exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-08-06

FreeBSD Security Advisory - patch Shell Injection
Posted Aug 6, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.

tags | advisory
systems | freebsd
advisories | CVE-2015-1418
MD5 | 7d000c1ccb5024987c1efad09f675ec3
FreeBSD Security Advisory - routed Denial Of Service
Posted Aug 6, 2015
Site security.freebsd.org

FreeBSD Security Advisory - The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

tags | advisory
systems | freebsd
advisories | CVE-2015-5674
MD5 | f4408b196586985c3c08d26b1bcf2fc7
Microweber 1.0.3 Shell Upload
Posted Aug 6, 2015
Authored by LiquidWorm | Site zeroscience.mk

Microweber version 1.0.3 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification when uploading files in '/src/Microweber/functions/plupload.php' script. This can be exploited to execute arbitrary PHP code by bypassing the extension restriction by putting the dot character at the end of the filename and uploading a malicious PHP script file that will be stored in '/userfiles/media/localhost/uploaded' directory.

tags | exploit, arbitrary, php
MD5 | efd4d0ff64dd1c9926b5a85cd45029e0
Microweber 1.0.3 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 6, 2015
Authored by LiquidWorm | Site zeroscience.mk

Microweber version 1.0.3 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 21e699783c47f8b58503e5dfd441ece4
WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery
Posted Aug 6, 2015
Authored by Tom Adams

A cross site request forgery vulnerability in the comment form of WordPress versions 3.8.1, 3.8.2, and 4.2.2 allows for administrative impersonation.

tags | exploit, csrf
MD5 | f5e05cd0623a058e5c5605ac9f2d04fd
Ubuntu Security Notice USN-2705-1
Posted Aug 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2705-1 - Qin Zhao discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. Brant Knudson discovered Keystone disabled certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-7144, CVE-2015-1852
MD5 | 062873d36d698e63faf328a283a512ff
Ubuntu Security Notice USN-2704-1
Posted Aug 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2704-1 - Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by policy. Clay Gerrard discovered Swift allowed users to delete the latest version of object regardless of object permissions when allow_version is configured. An attacker could use this issue to delete objects. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-7960, CVE-2015-1856
MD5 | dd7f2cdc0bc3a85aab0458c5c3172f6a
Ubuntu Security Notice USN-2703-1
Posted Aug 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2703-1 - Bastian Blank discovered that Cinder guessed image formats based on untrusted data. An attacker could use this to read arbitrary files from the Cinder host.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1851
MD5 | 1741910e6b744f86f3bf79eaba401aa1
Red Hat Security Advisory 2015-1564-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1564-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.

tags | advisory, overflow, x86, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2922, CVE-2015-3636
MD5 | ea43247306503e22b480a9de2aef3245
Red Hat Security Advisory 2015-1565-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1565-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
MD5 | a1d985b15707a20a9552d08c49cb6bdc
Red Hat Security Advisory 2015-1534-01
Posted Aug 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1534-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel level, bypassing intended restrictions in place.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636
MD5 | 7194f0fde43095d169b0958cfaf2adb8
HPE Security Bulletin HPSBUX03388 SSRT102180 1
Posted Aug 6, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03388 SSRT102180 1 - A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793, CVE-2015-4000
MD5 | eab3b1b5f333ecf496436e4f6bd63ca5
TRENDnet WPA Default Key Brute Forcing
Posted Aug 6, 2015
Authored by kcdtv

TRENDnet WPA default keys are constructed insecurely making cracking achievable. In this advisory are links to useful dictionaries for cracking various models affected.

tags | advisory
MD5 | 0c5e2ade490ca6e4ad26fcacf0d02d33
Cross-VM ASL INtrospection (CAIN)
Posted Aug 6, 2015
Authored by Thomas R. Gross, Kaveh Razavi, Antonio Barresi, Mathias Payer

A new attack vector against memory de-duplication in Virtual Machine Monitors (VMM) was discovered where attackers can effectively leak randomized base addresses of libraries and executables in processes of neighboring Virtual Machines (VM).

tags | advisory
advisories | CVE-2015-2877
MD5 | 8c0297690ad5b95b505a63fca492af97
Obfuscated Execve /bin/sh Shellcode
Posted Aug 6, 2015
Authored by B3mB4m

Obfuscated execve /bin/sh Linux/x86 shellcode.

tags | x86, shellcode
systems | linux
MD5 | ad4c8fe6baa4bed6aafc8fb12719c281
WordPress MP3-jPlayer 2.3.2 Path Disclosure
Posted Aug 6, 2015
Authored by Larry W. Cashdollar

WordPress MP3-jPlayer plugin version 2.3.2 suffers from a path disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 1bf79a20052ef31d65b732e4be20d0ac
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close