exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-07-05

Red Hat Security Advisory 2016-1385-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1385-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5009
SHA-256 | 6e2f1a64426a3441db19a3f627ac1a2e6c54b062acf80e1faf2263a2ed0aa796
Red Hat Security Advisory 2016-1384-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1384-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5009
SHA-256 | f30178f82aa154cadd872f88c326882a07f2396b67d8d10c20059c3b84008dbf
Ubuntu Security Notice USN-3025-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3025-1 - It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4994
SHA-256 | f4883d83e7653e58a5a51631f142e075260510c3732cfb4884abb838a6206bfa
Ubuntu Security Notice USN-3026-2
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3026-2 - It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

tags | advisory, remote
systems | cisco, linux, ubuntu
advisories | CVE-2016-5104
SHA-256 | 9eba56d6604451c259fb0e08ea9d19711741157daa341b4525e648e499bcfacd
HP Security Bulletin HPSBHF03613 1
Posted Jul 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03613 1 - Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793
SHA-256 | 9167fdcf073265b0be894bab391505d9b9700dc7bb114d588f30e9567cafc92b
Ubuntu Security Notice USN-3026-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3026-1 - It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

tags | advisory, remote
systems | cisco, linux, ubuntu
advisories | CVE-2016-5104
SHA-256 | de4898d4ca2ee3a1c5c45efa3b211507d61cffa1a3087c65983973107a1f8822
Ubuntu Security Notice USN-3024-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3024-1 - It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | 4370e181c653b8239d33a7ca5224666cb7d29084f3014c7e307c339e87ecd273
Red Hat Security Advisory 2016-1378-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1378-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4985
SHA-256 | cf0653a60b67d585ed9588c8088bcba3f2e30c854c60789ef0985ca54cbb1db7
Red Hat Security Advisory 2016-1377-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1377-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4985
SHA-256 | d0bf2032c8fc6f463979829d9f140ec32ab10ca2f36f474f914a721b83f2f3ac
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 5, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 1af27cbf8c0fcfe0a2a30b081299a3527075a1b360c06d9a09003f8f6a4fd9c1
Red Hat Security Advisory 2016-1380-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1380-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2014-7191
SHA-256 | acdec234b54c7dfd32536ce5ae44e6ef68bd3a56857fe91b3743c4c38970aea2
Debian Security Advisory 3616-1
Posted Jul 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3616-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-9904, CVE-2016-5728, CVE-2016-5828, CVE-2016-5829, CVE-2016-6130
SHA-256 | f8f91d42b2147ed0e585aa9485405e88185e79297b056fa67e83dc0d6de123ee
WordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS
Posted Jul 5, 2016
Authored by Mukarram Khalid

WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file upload
SHA-256 | 3c4b4687c891c6fca773d5436678988b2dd8987079a676672916e5464ce95eaf
Acer Portal Android Application 3.9.3.2006 Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
SHA-256 | e41d65b401922a36dd4fd36af2a4b2b250969e944b8ae92cf0e117d652041d1b
Apple Safari 9.1.1 Local XXE Injection
Posted Jul 5, 2016
Authored by Filippo Cavallarin

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

tags | exploit, local, xxe
systems | apple, osx
SHA-256 | 23bbd32f77e1c03ed726b6f44b84ac17454893681f3844f34b64aef3707c3454
Apache 2.4.20 X509 Authentication Bypass
Posted Jul 5, 2016
Authored by Erki Aring | Site httpd.apache.org

Apache HTTPD WebServer versions 2.4.18 through 2.4.20 do not validate an X509 client certificate correctly when the experimental module for the HTTP/2 protocol is used to access a resource.

tags | advisory, web, protocol
advisories | CVE-2016-4979
SHA-256 | 73cb5eb411b034ceb6b622bf0f896e11c8dc4ab336ed65d2398b8fb6ff33854a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close