exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-03-10

Apple Security Advisory 2015-03-09-4
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof
systems | apple
advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390
SHA-256 | 4a50eb3c136fe092fc8abd8396cccba8eb128f4a15cfe7c70ec4f0d941b01848
Apple Security Advisory 2015-03-09-3
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-3 - Security Update 2015-002 is now available and addresses buffer overflow, off-by-one, type confusion, and secure transport vulnerabilities.

tags | advisory, overflow, vulnerability
systems | apple
advisories | CVE-2014-4496, CVE-2015-1061, CVE-2015-1065, CVE-2015-1066, CVE-2015-1067
SHA-256 | e2669321cbe28cd46bc8bf178977f84d20bc7697a29a74b80c2fe27664e28606
Apple Security Advisory 2015-03-09-2
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-2 - AppleTV 7.1 is now available and addresses folder creation, code execution, and tls-related vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2015-1061, CVE-2015-1062, CVE-2015-1067
SHA-256 | 020635beec9890ce5aa20321ca3adb375938c809061e1d9e83912740301fc4d9
Apple Security Advisory 2015-03-09-1
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-1 - iOS 8.2 is now available and addresses null pointer dereference, code execution, buffer overflows, and various other vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2015-1061, CVE-2015-1062, CVE-2015-1063, CVE-2015-1064, CVE-2015-1065, CVE-2015-1067
SHA-256 | 27df9c1ac94771e9e6eb1dc3ad8678e46015149a7920b10087847b58166e23f9
Kguard SHA104 / SHA108 Bypass / Command Injection
Posted Mar 10, 2015
Authored by Federick Joe P Fajardo

Kguard SHA104 and SHA108 DVRs suffer from command injection, insufficient authentication and authorization, password disclosure, denial of service, and missing transport security vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
SHA-256 | 23f967513908ed1865432be70dd6383e588399ac116ed776c4f95b7a093d52b3
Codoforum 2.5.1 Arbitrary File Download
Posted Mar 10, 2015
Authored by Kacper Szurek

Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2014-9261
SHA-256 | 2511ecea404416465ad294b78f8909c3c96ecbc68f034d3db2a6724194814c4d
WordPress Fraction Theme 1.1.1 Privilege Escalation
Posted Mar 10, 2015
Authored by Evex

WordPress Fraction Theme version 1.1.1 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 514f51682d65cc17a08cfd688cea64b4379893537219d8ead242db19b88559cb
Manage Engine AD Audit Manager Plus Cross Site Scripting
Posted Mar 10, 2015
Authored by Harish Ramadoss

Manage Engine AD Audit Manager Plus versions below build 6270 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1026
SHA-256 | 4735134ce9bdd039e2630ec69133cc374c5e9bd945eade4e8fdf2b899bfb27a2
Ubuntu Security Notice USN-2521-1
Posted Mar 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2521-1 - Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216, CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221, CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231, CVE-2015-2238
SHA-256 | 8228ded3f488ccaf7fc494acaa20c51cf96f6f0b497bb4cff582aca2be4eae86
Ubuntu Security Notice USN-2523-1
Posted Mar 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2523-1 - Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228
SHA-256 | b5a9d704b449f39d01062d26900f37e7a1d8336e27bd24dc58719568e3d644a3
Mandriva Linux Security Advisory 2015-057
Posted Mar 10, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-057 - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat expression, a different vulnerability than CVE-2013-7421. net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. The updated packages provides a solution for these security issues.

tags | advisory, remote, arbitrary, kernel, local, udp, crypto, protocol
systems | linux, mandriva
advisories | CVE-2013-7421, CVE-2014-8160, CVE-2014-9644
SHA-256 | c7e15d90dbbc5bc9948f7f6bf42febec7ed38b4fea44c971f7d0404e8e4aa6c6
Cisco Security Advisory 20150309-rowhammer
Posted Mar 10, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system. In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory. Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.

tags | advisory
systems | cisco
SHA-256 | 2286a26f9db59216dc28aa29c4974718f3954d05d690b1c38ef155ef3fd79790
tcpdump 4.7.2
Posted Mar 10, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | f59a2bb77612a1392973ecf1ee165028abf5c151e04ae3999b98f94fd9d04ae7
Varnish Cache 4.03 Buffer Overflow
Posted Mar 10, 2015
Authored by Filip Palian, Marek Kroemeke, Akat1

Varnish Cache version 4.0.3 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2b10a0518f442a736ea3e86364fcb47251a1b0e1853674a11d5a6b920b9b9cd1
tcpdump Denial Of Service / Code Execution
Posted Mar 10, 2015
Authored by Michael Richardson

tcpdump versions prior to 4.7.2 suffer from denial of service and code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 424e9f605486e00763107ba04d05715cae9df6c2c581eb92b22d3a813d361721
libpcap 1.7.2
Posted Mar 10, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Changes: Various bug fixes.
tags | library
systems | unix
SHA-256 | 1a4abc1f268b68f97e69a497f53695c9acc7a13f1d522a4d940dea276e6698ae
NaCl Sandbox Escape For Rowhammer
Posted Mar 10, 2015
Authored by Mark Seaborn

This is a proof-of-concept exploit that is able to escape from Native Client's x86-64 sandbox on machines that are susceptible to the DRAM "rowhammer" problem. It works by inducing a bit flip in read-only code so that the code is no longer safe, producing instruction sequences that wouldn't pass NaCl's x86-64 validator. Note that this uses the CLFLUSH instruction, so it doesn't work in newer versions of NaCl where this instruction is disallowed by the validator.

tags | exploit, x86
systems | linux
SHA-256 | e6593966ab188ce0527192162955cdd9d0be2836c92fe8c8ae35f4c97e8dbe65
Digital Whisper Electronic Magazine #59
Posted Mar 10, 2015
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 59. Written in Hebrew.

tags | magazine
SHA-256 | eafa4d0c3a8021a1d6a02757f60b4399c4a174f1d25cbefc012d42adf9dfa6ae
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close