what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-06-02

EMC Isilon OneFS Privilege Escalation
Posted Jun 2, 2016
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Versions 7.1.0.x, 7.1.1.x, 7.2.0.x, and 7.2.1.x are affected.

tags | advisory
advisories | CVE-2016-0908
SHA-256 | 6f0b68c8e751cd424b8972c582ad8a92974e1b77ee9b99dedb2a55505e8f9b38
Samhain File Integrity Checker 4.1.4
Posted Jun 2, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 5d0b57d29a32f76c996cc91d4b94ab498c193d6711fdde7eea60752b695f004f
HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
SHA-256 | 55b881f2a237e07f9560dcebcf5f78996c72fe03931da60fb9afbd2da087871d
Nagios XI 5.2.7 Code Execution / SQL Injection / Privilege Escalation
Posted Jun 2, 2016
Authored by Francesco Oddo | Site security-assessment.com

Nagios XI versions 5.2.7 and below suffer from command execution, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | b2bc3fb56452aab55e4934f25cfa1f170bf9d3121cfb3cd553f7362614ce86bb
Debian Security Advisory 3593-1
Posted Jun 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3593-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483
SHA-256 | cc51ad5824aa3a1fca661eea143d36a8c5e77ab3e0e2d8a44019befef9700dc1
Red Hat Security Advisory 2016-1201-01
Posted Jun 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1201-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.79. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1696, CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703
SHA-256 | 78159a6f0bf85dce99470832c2d8b9478ff09799fd17a3ba47b49663cfd97e2f
Ubuntu Security Notice USN-2991-1
Posted Jun 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2991-1 - It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4450
SHA-256 | 7b76181d9ee7767473b5043115eb685538577b078986740e6f047b3c64a9826a
Ubuntu Security Notice USN-2990-1
Posted Jun 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2990-1 - Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718, CVE-2016-5118
SHA-256 | 73f21e3761ff9c2c84217f7d140aa28af93ba5bd5e170c1b968c4697b5b4030e
HP Security Bulletin HPSBMU03607 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol, csrf
advisories | CVE-2008-5161, CVE-2014-3566, CVE-2015-0705, CVE-2015-1789, CVE-2015-1791, CVE-2015-3194, CVE-2015-5600, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | 0fcaa98109f349b0cc14e9fe32a0f10dcbf38053afd926747b325159bfe4984a
Liferay 6.2.3 CE GA4 OpenID XXE Injection
Posted Jun 2, 2016
Authored by Sandro Gauci

Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.

tags | exploit, xxe
SHA-256 | 4af9bc5284a2717eed36c719d395c99e7caa71650223cbe9e5ba3e327bfa0e63
rConfig 3.1.1 Local File Inclusion
Posted Jun 2, 2016
Authored by Gregory Pickett | Site hellfiresecurity.com

rConfig versions 3.1.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | e9527ef095ee289314dcf815489ccfdfa8ec90419bc3a1c7c408fd0d5795eada
Babylon Translator Cross Site Scripting
Posted Jun 2, 2016
Authored by Francisco Javier Santiago Vazquez

Babylon Translator suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 437506dc14a1742e3d449c69b8d154fb0b8582bb4cb44e1d81df1db63e91d579
Zoho OpManager Cross Site Request Forgery / Cross Site Scripting
Posted Jun 2, 2016
Authored by d_fens

Zoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | eae2145c0ed41f7d44488933e7445821a3ebb25930df4a2b72a808b44cb90eba
Ubee EVW3226 Missing Authentication / File Upload / Buffer Overflow
Posted Jun 2, 2016
Authored by Manuel Hofer | Site sec-consult.com

Ubee EVW3226 advanced wireless voice gateway suffers from missing authentication, plaintext secret storage, faux encryption, and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 136d8d9b98223d40e7c03d66c3a2abc0fba9f39ac558264913751097548b20bb
Ansvif 1.5.1
Posted Jun 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes drafted manpages for ansvif and find_suid, plus binaries rebuilt on Debian Jessie for i386 and amd64. No changes to the Windows release were made.
tags | tool, fuzzer
systems | unix
SHA-256 | 137f4129bf84d136fdaf3188611d5b02c8a2b428fdba539491a493f4dc8dd450
Microsoft Windows Forced Firewall Bypass
Posted Jun 2, 2016
Authored by coolervoid

This is a local proof of concept that simulates a keystroke to allow access when a firewall dialog comes up.

tags | exploit, local, proof of concept
SHA-256 | c1ee2b17cf0a5c1f567e375498763b8bbf6dcc1875ca919554fc51a2f74489ee
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close