Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2015-09-02

FreeBSD Security Advisory - BIND Denial Of Service
Posted Sep 2, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. A remote attacker can deliberately trigger the failed assertion which will cause an affected server to terminate, by using a query that requires a response from a zone containing a malformed key, resulting in a denial of service condition. Recursive servers are at greatest risk, however, an authoritative server could also be affected, if an attacker controls a zone that the server must query against to perform its zone service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2015-5722
MD5 | 2223cf4358d2bd313c49a41886d70f86
Microsoft Security Bulletin Revision Increment For September, 2015
Posted Sep 2, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for September, 2015.

tags | advisory
MD5 | f993a63c4cc6afca95d41880c924969e
OS X x64 /bin/sh Shellcode
Posted Sep 2, 2015
Authored by Csaba Fitzl

34 bytes small NULL byte free OS X x64 /bin/sh shellcode.

tags | shellcode
systems | apple, osx
MD5 | a3acc83e3c82166d8beeb36642e5f233
EMC Atmos 2.3.0 XML External Entity Injection
Posted Sep 2, 2015
Site emc.com

EMC Atmos is affected by an XML eXternal Entity (XXE) injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE injection attack may occur when XML input containing a reference to an external entity is processed by an affected XML parser. XXE injection might allow attackers to gain unauthorized access to files containing sensitive information or might be used to cause denial of service.

tags | advisory, denial of service
advisories | CVE-2015-4538
MD5 | 52f6bd35a97149ada5fab5f428a142f8
Cerb 7.0.3 Cross Site Request Forgery
Posted Sep 2, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Cerb version 7.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-6545
MD5 | 36bf2eef1d07cd1c7d2150405f9c50da
Slackware Security Advisory - gdk-pixbuf2 Updates
Posted Sep 2, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-4491
MD5 | 8a601176d1dd2d73bb00f0a129621083
PayPal Authentication Bypass
Posted Sep 2, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS.

tags | advisory
systems | cisco, apple, ios
MD5 | 9bdd6321fd361000e73f371137718aa3
Jira / HipChat For Jira Java Code Execution
Posted Sep 2, 2015
Authored by David Black

It was discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA. All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability. All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.

tags | advisory, java, web
advisories | CVE-2015-5603
MD5 | 3720b7b42c1165c24323b8251c38c7ad
Edimax BR6228nS/BR6228nC CSRF / XSS / HTTP Response Splitting
Posted Sep 2, 2015
Authored by Smash_

Edimax BR6228nS and BR6228nC suffer from cross site request forgery, HTTP response splitting, and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
MD5 | 4a2c02c0d0603a647e5be6d558098343
Thomsom Cable Modem TWG850-4B ST9C.05.08 Authentication Bypass
Posted Sep 2, 2015
Authored by OrwellLabs

Thomson Wireless VoIP cable modem TWG850-4B ST9C.05.08 suffers from an arbitrary file access vulnerability.

tags | exploit, arbitrary, bypass
MD5 | 71c8c3db00bf30f853671cc988286dde
XGI Windows VGA Display Manager Privilege Escalation
Posted Sep 2, 2015
Authored by Matthew Bergin

A vulnerability within the xrvkp module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege.

tags | advisory, arbitrary
advisories | CVE-2015-5466
MD5 | fa7a30390f3068edb084017fce9f34b0
SiS Windows VGA Display Manager Privilege Escalation
Posted Sep 2, 2015
Authored by Matthew Bergin

Vulnerabilities within the srvkp module allows an attacker to inject memory they control into an arbitrary location they define or cause memory corruption. IOCTL request codes 0x96002400 and 0x96002404 have been demonstrated to trigger these vulnerabilities. These vulnerabilities can be used to obtain control of code flow in a privileged process and ultimately be used to escalate the privilege of an attacker. Version affected is 6.14.10.3930.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2015-5465
MD5 | 0ab6ced8c67fd56b58c2964e765c09f9
FortiClient Antivirus Information Exposure / Access Control
Posted Sep 2, 2015
Authored by Core Security Technologies, Enrique Nissim

Core Security Technologies Advisory - FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges.

tags | advisory
advisories | CVE-2015-4077, CVE-2015-5735, CVE-2015-5736, CVE-2015-5737
MD5 | 473ad536ac1c73e9f90a7e23fabae2e6
HP Security Bulletin HPSBMU03339 1
Posted Sep 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03339 1 - A potential security vulnerability has been identified with HP LoadRunner Controller. The vulnerability could be exploited locally to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-5426
MD5 | 03575764ad07db8b631e836fab69cfa6
Red Hat Security Advisory 2015-1700-01
Posted Sep 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1700-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.

tags | advisory, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2015-5189, CVE-2015-5190
MD5 | 062a76082146c7cc405918943ec80a3c
Ubuntu Security Notice USN-2727-1
Posted Sep 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2727-1 - It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3308, CVE-2015-6251
MD5 | 19baf1f3153ddfd25430c31a344e61e2
Red Hat Security Advisory 2015-1699-01
Posted Sep 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1699-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-2730
MD5 | b41f52574157bd72bfb047a006d4725f
SphereFTP Server 2.0 Crash
Posted Sep 2, 2015
Authored by Meisam Monsef

SphereFTP server version 2.0 crash proof of concept exploit.

tags | exploit, proof of concept
MD5 | f4871064d1ea331e9d90e0a3466975e3
Mainframe/System Z Bindshell Shellcode
Posted Sep 2, 2015
Authored by zedsec390

Mainframe/System Z bindshell shellcode.

tags | shellcode
MD5 | 3c3bc91e57b83571824ef6ccb9cf02c1
Timekeeping In VMware Virtual Machines
Posted Sep 2, 2015
Authored by B3mB4m

The rdtsc (Read Time-Stamp Counter) instruction is used to determine how many CPU ticks took place since the processor was reset. It is commonly used as a timing defense (anti-debugging technique). This is assembler that demonstrates this functionality.

tags | shellcode
MD5 | d2b6a29727235875d94ffe652343498f
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close