exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2015-04-09

Debian Security Advisory 3217-1
Posted Apr 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3217-1 - Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.

tags | advisory, local
systems | linux, debian
advisories | CVE-2015-0840
SHA-256 | 66567458b5c55f0422e2fb70b36cadea666fe817ca19700b553c62b88cca0cbf
Barracuda Firmware 5.0.0.012 Post-Auth Remote Root
Posted Apr 9, 2015
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Barracuda Firmware versions 5.0.0.012 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.

tags | exploit, remote, web, local, root
SHA-256 | 47ed3ef4957c8e0f48670b15bb88acf48f64853701b5565f1f077b80177cbc5a
Comalatech Comala Workflows 4.6.1 CSRF / XSS
Posted Apr 9, 2015
Authored by J. Krautwald, M. Niederwieser | Site sec-consult.com

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b9fca79735e3cc4bf975c510e49bbccd87d29af3072e7048d9b25438a79754e7
Asterisk Project Security Advisory - AST-2015-003
Posted Apr 9, 2015
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.

tags | advisory
advisories | CVE-2015-3008
SHA-256 | b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371e
Apple Security Advisory 2015-04-08-5
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-5 - Xcode 6.3 is now available and addresses stack guard bypass and an issue where Swift programs performing certain type conversions may receive unexpected values.

tags | advisory
systems | apple
advisories | CVE-2015-1149
SHA-256 | 0ce20e707741564c131e8fe519a08c07acd797603c90739a11316436b9b16ac6
Apple Security Advisory 2015-04-08-4
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-4 - Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1086, CVE-2015-1092, CVE-2015-1094, CVE-2015-1095, CVE-2015-1096, CVE-2015-1097, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105
SHA-256 | 25a3214ab7e6cadbdce4b05ac7c58a751b527530285591e0ffb09d1fe9b51d8a
Apple Security Advisory 2015-04-08-3
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-3 - iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | cisco, apple, ios
advisories | CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084, CVE-2015-1085, CVE-2015-1086, CVE-2015-1087, CVE-2015-1088, CVE-2015-1089, CVE-2015-1090, CVE-2015-1091, CVE-2015-1092, CVE-2015-1093, CVE-2015-1094, CVE-2015-1095, CVE-2015-1096
SHA-256 | 38d713ab32609a1117e7c790d7f5d298e14be22ee646cac89deceba5358bcdd3
Apple Security Advisory 2015-04-08-2
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2013-0118, CVE-2013-5704, CVE-2013-6438, CVE-2013-6712, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0207, CVE-2014-0226, CVE-2014-0231, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3523, CVE-2014-3538, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
SHA-256 | bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cd
Apple Security Advisory 2015-04-08-1
Posted Apr 9, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-04-08-1 - Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address information disclosure, code execution, certificate matching, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2015-1112, CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124, CVE-2015-1126, CVE-2015-1127, CVE-2015-1128, CVE-2015-1129
SHA-256 | eeaa79384ff069091d47b9a03c45c84ae355020694e5aeac68b451b6f942eb32
Hack In The Box GSEC Call For Papers
Posted Apr 9, 2015
Site gsec.hitb.org

The Call for Papers for the inaugural Hack In The Box GSEC conference in Singapore is now open. It will be held October 12th through the 16th, 2015 at the Sheraton Towers in Singapore.

tags | paper, conference
SHA-256 | d42213d26e010433988c1d4f7c96a576003f139e14d12e1074db9f4ae6f3b5e5
HP Security Bulletin HPSBUX03240 SSRT101872 2
Posted Apr 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03240 SSRT101872 2 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297
SHA-256 | 1f4fd14946b0e379a10db31c1f62663f3c788557aa4411f47f54db8d0cf85d0d
Cisco Security Advisory 20150408-cxfp
Posted Apr 9, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.

tags | advisory, remote
systems | cisco
SHA-256 | 03bf8d69a0bf6c91ee0106ef74c392f2a8e255b31f1eeb5859051b72b8c5176f
Mandriva Linux Security Advisory 2015-198
Posted Apr 9, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-198 - Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk. The updated packages provides a solution for these security issues.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437
SHA-256 | 70e18c801844e69b740945998cb86b87730582d195550d64ca9d0575e329b2f3
Cisco Security Advisory 20150408-asa
Posted Apr 9, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by command injection, memory exhaustion, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | 002287a420933aae31fd15f0d7d5940f2f4023cf6588b7d6edf90aa5cb93c2d2
Ubuntu Security Notice USN-2565-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2565-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.

tags | advisory, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | 45367e0ecb6fdf13b6f707fbe0aa7b08eb00219f55533ddb3f943355617b7375
Ubuntu Security Notice USN-2564-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2564-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.

tags | advisory, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | b4b5729a8b3105060a97d50bfcaf3b153c00ee7647386935333eed9d44313e11
Red Hat Security Advisory 2015-0794-01
Posted Apr 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0794-01 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token() function and use this flaw to crash that application.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422
SHA-256 | 092ae20195bf4a7732cc962288fb80eeebadd65456efb91c9af412787b3822e3
Ubuntu Security Notice USN-2563-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2563-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2015-1421, CVE-2015-1465, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | 5dafdca9ed571fcd6801dd6f0d5967baba32409d329a23f6e9674061e54eb37c
Ubuntu Security Notice USN-2560-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2560-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. An information leak was discovered in the Linux kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.

tags | advisory, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | 342f94cb1aabaa7a970f11ca1c034e73d616bd82981312d40732665c7748928b
Ubuntu Security Notice USN-2562-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2562-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2015-1421, CVE-2015-1465, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | be127130c407df608bf557e516cba75d80dd022ba633f89a98b2e1cf1698a549
Ubuntu Security Notice USN-2561-1
Posted Apr 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2561-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8159, CVE-2015-1593, CVE-2015-2041, CVE-2015-2042
SHA-256 | 8aef8dc5ce0c1d2950a6515a77b071d9261bb137d80010ab9989173c9845de2d
Mac OS X rootpipe Local Privilege Escalation
Posted Apr 9, 2015
Authored by Emil Kvarnhammar

Mac OS X rootpipe local proof of concept privilege escalation exploit.

tags | exploit, local, proof of concept
systems | apple, osx
advisories | CVE-2015-1130
SHA-256 | 146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0
WordPress Windows Desktop And iPhone Photo Uploader File Upload
Posted Apr 9, 2015
Authored by Manish Tanwar

WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
systems | windows, apple, iphone
SHA-256 | 4066792653efe187fcf02429adee45b20e2c070fa70ff0034e4116b8ff3d3b8b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close