0676-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0676-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 4957fba7cfab0271e2e2a1b7fecd59abf0cb0d1af97fb5c03cb515635a2e3346
Red Hat Security Advisory 2016-0675-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0675-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 31475770043462674735810ea8ce72f5a339a55eb8567815e81b1270ae16e78e
OpenTSDB Remote Code Execution
Posted Apr 21, 2016
Authored by gsoc

OpenTSDB suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | ef629a5afda4799864a0738de815ff969d73a1592c4e3b2c08cc18011241292a
Page 4 of 14
Back23456Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close