CVE-2016-1017

Related Files

NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow

Posted Mar 24, 2017

Authored by Pedro Ribeiro | Site metasploit.com

The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force it. Brute-forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be brute-forced. This Metasploit module implements both modes, and it works very reliably. It has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with hardware revisions v4 and v3, but this has not been tested - with these routers it might be necessary to adjust the LibcBase variable as well as the gadget addresses.

tags | exploit, overflow

advisories | CVE-2016-10174

SHA-256 | 9a070ce74f71e2662326a2f24f0e886e3c26c8510e555c2e622810bbc7f545ed

Download | Favorite | View

Gentoo Linux Security Advisory 201702-32

Posted Feb 23, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-32 - Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack. Versions prior to 0.6.1 are affected.

tags | advisory, ruby

systems | linux, gentoo

advisories | CVE-2016-10173

SHA-256 | 157e690b127e197b5e2dc69bc809ae8b72ef330c005521c03a4cf6eaf39f4814

Download | Favorite | View

Debian Security Advisory 3778-1

Posted Feb 1, 2017

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3778-1 - Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

tags | advisory, arbitrary, ruby

systems | linux, debian, osx

advisories | CVE-2016-10173

SHA-256 | c28a74b1d780091d7e74cf192097bf7172364ae67c4a0e3192e81a82c7b905b9

Download | Favorite | View

Netgear WNR2000 Remote Code Execution

Posted Dec 21, 2016

Authored by Pedro Ribeiro

Netgear WNR2000 suffers from a remote code execution vulnerability and various other security issues.

tags | exploit, remote, code execution

advisories | CVE-2016-10175, CVE-2016-10176, CVE-2016-10174

SHA-256 | 4d840ad95b6a4e6ffcfbdc06d54203748e463cde9adb5d6be5be3a975216ee2e

Download | Favorite | View

Red Hat Security Advisory 2016-0610-01

Posted Apr 8, 2016

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0610-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.616. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability

systems | linux, redhat

advisories | CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033

SHA-256 | 5145ad8c00fcfd2b59e1d57411a22febeb7e651b05d88217b455d025ff236f82

Download | Favorite | View