Exploit the possiblities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-08-17

EMC Secure Remote Services Virtual Edition Weak Authentication
Posted Aug 17, 2015
Site emc.com

It was discovered that the session tokens in EMC Secure Remote Services Virtual Edition are Base64 encoded XML tokens that lack any cryptographic protection. Due to this it is possible for attackers to create their own session cookies. Attackers with network access (insiders) to the ESRS Web Portal can exploit this issue to gain unauthorized access to the management interface.

tags | advisory, remote, web
advisories | CVE-2015-0544
MD5 | b2159864bf450854824dadb4e1ec5b25
EMC Documentum Content Server Privilege Escalation / Code Execution
Posted Aug 17, 2015
Site emc.com

EMC Documentum Content Server contains multiple vulnerabilities that could be exploited by malicious users to compromise the Content Server in several ways.

tags | advisory, vulnerability
advisories | CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536
MD5 | ad45a0bf2ec7c708d2d4a35c00a41284
RSA Archer GRC Cross Site Request Forgery
Posted Aug 17, 2015
Site emc.com

RSA Archer GRC platform contains fixes for multiple cross site request forgery vulnerabilities that could potentially be exploited by malicious users to perform unauthorized actions on behalf of authenticated users of the application.

tags | advisory, vulnerability, csrf
advisories | CVE-2015-0542
MD5 | e978167e13c465d58a1f9e5003df8c32
Ubuntu Security Notice USN-2711-1
Posted Aug 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2711-1 - It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3565, CVE-2015-5621
MD5 | 6f76a7ed2b1076062c7d728b9ac2c030
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
MD5 | f40203b860dcb9ad58f5a01dd0418a21
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
Posted Aug 17, 2015
Authored by Brandon Perry, Markus Wulftange | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2015-1486, CVE-2015-1487, CVE-2015-1489
MD5 | 94d61c5829628370b82e3454cfc59b31
VideoCharge Studio Buffer Overflow (SEH)
Posted Aug 17, 2015
Authored by metacom, Christian Mehlmauer, Andrew Smith aka jakx | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of VideoCharge Studio to open a malicious .VSC file.

tags | exploit, remote, overflow, arbitrary
advisories | OSVDB-69616
MD5 | 7d9daf7a4e288d2bf09ab5d5240c2f48
Werkzeug Debug Shell Command Execution
Posted Aug 17, 2015
Authored by h00die | Site metasploit.com

This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.

tags | exploit, shell, python
systems | linux, debian, centos
MD5 | f4fefacaa69e5506b920a3689bcdbb3b
RSA BSAFE Crypto Attacks / Denial Of Service
Posted Aug 17, 2015
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.

tags | advisory, denial of service, crypto, vulnerability
advisories | CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537
MD5 | f5ef6999daddcffb2197ac8414aebba8
Gentoo Linux Security Advisory 201508-03
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-3 - A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition. Versions less than 2.4.2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3026
MD5 | 089cb5833a5bdbc784c9baf6094a1ed0
Gentoo Linux Security Advisory 201508-02
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-2 - Multiple vulnerabilities have been found in libgadu, the worst of which may result in execution of arbitrary code. Versions less than 1.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-4488, CVE-2013-6487, CVE-2014-3775
MD5 | 02e4ba2460e6b3bd71e43871165ba5d7
Gentoo Linux Security Advisory 201508-01
Posted Aug 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201508-1 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.508 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3107, CVE-2015-5122, CVE-2015-5123, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556
MD5 | a5d248dd1c3203260ca90e4809c4d0b7
Red Hat Security Advisory 2015-1635-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1635-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
MD5 | 692a49bb14193a33a678cc87b39ea0d5
Red Hat Security Advisory 2015-1634-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1634-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3416
MD5 | 597267f1604b4c74cdae942a87b792a2
Red Hat Security Advisory 2015-1633-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1633-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2015-0248, CVE-2015-0251, CVE-2015-3187
MD5 | 9ee6112c42f578393b2a686a661880e8
Red Hat Security Advisory 2015-1631-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1631-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. ceph has been upgraded from v0.80.8.1 to v0.80.8.2.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-3010, CVE-2015-4053
MD5 | d773497563e9d9fcf4bcb08f35109749
Slackware Security Advisory - mozilla-firefox Updates
Posted Aug 17, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | c4cd486accc1156ec4ce46bced8692c7
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Aug 17, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 22d4c27b05cad1976bf1bcb145e517a5
Red Hat Security Advisory 2015-1630-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1630-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772
MD5 | 135a86220d5ca3fa8863af6e77a11122
Red Hat Security Advisory 2015-1629-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1629-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
MD5 | ad7c7af792f70a4e2caee76e09277316
Red Hat Security Advisory 2015-1628-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1628-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757
MD5 | 348ced7630779a7f45f9fa425468631c
Red Hat Security Advisory 2015-1627-01
Posted Aug 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1627-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

tags | advisory, remote, arbitrary
systems | linux, redhat, osx
advisories | CVE-2013-7424
MD5 | f52e2c613d6eac5f522ade5f7824f044
Sagemcom F@ST 3864 V2 Admin Password Disclosure
Posted Aug 17, 2015
Authored by Cade Bull

Sagemcom F@ST 3864 V2 suffers from a remote administrative password disclosure vulnerability.

tags | exploit, remote
MD5 | 7e22c4ac3cb1673335d2ff539166759b
Microsoft Windows HTA Remote Code Execution
Posted Aug 17, 2015
Authored by Mohammad Reza Espargham

Microsoft Windows HTA (HTML Application) remote code execution exploit that leverages MS14-064.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2014-6332
MD5 | c81f8ab8129f4e11c6dfbac244661259
Comtrend Cross Site Request Forgery
Posted Aug 17, 2015
Authored by Javier Vicente Vallejo

Various Comtrend routers suffer from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 4b46d1a98c75cb527d8e893e348bf594
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close