what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-03-11

Red Hat Security Advisory 2016-0438-01
Posted Mar 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
SHA-256 | 243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521d
IP-Array IPTables Firewall Script 1.1.2
Posted Mar 11, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: Bugfix - If in interactive mode and the dialog program was used, option lists were truncated.
tags | tool
systems | linux, unix
SHA-256 | 1776a45062cfe3936e51bcfdbca58205ae2d5cbb6213066d96bedbe4afaeeed3
Chrome GPU Process Sandbox Escape
Posted Mar 11, 2016
Authored by Google Security Research, Ian Beer

The Chrome GPU process suffers from a sandbox escape vulnerability due to the use of an invalid iterator in its IPC handler.

tags | advisory
systems | linux
advisories | CVE-2016-1642
SHA-256 | d2d9c1487cfb63d12edeb554dbcb77ba9f610f4a712c8e1c702ea55db2525c82
PHP Utility Belt Remote Code Execution
Posted Mar 11, 2016
Authored by Jay Turla, WICS | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | 2e8528e3811c7d93f83ce9f7eaaa80a6321b298dc7b5c63c52212036dbd43291
SAP Download Manager 2.1.142 Weak Encryption
Posted Mar 11, 2016
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.

tags | exploit, java
SHA-256 | 1f6322a207069e2f5bc531348512c5fd625d13c50f19530142f4b90972ead191
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
Posted Mar 11, 2016
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.

tags | exploit
SHA-256 | 18a66fe7900c1810c0fc80919872842aa7dc1c3f9621fc72457dd1327d263f61
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
SHA-256 | 01bc25f8f8df246c49b97afca9f4177773fc93680f8d029f118b41c573555d1f
IP-Array IPTables Firewall Script 1.1.1
Posted Mar 11, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: The interactive mode has been improved. Mainly the dialog program is now also supported. It is now possible to do the xml parsing selectively by category. Also the iptables arguments can now be shown by category. Two hard and some minor bugs were fixed. Minor other tweaks have been done. Documentation was updated.
tags | tool
systems | linux, unix
SHA-256 | 1eb6674824a29608d618180f1fa727b82362b14e344e41eaaad8b4d2c8a6c685
Microsoft Security Out-Of-Band Bulletin For March, 2016
Posted Mar 11, 2016
Site microsoft.com

This summary lists one bulletin that is added to the March, 2016 Microsoft security bulletin.

tags | advisory
SHA-256 | f6e84fabfef9ac77df5cbe4f618702fb848646670da5f23dbdebe366a2590e3c
libotr 4.1.0 Memory Corruption
Posted Mar 11, 2016
Authored by Markus Vervier

A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2016-2851
SHA-256 | ea7da15f0bdfd219e45644306a8022ee070808fe6f08855862fdfa8bf03c3509
PuTTY / PSCP 0.66 Buffer Overflow
Posted Mar 11, 2016
Authored by oststrom

PuTTY / PSCP versions 0.66 and below suffer from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2016-2563
SHA-256 | 6d2b3558ad305a2127d39e8456e3f26082ca091a09253ee93d740417df3f0fd8
Ubuntu Security Notice USN-2926-1
Posted Mar 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2926-1 - Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2851
SHA-256 | f67b0217d1992c373207172bb28efa3fdad04ab3e16925e3431e054bc3bc43c1
Ubuntu Security Notice USN-2920-1
Posted Mar 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2920-1 - It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1630, CVE-2016-1631, CVE-2016-1633, CVE-2016-1634, CVE-2016-1636, CVE-2016-1637, CVE-2016-1641, CVE-2016-1642, CVE-2016-1643, CVE-2016-1644, CVE-2016-2843, CVE-2016-2844, CVE-2016-2845
SHA-256 | 236ba0557b9d40751af735654fcef90623af994edd3294795d9bcfe621947b98
Red Hat Security Advisory 2016-0430-01
Posted Mar 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0430-01 - Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-0729
SHA-256 | 7190bbe0c03ec41ec385fa2a651d60b22115e280dbbfe558cbaffdaaadb0e5c3
Linux Netfilter IPT_SO_SET_REPLACE Memory Corruption
Posted Mar 11, 2016
Authored by Google Security Research, hawkes

A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing.

tags | exploit
systems | linux
SHA-256 | 03f257b053d3c64d24ffa875e29a5087f0fb6d4e4e961129c6bb78d5f11f52a4
GNU Transport Layer Security Library 3.3.22
Posted Mar 11, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.

Changes: Various updates.
tags | protocol, library
SHA-256 | 0ffa233e022e851f3f5f7811ac9223081a0870d5a05a7cf35a9f22e173c7b009
Android BnBluetoothGattServer / BnBluetoothGatServerCallback IPC Memory Corruption
Posted Mar 11, 2016
Authored by Google Security Research, forshaw

The SEND_RESPONSE_TRANSACTION and SEND_NOTIFICATION_TRANSACTION IPC calls in BnBluetoothGattServer::onTransact are vulnerable to stack corruption which could allow an attacker to locally elevate privileges to the level of the bluetooth service.

tags | advisory
systems | linux
SHA-256 | cbc7f6f546c6a4a041cd6195c2cb666ba89578a8bc1ee57f073e4fde11ca48cb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close