exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-03-25

Apache OpenMeetings 3.0.7 Arbitary File Read
Posted Mar 25, 2016
Authored by Andreas Lindh

When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, java, arbitrary, protocol
advisories | CVE-2016-2164
SHA-256 | c8dd487b97e1b03e9a3818c01b947705ae5bdeec150494b208e77bfa5c1dd41f
Apache OpenMeetings 3.0.7 Cross Site Scripting
Posted Mar 25, 2016
Authored by Andreas Lindh

When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, javascript
advisories | CVE-2016-2163
SHA-256 | ae142c09b3506f6a2df2eff1b29727a0f7f4ac41ab39eacb5ce1d1505fe8e1a3
Apache OpenMeetings 3.1.0 MD5 Hashing
Posted Mar 25, 2016
Authored by Andreas Lindh

The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user. Apache OpenMeetings versions 1.9.x through 3.1.0 are affected.

tags | advisory
advisories | CVE-2016-0783
SHA-256 | e8013d35e67485ede2f2a96963a7acebaa5a2d152f1ac777a282f195dd67f09b
HP Security Bulletin HPSBGN03563 1
Posted Mar 25, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03563 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in local or remote Denial of Service (DoS) and local disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, remote, denial of service, local, vulnerability
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797
SHA-256 | 57d02e5956b8e30e3dcc52080b4967e3e1c4122e0888e933cc4d3579340a64cc
HP Security Bulletin HPSBMU03562 2
Posted Mar 25, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03562 2 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.

tags | advisory, java, code execution
advisories | CVE-2016-1998
SHA-256 | 582059f3157f5288f539b5a0198aa639f4e5be8cb75df46d07a3774d77273937
Ubuntu Security Notice USN-2942-1
Posted Mar 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2942-1 - A vulnerability was discovered in the JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
SHA-256 | 03ba63fb82bc9f80a8737b4266fdcf5b1c758da341d6916e0066286df907ff6c
Red Hat Security Advisory 2016-0514-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0514-01 - The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit, OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | d2c7ba18b9ab841d36650848f97e0bcdc94f44f76bd5ae2a2eb845f825938652
FireEye Malware Input Processor Privilege Escalation
Posted Mar 25, 2016
Authored by Tavis Ormandy, Google Security Research

The mip user is already quite privileged, capable of accessing sensitive network data. However, as the child process has supplementary gid contents, there is a very simple privilege escalation to root.

tags | exploit, root
systems | linux
SHA-256 | 5b5d78147822a04ece55e3ad4dc78e4634f5ee4ab840d7ead31f0b0e6099d778
Android One Privilege Escalation
Posted Mar 25, 2016
Authored by Google Security Research, Mark Brand

The wireless driver for the Android One (sprout) devices has a bad copy_from_user in the handling for the wireless driver socket private read ioctl IOCTL_GET_STRUCT with subcommand PRIV_CMD_SW_CTRL. This ioctl is permitted for access from the untrusted-app selinux domain, so this is an app-to-kernel privilege escalation from any app with android.permission.INTERNET.

tags | exploit, kernel
systems | linux
SHA-256 | f09afcb089991f9bdfe7878694f1b4aa53a78b0716b0db1d420fbf8364088819
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Mar 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 3f5f9bd87dcf5f48f2a28b9d1483b03c9c6ba6a16a660b4be8e0892fa953dbc9
Red Hat Security Advisory 2016-0515-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0515-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 7 Update 99. Security Fix: This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | 8ac9769de79b1fb68d57e6e33f362f3fe6eb4617429467e0b04c83b33674fdc8
Red Hat Security Advisory 2016-0512-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0512-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | 482fbf87dc29f140a894ff589433aecefe45a4f8423e9a530ffcbb5c2eeb8e91
Red Hat Security Advisory 2016-0516-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0516-01 - The Java Runtime Environment contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 8 Update 77. Security Fix: This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | bc05b0bfdaa20ecc5141ea9df9eb9e268d4e1672946326b3976b8fdee70c1fe1
Red Hat Security Advisory 2016-0513-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0513-01 - The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit, OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | ef42d725d6c3979f8e8ba812004915f3a2c15422e59371dbfb0e3b2a98583a84
Red Hat Security Advisory 2016-0511-01
Posted Mar 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0511-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-0636
SHA-256 | 5ad8f45a876939a92eae412eed9d2c5a00a149874ad1c5e459428f53c07f7b29
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close