3360 matches found
EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open denial of service...
openSUSE Security Update : dropbear (openSUSE-2016-393)
This update for dropbear fixes the following issues : - dropbear was updated to upstream version 2016.72 - Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. - used as bug fix release for...
openSUSE Security Update : dropbear (openSUSE-2016-387)
dropbear was updated to 2016.72 to fix the following issues : Changes in dropbear : - updated to upstream version 2016.72 - Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. - used as bug...
CCTV-DVR Vendors - Remote Code Execution
Exploit for hardware platform in category remote exploits !/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems...
Multiple CCTV-DVR Vendors - Remote Code Execution
!/usr/bin/python Blog post: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html ''' Vendors List Ademco ATS Alarmes technolgy and ststems Area1Protection Avio Black Hawk Security Capture China security systems Cocktail Service Cpsecured CP PLUS Digital Eye'z no website...
Shocker - A tool to find and exploit servers vulnerable to Shellshock
A tool to find and exploit servers vulnerable to Shellshock Help Text usage: shocker.py -h, --help show this help message and exit --Host HOST, -H HOST A target hostname or IP address --file FILE, -f FILE File containing a list of targets --port PORT, -p PORT The target port number default=80...
Ubuntu: Security Advisory (USN-2930-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2931-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2931-1 advisory. Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local...
Digium Asterisk Open Source Denial of Service Vulnerability
Asterisk Open Source is an open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR and so on. A denial of service vulnerability exists in Digium Asterisk Open Source that allows remote...
DEBIAN-CVE-2016-2316
chansip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of...
CVE-2016-2316
chansip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of...
CVE-2016-2316
chansip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of...
UBUNTU-CVE-2016-2316
chansip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of...
CVE-2016-2316
chansip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of...
CentOS Update for sos CESA-2016:0152 centos6
Check the version of sos SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882390";...
RedHat Update for sos RHSA-2016:0152-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : sos (RHSA-2016:0152)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2016:0152 advisory. The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used...
Scientific Linux Security Update : sos on SL6.x (noarch) (20160209)
An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the...
DLA-412-1 linux-2.6 - security update
Bulletin has no description...
Authentication Prompt Not Honoring Inactivity/Session Timeout Values on XenMobile
Authentication prompt is not honoring inactivity timeout value XenMobile 9.0 or the session timeout value specified XenMobile 10.0...