This Metasploit module triggers a stack buffer overflow in Wireshark versions 1.8.12/1.10.5 and below by generating an malicious file.
c1d1883ef4ffcc01f9e239f60c1474e6This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.
5e92458e6004639f97065439cc18b2baHP Security Bulletin HPSBMU03017 2 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 2 of this advisory.
ef84200786ec191e733715c33de5b956VideoWhisper version 7 for Drupal suffers from a cross site scripting vulnerability.
420ae5908f83a2a2be00b7009860fe51Depot WiFi version 1.0.0 for iOS suffers from code execution and local file inclusion vulnerabilities.
89ce18d0f4c5d07f5485e2204b90e74bGeoCore MAX DB version 7.3.3 suffers from a time-based remote blind SQL injection vulnerability.
fa87c2b7acee25605a4406675eed639aHP Security Bulletin HPSBMU03023 - A potential security vulnerability has been identified in HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. Revision 1 of this advisory.
d7bb9f8a879ea43726b0ac8ad88bed2cWordPress iMember360is plugin versions 3.8.012 through 3.9.001 suffers from arbitrary code execution, database credential disclosure, arbitrary user deletion, and cross site scripting vulnerabilities.
d359e63a8e1d080f3473c5684422d0e0HP Security Bulletin HPSBST03016 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
1126a2cae8daa899a9c1369058978d5aHP Security Bulletin HPSBMU02895 SSRT101253 2 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 2 of this advisory.
efd2eac43af521cdcc6e83f02166a8d8Debian Linux Security Advisory 2906-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
f613033ad285f2bace4384c533093667Debian Linux Security Advisory 2912-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
39ae53ed3488752c8098bac4c77fe659WordPress Work-The-Flow plugin version 1.2.1 suffers from a remote shell upload vulnerability.
47c3c851c37db9b68fe46d03c70935caKolibri version 2.0 GET request stack buffer overflow exploit that spawns a bindshell on TCP/4444.
f94a81f95f22810ef479da3bbf04f01fInfraRecorder version 0.53 suffers from a unicode buffer overflow vulnerability.
b81093b36ed94c0eea149c99d406ff9fThe WordPress Echelon theme suffers from a remote shell upload vulnerability.
650579ea6f120de4ce14622b61ca22d7xnews version 3-0-0 suffers from a cross site scripting vulnerability.
3881e9a3a6e9cfe722d4473e851a2898Live.com suffered from a UI redressing attack.
7fcd97aa8696696d7a2fc07d09037f8e
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed