Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-03-10

Apple Security Advisory 2015-03-09-4
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-4 - Xcode 6.2 is now available and addresses spoofing and validation checking issues.

tags | advisory, spoof
systems | apple
advisories | CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108, CVE-2014-9390
MD5 | ceeba3930bb6c2a58773fbca5c9e9c18
Apple Security Advisory 2015-03-09-3
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-3 - Security Update 2015-002 is now available and addresses buffer overflow, off-by-one, type confusion, and secure transport vulnerabilities.

tags | advisory, overflow, vulnerability
systems | apple
advisories | CVE-2014-4496, CVE-2015-1061, CVE-2015-1065, CVE-2015-1066, CVE-2015-1067
MD5 | 315f80c6cac1cb9c1fa7eb47021fa34f
Apple Security Advisory 2015-03-09-2
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-2 - AppleTV 7.1 is now available and addresses folder creation, code execution, and tls-related vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2015-1061, CVE-2015-1062, CVE-2015-1067
MD5 | 2968df7b9dd24cceaefa060f29be3339
Apple Security Advisory 2015-03-09-1
Posted Mar 10, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-03-09-1 - iOS 8.2 is now available and addresses null pointer dereference, code execution, buffer overflows, and various other vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2015-1061, CVE-2015-1062, CVE-2015-1063, CVE-2015-1064, CVE-2015-1065, CVE-2015-1067
MD5 | d6a421371829592554d389000772fdc3
Kguard SHA104 / SHA108 Bypass / Command Injection
Posted Mar 10, 2015
Authored by Federick Joe P Fajardo

Kguard SHA104 and SHA108 DVRs suffer from command injection, insufficient authentication and authorization, password disclosure, denial of service, and missing transport security vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
MD5 | f20fc884689c184cccf18719058d8883
Codoforum 2.5.1 Arbitrary File Download
Posted Mar 10, 2015
Authored by Kacper Szurek

Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2014-9261
MD5 | c2bf5aac0d3b57da963d91043cec3f2e
WordPress Fraction Theme 1.1.1 Privilege Escalation
Posted Mar 10, 2015
Authored by Evex

WordPress Fraction Theme version 1.1.1 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | a0741ae2d1b487c26eea75c912598267
Manage Engine AD Audit Manager Plus Cross Site Scripting
Posted Mar 10, 2015
Authored by Harish Ramadoss

Manage Engine AD Audit Manager Plus versions below build 6270 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1026
MD5 | 3bf64d14e1ba5629bedd0683188b587b
Ubuntu Security Notice USN-2521-1
Posted Mar 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2521-1 - Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216, CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221, CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231, CVE-2015-2238
MD5 | a0427210577c5676f612ee976dfdbf15
Ubuntu Security Notice USN-2523-1
Posted Mar 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2523-1 - Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228
MD5 | 9ed9eb3f79c4dfe362cc322800eb476a
Mandriva Linux Security Advisory 2015-057
Posted Mar 10, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-057 - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat expression, a different vulnerability than CVE-2013-7421. net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. The updated packages provides a solution for these security issues.

tags | advisory, remote, arbitrary, kernel, local, udp, crypto, protocol
systems | linux, mandriva
advisories | CVE-2013-7421, CVE-2014-8160, CVE-2014-9644
MD5 | 63e973635ce628aa7f338d79c88eaa2e
Cisco Security Advisory 20150309-rowhammer
Posted Mar 10, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3) synchronous dynamic random-access memory (SDRAM) to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack, the attacker must execute a malicious binary on an affected system. In addition, the research focused on consumer hardware that did not have a number of mitigations and memory protections that have been integrated into chipsets and memory modules used in Cisco server-class products. Of note in the paper is that the researchers were unable, in their testing, to exploit devices that use Error-Correcting Code (ECC) memory. Cisco offers a limited number of products that allow an unprivileged user to load and execute binaries.

tags | advisory
systems | cisco
MD5 | 4595ad69f355387dcc0fd3a20c4b0558
tcpdump 4.7.2
Posted Mar 10, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
MD5 | 5b5c1cc7ef55e08e8f7d66815fdea508
Varnish Cache 4.03 Buffer Overflow
Posted Mar 10, 2015
Authored by Filip Palian, Marek Kroemeke, Akat1

Varnish Cache version 4.0.3 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a6bf0dcb9a016c94f4ef460645eb0ccc
tcpdump Denial Of Service / Code Execution
Posted Mar 10, 2015
Authored by Michael Richardson

tcpdump versions prior to 4.7.2 suffer from denial of service and code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
MD5 | 61a0f5502011e367327a76cbec7c658d
libpcap 1.7.2
Posted Mar 10, 2015
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Changes: Various bug fixes.
tags | library
systems | unix
MD5 | 4747281d4e3ebdb78bc88cdccd3ca5f7
NaCl Sandbox Escape For Rowhammer
Posted Mar 10, 2015
Authored by Mark Seaborn

This is a proof-of-concept exploit that is able to escape from Native Client's x86-64 sandbox on machines that are susceptible to the DRAM "rowhammer" problem. It works by inducing a bit flip in read-only code so that the code is no longer safe, producing instruction sequences that wouldn't pass NaCl's x86-64 validator. Note that this uses the CLFLUSH instruction, so it doesn't work in newer versions of NaCl where this instruction is disallowed by the validator.

tags | exploit, x86
systems | linux
MD5 | a775e7efeb523745c95d154aff727703
Digital Whisper Electronic Magazine #59
Posted Mar 10, 2015
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 59. Written in Hebrew.

tags | magazine
MD5 | ea173ae1634c9511b7f87eb9bd1a9e9c
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close