what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 35 of 35 RSS Feed

Files Date: 2015-11-17 to 2015-11-18

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow
Posted Nov 17, 2015
Authored by LiquidWorm | Site zeroscience.mk

TECO TP3-PCLINK version 2.1 has a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TPC file. Successful exploitation could allow execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
systems | linux
SHA-256 | 4778282fac2ab5abb25a2673b573310bfa0f672266d7d8e650fd6ed1fd4de623
Kaspersky Antivirus Certificate Handling Path Traversal
Posted Nov 17, 2015
Authored by Tavis Ormandy, Google Security Research

When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. The naming pattern for files is {CN}.cer and CN can be modified to perform path traversals.

tags | exploit, web
systems | linux
SHA-256 | ce9f7093bf60e3752e2176561753c43ff890d74e6e48bcae0af1b4f25757ad05
Microsoft Windows Kernel Win32k.sys TTF Font Processing Buffer Overflow
Posted Nov 17, 2015
Authored by Google Security Research, mjurczyk

A number of Windows kernel crashes in the win32k.sys driver exist while processing a specific corrupted TTF font file. This finding documents an overflow with a malformed TrueType program.

tags | exploit, overflow, kernel
systems | linux, windows
advisories | CVE-2015-6104
SHA-256 | aa2c793abdcbae42410e9648120375bbbf61f199aadac00919c7cae1a9e4ac95
Red Hat Security Advisory 2015-2065-01
Posted Nov 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2065-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance or potentially execute arbitrary code on the host.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2015-5279
SHA-256 | de0087d5a5cfeeba9f78eba8af0424b13cc04b6e7c045f4320f4621d4e647a83
Ubuntu Security Notice USN-2812-1
Posted Nov 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2812-1 - Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-1819, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035
SHA-256 | 0b86195a4b80085fc469924f41acb3926e9c8feb49034bd78a19922cf368ba60
Ubuntu Security Notice USN-2811-1
Posted Nov 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2811-1 - It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-8023
SHA-256 | cedd835165495eb42046d51aaed53a6e2ccfee791e9984ef39a9b1329c72cf1d
FreeType 2.5.3 Type42 Parsing Use-After-Free
Posted Nov 17, 2015
Authored by Google Security Research, mjurczyk

A use-after-free condition has been encountered in FreeType while fuzzing Type42 fonts. Version 2.5.3 is affected.

tags | exploit
systems | linux
advisories | CVE-2014-9661
SHA-256 | f0ddade4f563e81601505e4c49d519629a1f9cb5f6e95c61b4ed5f44b810a101
Kaspersky Antivirus ZIP File Format Use-After-Free
Posted Nov 17, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing the ZIP file format found multiple memory corruption issues, some of which are obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.

tags | exploit, remote, code execution
systems | linux
SHA-256 | fc8862117299fd338cb8bbf77d3ccb922e26861f2ef48f8fe569ea1fedea5e5b
Kaspersky Antivirus Multiple Memory Corruption Issues
Posted Nov 17, 2015
Authored by Tavis Ormandy, Google Security Research

Kaspersky Antivirus suffers from multiple memory corruption issues.

tags | advisory
systems | linux
SHA-256 | 40d39044a86196b76ab3036cb625cd7d59575c7d6b723cfe1570dbcc20ce34ff
FreeType 2.5.3 Mac FOND Resource Parsing Out-Of-Bounds Read From Stack
Posted Nov 17, 2015
Authored by Google Security Research, mjurczyk

FreeType version 2.5.3 suffers from an out-of-bounds read vulnerability.

tags | advisory
systems | linux
advisories | CVE-2014-9672
SHA-256 | 19a465fb149c153359231377528dcfd4a781be9ac202c0ef5348e78ab49ed1e7
Page 2 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close