exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-06-22

Apache Storm 0.10.0-beta Code Execution
Posted Jun 22, 2015
Authored by P. Taylor Goetz, Bobby Evans

The UI daemon in Apache Storm version 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.

tags | advisory, remote, web, arbitrary
advisories | CVE-2015-3188
MD5 | 5891b86dd1736344dbda9bd356125fce
Microsoft Windows ClientCopyImage Improper Object Handling
Posted Jun 22, 2015
Authored by temp66, OJ Reeves, hfirefox | Site metasploit.com

This Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.

tags | exploit, x86, kernel
systems | windows, 7
advisories | CVE-2015-1701
MD5 | 2f0aec917a34229f17599d68939b21dc
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150616
Posted Jun 22, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Bumped to Tor release 0.2.6.9.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 3d431e287223eddab5f8312f16dc19d4
OpenSCAP Libraries 1.2.4
Posted Jun 22, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.11 support 99.8% completed! Added Scientific Linux CPEs. Added oscap-docker tool. Various other updates and improvements.
tags | protocol, library
systems | unix
MD5 | 52a412bf25efc107c80090aba50e4892
Gentoo Linux Security Advisory 201506-04
Posted Jun 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201506-4 - Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Versions less than 43.0.2357.65 are affected.

tags | advisory, remote, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-1233, CVE-2015-1234, CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1243, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1250, CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1262, CVE-2015-1263
MD5 | e644dc88e1eca9808c6707e5816df1a1
Ubuntu Security Notice USN-2651-1
Posted Jun 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2651-1 - Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. Laszlo Boszormenyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395, CVE-2015-1396
MD5 | 42de9907c4ef0355cd93e2c30659a3c7
Gentoo Linux Security Advisory 201506-03
Posted Jun 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201506-3 - Multiple vulnerabilities have been fixed in GnuTLS, the worst of which can cause Denial of Service. Versions less than 3.3.15 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3308
MD5 | 5b62f58497b875ac7b8bcb0f1f78d5be
GeniXCMS 0.0.3 Cross Site Scripting
Posted Jun 22, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

GeniXCMS version 0.0.3 suffers from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-5066
MD5 | 2315567f4a6d24a79e85069b879c72cb
Gentoo Linux Security Advisory 201506-02
Posted Jun 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 29dead97f9fb4c8eb6586f20b7c1aca3
KMPlayer 3.9.1.136 Buffer Overflow
Posted Jun 22, 2015
Authored by Naser Farhadi

KMPlayer version 3.9.1.136 capture unicode buffer overflow with ASLR bypass.

tags | exploit, overflow
MD5 | d5acb1ba94d2e0b40f1424d52a2a4d7a
CUPS XSS / String Handling / Improper Teardown
Posted Jun 22, 2015
Authored by Google Security Research

CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-1158, CVE-2015-1159
MD5 | f6e0f204b5c6955208f9bf61c3cd3e50
ManageEngine Asset Explorer 6.1 Cross Site Scripting
Posted Jun 22, 2015
Authored by Alain Homewood | Site vulnerability-lab.com

ManageEngine Asset Explorer version 6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e6d35f0b526c2b11cfd895cb6b61cb88
Ubuntu Security Notice USN-2640-2
Posted Jun 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2640-2 - The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
MD5 | fa323baa361cc775f5424adc93ae44b5
Linux/x86 mkdir / chmod Shellcode
Posted Jun 22, 2015
Authored by B3mB4m

29 bytes small mkdir HACK and chmod 777 and exit(0) shellcode.

tags | shellcode
MD5 | 7f93ab9318390d52a9cfc9c417961b87
MySQL Lite Administrator Beta 1 Cross Site Scripting
Posted Jun 22, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

MySQL Lite Administrator version Beta 1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection, add administrator
advisories | CVE-2015-5064
MD5 | bca20010400041a19e05b03a1e749183
Zurmo CRM 3.0.2 Cross Site Scripting
Posted Jun 22, 2015
Authored by Provensec

Zurmo CRM version 3.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 97201aab80f87c7bc957a57af15632ad
PHPWCMS 1.5.4 Cross Site Request Forgery
Posted Jun 22, 2015
Authored by Provensec

PHPWCMS version 1.5.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c4260ffa4727ed5d11fb2e481643a8d4
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close