Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-07-16

Red Hat Security Advisory 2015-1235-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1235-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-18 listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-5122, CVE-2015-5123
MD5 | 248a142eb82e36605318b36d29b60da3
8 TOTOLINK Routers Backdoored / Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

8 TOTOLINK router models have backdoor hardcoded credentials and suffer from remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 227406165b323d377c2f25eac75c99a5
4 TOTOLINK Routers Backdoored
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models are backdoored with hardcoded credentials.

tags | exploit
MD5 | 444efc2347fce301aca38012e4496eed
4 TOTOLINK Routers Cross Site Request Forgery / Cross Site Scripting
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f881ecd2cca51da5c105e4a4895a51a0
15 TOTOLINK Routers Remote Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | d5f3f7cf82c828d8596937b7901c5d71
SAP Security Notes For July, 2015
Posted Jul 16, 2015
Authored by Darya Maenkova

The monthly critical patch for SAP for July, 2015 includes missing authorization checks, information disclosure, and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution, info disclosure
MD5 | 8e841597528c57eb3d3788f1a8807b21
Red Hat Security Advisory 2015-1226-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1226-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to restricted resources.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-3244
MD5 | 7cba5bd857fe2ac6dffd18c0c76bf513
Cisco Security Advisory 20150715-vds
Posted Jul 16, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the HTTP processing module of the Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) and Cisco Videoscape Distribution Suite Service Broker (VDS-SB) could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable device. An exploit could allow the attacker to cause a denial of service (DoS) condition. There is no workaround that mitigates this vulnerability. Cisco has released software updates that address this vulnerability for Cisco VDS-IS.

tags | advisory, remote, web, denial of service
systems | cisco
MD5 | d8d3fd17bf6eef66c1e0d4d636abafc6
Ubuntu Security Notice USN-2656-2
Posted Jul 16, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2656-2 - USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases. This update provides the corresponding update for Ubuntu 12.04 LTS. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743, CVE-2015-4000
MD5 | 96b73fbfcce3b6624ff4d4cfedc2c6c5
Red Hat Security Advisory 2015-1230-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1230-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | ae9acc5e4d2109ab1b0aa3560f71638d
Red Hat Security Advisory 2015-1229-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1229-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | 45de1347afda1dbf4dd0e9b91c877686
Red Hat Security Advisory 2015-1228-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1228-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2659, CVE-2015-2808, CVE-2015-3149, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | 0887824f0cc5c2e54324fb94b26b939f
Red Hat Security Advisory 2015-1221-01
Posted Jul 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files. A local, unprivileged attacker could use this flaw to crash the system. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.

tags | advisory, x86, kernel, local
systems | linux, redhat
advisories | CVE-2011-5321, CVE-2015-1593, CVE-2015-2830, CVE-2015-2922, CVE-2015-3636
MD5 | 7569846c179aefca0adca037b66b1cef
WordPress Download Manager Free 2.7.94 / Pro 4 XSS
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 43e157c53d29515b8cc705c9c2553500
phpVibe Stored Cross Site Scripting
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

phpVibe versions prior to 4.20 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ee762c5b7c5fc4e3a0677ce243e16fb0
Internet Download Manager Crash Proof Of Concepts
Posted Jul 16, 2015
Authored by Mohammad Reza Espargham

2 crash proof of concept exploits for Internet Download Manager.

tags | exploit, proof of concept
MD5 | a233d0d967ccf8c8af4080d56ea6e23e
Apache Groovy 2.4.3 Code Execution
Posted Jul 16, 2015
Authored by cpnrodzc7

Apache Groovy versions 1.7.0 through 2.4.3 suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2015-3253
MD5 | a19d406c889c52f3e839aa42fb5b280d
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close