what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2016-12-09

Ubuntu Security Notice USN-3153-1
Posted Dec 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3153-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5213, CVE-2016-5215, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652
SHA-256 | 3504b626957a07f9b0e31fa739c2b3c553e9fd5b17a367370b8490f5a0168cd3
Red Hat Security Advisory 2016-2933
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2933 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
SHA-256 | 67077c8cafbfe6072c6edf13c4e21d1b8f5252a6e715bc8616fae7aac5860cdc
Red Hat Security Advisory 2016-2932-01
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2932-01 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
SHA-256 | 50b384607295f1379adf0df884f3814ccd83909bfcfe9cab8e226e48245f72a7
Smart Guard Network Manager 6.3.2 SQL Injection
Posted Dec 9, 2016
Authored by Rahul Raz

Smart Guard Network Manager version 6.3.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4a4f441553e8983fb020142c46f809ff6b14e18f481c22c5965376fd6bae4799
WordPress Multisite Post Duplicator 0.9.5.1 Cross Site Request Forgery
Posted Dec 9, 2016
Authored by Tom Adams

WordPress Multisite Post Duplicator version 0.9.5.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a48083336df703d960a3e51cefa17b950424b1a6e48bc9ebe6980313d31bba7f
Chaordic Search 1.1 Cross Site Scripting
Posted Dec 9, 2016
Authored by Felipe Andrian Peixoto

Chaordic Search version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5c0b3f7677b2ad0e9368a4c55b687fea8b81f7ded8de3fd0c27734b1165577dc
Symantec VIP Access Arbitrary DLL Execution
Posted Dec 9, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Symantec VIP Access versions prior to 2.2.2 suffer from an arbitrary dll execution vulnerability.

tags | exploit, arbitrary
advisories | CVE-2016-6593
SHA-256 | 5ca737baebcbd1cbc09483a6d142a87476638101e0c9a009275630705f59a463
Splunk Enterprise 6.4.3 Server-Side Request Forgery
Posted Dec 9, 2016
Authored by Francesco Oddo | Site security-assessment.com

Splunk Enterprise versions 6.4.3 and below suffer from a server-side request forgery vulnerability.

tags | exploit
SHA-256 | b5446560dcd7b9cd7873e8dc1db514397d843547598024e58788677230bcbb24
Gstreamer ID3v2 1.0 Out-Of-Bounds
Posted Dec 9, 2016
Authored by joshua2014

The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames. By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set length in the succeeding frame it is possible to generate an out of bounds read. An attacker may leverage this vulnerability to cause at minimum a denial of service attack. Version 1.0 is affected.

tags | advisory, denial of service
SHA-256 | 7053c885758da05fdc4302099f0183ee8781c3524ce7b49a27b4cff6b94c85c9
Microsoft Internet Explorer 9 MSHTML CElement::HasFlag Memory Corruption
Posted Dec 9, 2016
Authored by SkyLined

Microsoft Internet Explorer 9 suffers from an MSHTML CElement::HasFlag memory corruption vulnerability.

tags | exploit
SHA-256 | de3ff417c37e84e841ea8288009472116064d0e0a99e0de7496deda50abc3949
Asterisk Project Security Advisory - AST-2016-008
Posted Dec 9, 2016
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

tags | advisory
SHA-256 | 2a073eeba4b82f770c34c9371cc94f0c63cbd409c8022691691eeb71c498ae9d
Bluemix Container Authorization Controls
Posted Dec 9, 2016
Authored by Oscar Martinez

Bluemix containers have a broken access control that allows auditors to create and delete containers.

tags | exploit, bypass
SHA-256 | 5361bc58eb49d848041e13a58579112aef13c8028f6142f81c64cb0029862f79
Microsoft Internet Explorer MSHTML CDispNode::InsertSiblingNode Use-After-Free
Posted Dec 9, 2016
Authored by SkyLined

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9.

tags | exploit, web
advisories | CVE-2013-1309
SHA-256 | 54b341fddfea2f1cf14653a7fcdc53aab898df52cede73893904cd4655d53ec1
Roundcube 1.2.2 Command Execution
Posted Dec 9, 2016
Authored by Robin Peraglie

Roundcube version 1.2.2 suffers from a command execution vulnerability via email.

tags | exploit
SHA-256 | c33ac8a7ad33eb2dedca6d6c33967345233c61a99ebffb04c4373835fe6c8ff6
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close