This archive contains all of the 196 exploits added to Packet Storm in March, 2016.
d093079b55b06f839563e299e2afaca202893967c70cd3b239df4d2fda022fbaThe included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
334ccb9b33707106918a652ebdbd6d7df094cb52fd14eb8f7403eeb469b3b0e0The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crash is due to accessing memory past the end of a buffer.
d1cb75bbdfdf9855ca5d70385b89f109e579981fd6cb4edadbfa504aac5e36b2There is a use-after-free in URLStream.readObject in Adobe Flash. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls URLStream.close, the URLStream will get freed, and then the deserialization function will continue to write to it.
ff1259c633764b7a4794d5334683a4bcf01d89145f1bfec987f03e966c7618a2There is a use-after-free in the TextField.maxChars setter in Adobe Flash. If the maxChars the field is set to is an object with valueOf defined, the valueOf function can free the field's parent object, which is then used.
7a1e6f0aefd065fa5598d8e14351aaea609229d3aa442245f79ee5456d6b33c4The included proof of concept causes a crash in ih264d_process_intra_mb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method.
59a02eb3367da1b1cbaf20e9656c62e0fd3ded3ac84bdcccdb5cbdcde3f810f7If Color.setTransform in Adobe Flash is set to a transform that deletes the field it is called on, a use-after-free occurs.
737d1b4bab2ed50a128829549d0ea0aa7f0ecba5a9bab13ad24a45666ea8d406Red Hat Security Advisory 2016-0559-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.6 will be retired as of March 31, 2017, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 AMC after March 31, 2017.
7d68b925f8cb713841006e249946a6789bc05c5031cb7f8cc3a37757bb91f01eRed Hat Security Advisory 2016-0560-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017.
c664a2d20d7ee0823c6292716e3916179de18d0e4adda22b2c29310a26202a3bRed Hat Security Advisory 2016-0562-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.
2655836bc2204fb265cc9f8b85879dfa1d2fdb3ec038d14c4e6cec8137c21321Red Hat Security Advisory 2016-0561-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11. On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content.
91533c2bad8d9ed6c96f8f214db246f86dc81281bb910b5c1e3dc74af1f4df0eGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71A crash was identified due to a heap-based out-of-bounds read in dissect_pktc_rekey in an ASAN build of Wireshark (current git master).
93a4808c441dbf02e3bcec2b1fdffc008dfac829b696e947e5d12a260c6205caDebian Linux Security Advisory 3538-1 - Several vulnerabilities were discovered in libebml, a library for manipulating Extensible Binary Meta Language files.
39c6a3fab0de7faddc8189fbbd01277c0f30a5f09240794bbd902220ab8d8687Debian Linux Security Advisory 3537-1 - Several vulnerabilities were discovered in imlib2, an image manipulation library.
a20b9641219d95d6c6bbcf70623077f6692dca4d2772e1fa8b0698d971aed5f2Debian Linux Security Advisory 3536-1 - It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly.
5603cf038dfd2250e1bfaae80fffa49117662dbb4e18b0767102441c249a407ePython 2.7 iOS application version 1.5.4 suffers from a filter bypass issue that allows malicious script code to get inserted client-side.
a161f8220be483fe7a2af4cd5063c1b5f1b13d3060bdaf67a7d68bc4f2da5401TrendMicro's SSO suffers from a redirection and session theft vulnerability.
ac729a0d170ca203d8814d0ff62db8f0910eb3bad1e9b83558ea18573e4116d8Dorsa Web CMS from 2016 Q1 suffers from a remote SQL injection vulnerability.
c5c460a5f06a7786f694a9a63c726dfb56f13f0ed4ebbf7e22cbd3eef3b45879Cades 2016Q1 suffers from a remote SQL injection vulnerability.
78d7523cb708ba1446641be2eb80c8533e481b323449e80fb631f44a67da4c67Docker UI version 0.10.0 suffers from a persistent cross site scripting vulnerability.
85ee6b9462b541484f64eee8f2b169fab832b665c6ae3f15bf79b69a02654902Docker UI version 0.10.0 suffers from multiple client-side cross site request forgery vulnerabilities.
b4d7324519ddf8297c64165148914552a35bffa722466cd2b47aa7ead6d27d90Hi Technology and Services CMS suffers from a remote SQL injection vulnerability.
66da3d2b5f4c877057dea583169ceddc3bfe66aa44165d7e21cf044f8ba22bc3Patron Info System suffers from a remote SQL injection vulnerability.
76ff19fbd099b36ee2e379f795c4e402443be656f01e2d1d40744485debd52ebPHP version 5.5.33 suffers from an invalid memory write condition in phar on filename with \0 in the name.
43a4d61e916b58b06008a308be6ad7855caf740234f5025fedc517eb22381d33
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed