ignore security and it'll go away
Showing 76 - 100 of 506 RSS Feed

Files Date: 2016-11-01 to 2016-11-30

Red Hat Security Advisory 2016-2820-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705
MD5 | 491b87cff099497464b93aa7323a6ffb
Red Hat Security Advisory 2016-2819-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
MD5 | c634ff0bf43812c5d02354fde3c6e91a
Linux Kernel 2.6.32-642 / 3.16.0-4 Inode Integer Overflow
Posted Nov 23, 2016
Authored by Todor Donev

Linux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.

tags | exploit, overflow, kernel, proof of concept
systems | linux
MD5 | 5e4bac26711257f2b173173b9a893edf
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
TP-LINK TDDP Buffer Overflow / Missing Authentication
Posted Nov 23, 2016
Authored by Core Security Technologies, Andres Lopez Luksenberg

Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 75bd302689d825abf438d908c7aeabce
Red Hat Security Advisory 2016-2816-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-8626
MD5 | c53faf50d2f9b17fdb12d61c106fa9c9
Red Hat Security Advisory 2016-2815-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-8626
MD5 | 40e849086f142342f2fe5a0a631b942a
Microsoft Internet Explorer 8 8 MSHTML SRunPointer::SpanQualifier/RunType Out-Of-Bounds Read
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.

tags | exploit, web
advisories | CVE-2015-0050
MD5 | 4d0b3ffce8b8ea73636475ad12f99828
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
Posted Nov 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

EasyPHP Devserver version 16.1.1 suffers from cross site request forgery and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, csrf
MD5 | 1c30f5d29d417d09aa93e89605fff2f7
Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials
Posted Nov 23, 2016
Authored by Zach Lanier

Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2016-5639
MD5 | 5b5026c9de1a7593e6278ffca75951c1
Huawei UTPS UTPS-V200R003B015D16SPC00C983 Privilege Escalation
Posted Nov 23, 2016
Authored by Dhruv Shah

Huawei UTPS software version UTPS-V200R003B015D16SPC00C983 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
advisories | CVE-2016-8769
MD5 | a99ab7c10a0cbc6bec9f3c753f2bc5e6
Acunetix 10.0 DLL Hijacking
Posted Nov 23, 2016
Authored by Ashiyane Digital Security Team

Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | c7d17948b507cc164092b9290f9294d3
Linux Reboot Shellcode
Posted Nov 23, 2016
Authored by MALWaRE43

89 bytes small /bin/sh -c reboot shellcode for Linux.

tags | shellcode
systems | linux
MD5 | 6ebbbd4d2b92ca81bfde6be3923f77da
Positive Hack Days VII Call For Papers
Posted Nov 22, 2016
Site phdays.com

Call For Papers for Positive Hack Days VII which will take place May 23rd through the 24th, 2017 in Moscow, Russia.

tags | paper, conference
MD5 | 69b7d4bfd1b5a24ada951022c4b0bc04
x33fcon 2017 Call For Papers
Posted Nov 22, 2016
Site x33fcon.com

The call for papers for x33fcon has been announced. It will take place April 24th through the 28th, 2017, in Poland.

tags | paper, conference
MD5 | 2c527735beebd90f3873496e2927d922
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
Posted Nov 22, 2016
Authored by Andrea Barisani

Multiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.

tags | advisory, csrf
advisories | CVE-2016-8672
MD5 | c590ef7662fc1519d4471789c6f70ff1
ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
Posted Nov 22, 2016
Authored by Magnus Klaaborg Stubman

ntpd versions 4.2.7p22 up to but not including 4.2.8p9 and 4.3.0 up to, but not including 4.3.94 suffer from a remote denial of service vulnerability. The vulnerability allow unauthenticated users to crash ntpd with a single malformed UDP packet, which cause a null pointer dereference.

tags | exploit, remote, denial of service, udp
advisories | CVE-2016-7434
MD5 | be759033c96dac4a8b8ca928858c34f1
WonderCMS 0.9.8 Cross Site Scripting
Posted Nov 22, 2016
Authored by Manuel Garcia Cardenas

WonderCMS versions 0.9.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2a28c660515d898832111ca2eeae753
Ubuntu Security Notice USN-3135-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3135-1 - Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | be14e9806d2c1070bd0d1e8050c7e414
Ubuntu Security Notice USN-3134-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3134-1 - It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, cgi, python
systems | linux, ubuntu
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699
MD5 | 0ce8a8b98671640d3e776ca2617dbc64
Ubuntu Security Notice USN-3132-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3132-1 - Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6321
MD5 | 21a351a2a2e62a37fb6212a8f3a502f0
Gentoo Linux Security Advisory 201611-20
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-20 - A buffer overflow in TestDisk might allow remote attackers to execute arbitrary code. Versions less than 7.0-r2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
MD5 | 279de891c0cb389b4f5a5fa3118167c8
Gentoo Linux Security Advisory 201611-19
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-19 - A path traversal attack in Tar may lead to the remote execution of arbitrary code. Versions less than 1.29-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2016-6321
MD5 | 783036497dc82f9c3d4367e40dd9e618
Gentoo Linux Security Advisory 201611-18
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-18 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.207 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
MD5 | b4dad1bba7f1c0a49548caa6bb90485d
Gentoo Linux Security Advisory 201611-17
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-17 - A buffer overflow in RPCBind might allow remote attackers to cause a Denial of Service. Versions less than 0.2.3-r1 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2015-7236
MD5 | 317520e0b7f39cb17af4985261e246d2
Page 4 of 21
Back23456Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close