what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2016-02-25

Debian Security Advisory 3491-1
Posted Feb 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1523, CVE-2016-1930, CVE-2016-1935
SHA-256 | da789ff35efec29f4e4ba6d3ad8fcb7147acd2e8c11c35d4d42e58f5405efaec
Apache Xerces-C XML Parser Buffer Overflow
Posted Feb 25, 2016
Authored by Gustavo Grieco

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.

tags | advisory, remote, denial of service, overflow, code execution
advisories | CVE-2016-0729
SHA-256 | f78b373fd91beab5983d07e6a0808ff4c3c1af8dbb9cbeb69a728c93b7f28a6d
Open Web Analytics 1.5.7 Cross Site Scripting
Posted Feb 25, 2016
Authored by 1N3

Open Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 9826ef468507dad63ad72b499b5f63fa30e841d17b63f398c4f0bb78be5d5099
IP-Array IPTables Firewall Script 1.1.0
Posted Feb 25, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: ipset sets can now be defined in xml. Besides creating sets and adding elements, whole sets can be imported from a file saved in ipset xml output format and elements can be imported from a regular file. This new features also have been built into the interactive mode, allowing the set manipulations to be done in a wizard based manner. The interactive mode and the xml parser have been improved. Minor other tweaks have been done. Some documentation bugs were fixed.
tags | tool
systems | linux, unix
SHA-256 | 5bbc72085a6544c6a411a4a568ee423b7d260fdbef9ffbeca2cc4f4cebc20ba9
JSN PowerAdmin 2.3.0 Code Exection / CSRF / XSS
Posted Feb 25, 2016
Authored by RatioSec Research

JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
SHA-256 | 52695b93ab343b3468cd352906fc52305c66d72e1dc525d9bcd653d77d405702
WordPress User Submitted Posts 20151113 Cross Site Scripting
Posted Feb 25, 2016
Authored by Panagiotis Vagenas

WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ed9820128cacf907158c375e09ab3a252f3645fb8fed827c1e752230a084a0f8
Magento 1.9.2.2 RSS Feed Information Disclosure
Posted Feb 25, 2016
Authored by EgiX

Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.

tags | exploit, info disclosure
advisories | CVE-2016-2212
SHA-256 | 01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37
Linux io_submit L2TP Sendmsg Integer Overflow
Posted Feb 25, 2016
Authored by Google Security Research, hawkes

In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.

tags | exploit, overflow, kernel, local
systems | linux
SHA-256 | 4e8facb5af3635bb5a75286e2815b09aff43b1be7ba523d3b34d41c5a7c53bed
Wireshark Vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow
Posted Feb 25, 2016
Authored by Google Security Research, mjurczyk

A crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit, overflow
systems | linux
SHA-256 | a7fdbcbd73763761e1e07330bb5c8d3c8ae31713eeb2d4a7465c6ef3bbf98840
Ubiquiti Networks UniFi 3.2.10 Cross Site Request Forgery
Posted Feb 25, 2016
Authored by Julien Ahrens

Ubiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | ce6b8f6b7d6df9b959e6dc54e07373ec0465accd0d4c1c0b4ce70674fb6f11ce
ManageEngine Firewall Analyzer 8.5 SP-5.0 Cross Site Scripting
Posted Feb 25, 2016
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 358c9090c7ae34b10cce327c19668cc4988fd2e24d1d402f559975a3cfdbbf06
GTA Firewall GB-OS 6.2.02 Script Insertion
Posted Feb 25, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

GTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.

tags | exploit, local
SHA-256 | 4cd215368c415a6cbaf6fb3acfa8229e1e2cc4e04a4c7a02b548cec34d49bd1c
Ubuntu Security Notice USN-2903-2
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1938
SHA-256 | d3283200efa890107e2802a18cd81e5fbdacb3975b6da21cb9ccb7a1f29a4936
Ubuntu Security Notice USN-2912-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-3146, CVE-2016-0739
SHA-256 | 64e90d7f17cf676e3947fb61a36d15d6f07e6deabaa7f62a7ebfb2162dfd9513
Debian Security Advisory 3490-1
Posted Feb 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3490-1 - Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.

tags | advisory, remote, web, xss
systems | linux, debian
advisories | CVE-2016-2511
SHA-256 | 53a4c90ad8a733d951c85c8ee6e8ca7778459df6598921af5feb70eb94121a26
Ubuntu Security Notice USN-2913-3
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-3 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
SHA-256 | c198e28b8b59a884388a1eb27d838210f90932ae75ee1fec0af1b5491d053ce9
eFront Learning CMS 3.6.15.6 Cross Site Scripting
Posted Feb 25, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.

tags | exploit, xss
SHA-256 | 85f17b5db889a6f5d1dc69715ae65751c63987fc043b34df2c9e9777cc172f26
eFront Learning CMS 3.6.15.6 Cross Site Scripting
Posted Feb 25, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.

tags | exploit, xss
SHA-256 | 6cb381140d19e5e549ed59d0d3373cadd6f8e834f072df94ed2fce950508a98c
Ubuntu Security Notice USN-2913-2
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-2 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
SHA-256 | ab7659c100784f51078d656f5d345f4d76baef12693db5a63459b0ecdd936ce0
Ubuntu Security Notice USN-2913-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.

tags | advisory
systems | linux, ubuntu
SHA-256 | e999003563be7de56a36e34886410351bc8b531a564823c40bcc8d3ad252c3e4
Ubuntu Security Notice USN-2913-4
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-4 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
SHA-256 | c162bdcdced611e7f10d60d6e0fdfecbf8f5e319ae04425626daf30a3d3d9073
Slackware Security Advisory - ntp Updates
Posted Feb 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-5300, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
SHA-256 | 37713e13555f43d3a710763934080ccf84cfd0f0cb9b3f3824fd084a85878b2c
Slackware Security Advisory - libgcrypt Updates
Posted Feb 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3591, CVE-2015-7511
SHA-256 | 73a3deca2a05e8acdc01fcb8f5f2055eb21d39018b48ffb888c23cb70541b822
Ubuntu Security Notice USN-2905-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2905-1 - A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1629
SHA-256 | 1010082f4b4515fb23965355c4cddcf093a1901472ec01c0a096ad3afd55fc5f
InstallShield DLL Hijacking
Posted Feb 25, 2016
Authored by Stefan Kanthak

InstallShield suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 4c5735bf0c7180106c89369ae626f03213246d7d0d90f51d7b872e835b3c3bf3
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close