what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

Files Date: 2015-07-03

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Posted Jul 3, 2015
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.

tags | exploit, overflow, root
systems | linux, windows, ubuntu, 7
advisories | CVE-2015-3043, CVE-2015-3113
MD5 | cabe863f2b1b9fd7e8570e18144bfce0
Red Hat Security Advisory 2015-1207-01
Posted Jul 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1207-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743
MD5 | ca97cc5cf78d16aa879aca0a09635698
Soreco AG Xpert.Line 3.0 Authentication Bypass
Posted Jul 3, 2015
Authored by Alessandro Zala

Soreco AG Xpert.Line version 3.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2015-3442
MD5 | 2820466e5e96d328fe0f6090a0813d86
BlackCat CMS 1.1.1 Path Traversal
Posted Jul 3, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

BlackCat CMS version 1.1.1 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-5079
MD5 | 6bd95be6bb51566c05475521473f011a
Snorby 2.6.2 Cross Site Scripting
Posted Jul 3, 2015
Authored by Federico Fazzi

Snorby version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9502dcd864bd5df2ecacedd44ccfd0fb
ipTIME n104r3 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 3, 2015
Authored by Pierre Kim

ipTIME n104r3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7018dc9d2f6a043fed8e610d28ee468e
OLE Packager Embedding Issues
Posted Jul 3, 2015
Authored by Kevin Beaumont

This write up discusses the dangers around the OLE packager used to embed any file into Office documents.

tags | paper
MD5 | 41e0f8cb282a050eef1cb9ecbe1400b5
WordPress easy2map 1.24 SQL Injection
Posted Jul 3, 2015
Authored by Larry W. Cashdollar

WordPress easy2map plugin version 1.24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-4614, CVE-2015-4616
MD5 | 57c5d979523e5c420f321d30cc159bed
Debian Security Advisory 3298-1
Posted Jul 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3298-1 - It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.

tags | advisory, web, xxe
systems | linux, debian
advisories | CVE-2015-1833
MD5 | 1513420e41b1131cd33224b13d16630a
Red Hat Security Advisory 2015-1206-01
Posted Jul 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1206-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the cinder upload-to-image functionality. When processing a malicious qcow2 header cinder could be tricked into reading an arbitrary file from the cinder host.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-1851
MD5 | 23544d5d6b0fccaac8a0a60f138d042d
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close