Zenphoto version 1.4.10 suffers from a local file inclusion vulnerability.
ba42a64f94000d69b626766f98ef6b4343b2f83d132187d08702aa0bd5872bc9Zenphoto version 1.4.10 suffers from a cross site scripting vulnerability.
338d643e05d21281ce75b48a02bfc8bdfb08fcf3781a74cdae576f570735dc5bBSides SF is soliciting papers and presentations for the 2016 annual BSidesSF conference. It will be held at the DNA Lounge, 375 11th Street, San Francisco, CA, USA on February 28th through the 29th, 2016.
a01bad96a7b093f975eee9e0b3153eb0bc964a25403799a73f7af2b9fd91e4c4Ubuntu Security Notice 2823-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
b571488b07c4a6634118c61047b479fdea699b8487c5473f9b60f7ecedacf73dDebian Linux Security Advisory 3408-1 - It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack.
34b8d58d97aa8a0f0267eb11b913d08c670a42fbf209c0304872f17c07ad3d02Red Hat Security Advisory 2015-2534-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
82e69af8562a6d2beda47ff7c64a29f5a548afef72a77b9a2f379497188dc9cfRed Hat Security Advisory 2015-2535-01 - Red Hat JBoss Enterprise Application Platform 5 is a platform for Java applications based on JBoss Application Server 6. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
1d209b80d89f5aac30e613d9f23c5927d34aaa7cb1d78b9d220eee948bbc03a0Local root exploit for Redhat Enterprise Linux versions 7.0 and 7.1 that leverages abrt/sosreport.
b790341fd59ae2e5d21dff21d1b31498f965eaa89caf7d3d86a361acf552509dCentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.
2e6ff628343956da9862f4ece546ad0fa5bec7f2f3e42781031bd4c8eee3ff37Kodi 15 reintroduced an arbitrary file access vulnerability.
e05d978031114d81d6708e335f10396cc3db95a485c34cededae537acb52519aRed Hat Security Advisory 2015-2525-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 was retired on November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
ba29dbf063299e831b083948a06044c9e23cff9bdfa922b9dfec4d8cdc6844dcUbuntu Security Notice 2819-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
a311c779f9fd27a3a7bb5fd804f6f177902aee369fc6236ab5b3d629b731ef65This archive includes presentation slides for the talk VoIP Wars: Destroying Jar Jar Lync along with the Viproxy tool used to perform the attack.
7c10f7a577fbea0fc76921b0346d6dd57980d6c5773f75f34712eadc6b092e2eHuawei Wimax routers suffer from cross site request forgery, information disclosure, and system manipulation vulnerabilities.
665c198903c1a2084546365ee984482cf859f3ed18d69b64ac380d553c6da03cThis archive contains 190 exploits that were added to Packet Storm in November, 2015.
d6d0c6276b2fafc1b461728be0f139b590d4ce0965f02cb1e6192125de6aeedb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed