what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-11

Gentoo Linux Security Advisory 201608-01
Posted Aug 11, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201608-1 - Multiple vulnerabilities have been found in OptiPNG, the worst of which could lead to the remote execution of arbitrary code, or cause a Denial of Service condition. Versions less than 0.7.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2191, CVE-2016-3981, CVE-2016-3982
SHA-256 | 713c5763445c047353969f292116486ba6c02d364774f61852de0cb87506fb2d
Red Hat Security Advisory 2016-1596-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
SHA-256 | 01dc421a3024cf93d2a181c2d77c7cbf33b5392e1fa201d53227350f09ca3849
Red Hat Security Advisory 2016-1595-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1595-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
SHA-256 | 6577b69c7abe4cd79ad8dd56fd8ee2632139dbe9c7f3ac0e400e0e80901f5b24
Red Hat Security Advisory 2016-1594-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1594-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
SHA-256 | 1c6f2dd8a8996a7cc16a614e6641a705da125c0969212573506d95695f96285f
DLL Side Loading In VMware Host Guest Client Redirector
Posted Aug 11, 2016
Authored by Yorick Koster | Site metasploit.com

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

tags | exploit, arbitrary
advisories | CVE-2016-5330
SHA-256 | 77b0507ce09c87acf67f7f51e1ec6e8edf574e2564f337de61f2167599efd712
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
Posted Aug 11, 2016
Authored by Pedro Ribeiro | Site metasploit.com

The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

tags | exploit, remote, web, root, code execution
advisories | CVE-2016-5674
SHA-256 | 4ba89f6c713b97601f4d0f7f4247df8839c79b72366474692143a9ce61a45d08
NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution
Posted Aug 11, 2016
Authored by Pedro Ribeiro | Site metasploit.com

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

tags | exploit, remote, web, root, code execution
advisories | CVE-2016-5675
SHA-256 | c1fe6b091d64c6ffde8067884a1a1cfdb89fc96e74975fa66a11765b3d24a22f
Netcore Router Udp 53413 Backdoor
Posted Aug 11, 2016
Authored by h00die, Nixawk | Site metasploit.com

Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.

tags | exploit, arbitrary
SHA-256 | 23aa19a2ba418a35cd8bbecabd42ee2c073706a9c5dc4bf7724e7a87210b3a29
SAP CAR Archive Tool Denial Of Service / Security Bypass
Posted Aug 11, 2016
Authored by Core Security Technologies, Martin Gallo, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2016-5845, CVE-2016-5847
SHA-256 | e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701
Red Hat Security Advisory 2016-1589-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1589-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
SHA-256 | 6733f1160b68f5ada5d6f2f81311e3e075c0d29441f777b8ff661359a627e3c5
Red Hat Security Advisory 2016-1588-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1588-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
SHA-256 | 27c27208aa5be8b1a89fe1a22fc1a562282fb9c75bce3eab189eee0f89b0486b
Red Hat Security Advisory 2016-1587-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1587-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
SHA-256 | a189b25381cfcc73e81e7fbe0e460d4b1da606b9761665aef85cf8d877ec8c56
Red Hat Security Advisory 2016-1593-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1593-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-3192
SHA-256 | 087f52dac8d83450be6b8dc20e6e4af7bcdd624bfa88cf6d7d4bfeb101401aa8
Red Hat Security Advisory 2016-1592-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1592-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-3192
SHA-256 | fa4b431075d96b8bcf3588ae7c01575665f48a5ed05f0028dfc5ae37a73f7945
Cisco Security Advisory 20160810-iosxr
Posted Aug 11, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.

tags | advisory, remote, denial of service, protocol, memory leak
systems | cisco, osx
SHA-256 | 0f8053bc0738b5eb624d423cfbff6b3798c7960f57b14cc33a6ae35d37855c49
Ubuntu Security Notice USN-3059-1
Posted Aug 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3059-1 - It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2016-6296
SHA-256 | fe827c65180b37f784ff3be0cf56386273be9f11b47187474ee5233beda40434
Ubuntu Security Notice USN-3060-1
Posted Aug 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3060-1 - It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. It was discovered that the GD library incorrectly handled memory when using gdImageScale. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6132, CVE-2016-6207, CVE-2016-6214
SHA-256 | 4ff0941884cc315075d0925f1efa11b66caecf01e8c16df9d940e0a0cdf582ce
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close