Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-04-29

MySQL SSL / TLS Downgrade
Posted Apr 29, 2015
Authored by Andrea Barisani, Open Source CERT, Adam Goodman

A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade. Versions 5.7.2 and below are affected.

tags | advisory
advisories | CVE-2015-3152
MD5 | a6136100e6e6ea5f0710410938e328f3
Red Hat Security Advisory 2015-0918-01
Posted Apr 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0918-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite Proxy versions 5.5 or older.

tags | advisory
systems | linux, redhat
MD5 | 949cb4b2ec548d33ceeb70ec08892728
Mandriva Linux Security Advisory 2015-216
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-4165
MD5 | bed6a3c3eb135de378bdae93fdff520d
Mandriva Linux Security Advisory 2015-215
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm.

tags | advisory, overflow
systems | linux, mandriva
MD5 | 5c622882eb788f58ceb5fb92324d7c2d
Red Hat Security Advisory 2015-0917-01
Posted Apr 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0917-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.

tags | advisory
systems | linux, redhat
MD5 | b4444fa442307cc2920b8f621574aeae
Mandriva Linux Security Advisory 2015-214
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.

tags | advisory, overflow
systems | linux, mandriva
MD5 | ad7ecf015d3b9f441de2bca8286820af
Mandriva Linux Security Advisory 2015-213
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0139
MD5 | 13e85fe2b9ac6b66153224db7fbe831d
Foxit Reader 7.1.3.320 Memory Corruption
Posted Apr 29, 2015
Authored by Francis Provencher

Foxit Reader versions 7.1.3.320 and below suffer from a pdf parsing memory corruption vulnerability.

tags | exploit
systems | linux
MD5 | 1af48838dac7fbc9bebf3ace9a05d41e
Linux x86_64 Execve /bin/sh Shellcode Via Push
Posted Apr 29, 2015
Authored by noviceflux

23 bytes small Linux/x86_64 execve /bin/sh shellcode via push.

tags | shellcode
systems | linux
MD5 | 6aafb6d1f6e5f830e835a19984d2f9d9
Linux x86 Execve /bin/sh Shellcode Via Push
Posted Apr 29, 2015
Authored by noviceflux

21 bytes small Linux/x86 execve /bin/sh shellcode via push.

tags | x86, shellcode
systems | linux
MD5 | 3e3827ce14881760d90be1e641fbfcb8
OS Solution OSProperty 2.8.0 SQL Injection
Posted Apr 29, 2015
Authored by Brandon Perry

OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4c15ec7cbcbae7ab163d547d32c2e885
Ninja 0.1.3 Race Condition
Posted Apr 29, 2015
Authored by Ben Sheppard

Ninja privilege escalation detection and prevention system version 0.1.3 suffers from a race condition vulnerability.

tags | exploit
MD5 | 57487581b06892f5097c7cd3e8ac91a8
Clam AntiVirus Toolkit 0.98.7
Posted Apr 29, 2015
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Various fixes to pdf string base64 string conversion. Reworked reverted upack.c crash patch to fix regression false negatives. Added support for MS Office 2003 XML(msxml) document types and msxml file properties collection. Various other updates and fixes.
tags | tool, virus
systems | unix
MD5 | 157c601161da1c2d5a0e48ea1b49e067
WordPress TheCartPress 1.3.9 XSS / Local File Inclusion
Posted Apr 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-3300, CVE-2015-3301, CVE-2015-3302
MD5 | 3acb628ebbb13834d60aadd0dc84e2a6
Swisscom Centro Grande Remote Root
Posted Apr 29, 2015
Authored by Ivan Almuina

A vulnerability has been discovered that affects the certificate verification functions provided by the HNDS service found on the Centro Grande (ADB version) DSL routers of Swisscom. The flaw allows an attacker to have access to management functions that are normally reserved for the Swisscom support. Furthermore, this vulnerability combined with other vulnerabilities allow to completely compromise the Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote root shell on a victim's router.

tags | advisory, remote, shell, root, vulnerability
advisories | CVE-2015-1188
MD5 | 970d2ca906f899d954e0a843f40c7b95
PHP Exception Type Confusion / Heap Overflow
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.

tags | exploit, overflow, arbitrary
MD5 | 8afe590264b8c1583445b8633990ca08
PHP SoapFault Type Confusion
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks.

tags | exploit, arbitrary
MD5 | 43a3a21f04943d792c09aff693570595
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close