what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-10-05

Truecrypt 7 Derived Code/Windows: Drive Letter Symbolic Link Creation Privilege Escalation
Posted Oct 5, 2015
Authored by Google Security Research, forshaw

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic link creation facilities to remap the main system drive. With the system drive remapped it's trivial to get a new process running under the local system account.

tags | exploit, local
systems | linux, windows
advisories | CVE-2015-7358
SHA-256 | bd1e8ffc132fe9efac975acbab5528bd06a2731798e1f40805ddc035d825f919
ZTE GPON F427 Authorization Bypass / Cleartext Password Storage
Posted Oct 5, 2015
Authored by Jerzy Patraszewski

ZTE GPON F427 and possibly the F460/F600 models suffer from authorization bypass and cleartext password storage vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | dc765368483788a306626f2ec3e734f37903e48b198f40d579a1f434fb88db43
Tripwire IP360 VnE Remote Administrative API Authentication Bypass
Posted Oct 5, 2015
Authored by Specto

The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled.

tags | advisory, remote, web, bypass
advisories | CVE-2015-6237
SHA-256 | f39b0d4187cc158f2f89d6baa904081ee7d836d144b591161f265d845ad45d81
HPE Security Bulletin HPSBUX03359 SSRT102094 2
Posted Oct 5, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03359 SSRT102094 2 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 2 of this advisory.

tags | advisory, local
systems | hpux
advisories | CVE-2015-2126
SHA-256 | 280463d26266d491f1dd15a01e62791ecd8b60e8fbbd600647678926928fee45
Ubuntu Security Notice USN-2754-1
Posted Oct 5, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2754-1 - Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
SHA-256 | afcf289328146265fa6e10eb487f3682313ea3eefcaec70ee5d577d98663106d
Red Hat Security Advisory 2015-1846-01
Posted Oct 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1846-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Red Hat Gluster Storage's Unified File and Object Storage is built on OpenStack's Object Storage. A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8177
SHA-256 | 32e541f9cfeac12bc5cc140b2c6b523bdf473f15ab9581530b048dfa10a6a7bf
Red Hat Security Advisory 2015-1845-01
Posted Oct 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1845-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Red Hat Gluster Storage's Unified File and Object Storage is built on OpenStack's Object Storage. A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage. By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8177
SHA-256 | 461ddcf991096b35f17de2c450f919683c621c960e5c6ac5cfb8a2d8e423db13
Ubuntu Security Notice USN-2757-1
Posted Oct 5, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2757-1 - Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same-origin restrictions.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-1303, CVE-2015-1304
SHA-256 | c25673f4c070fc83e82fba8dec02997320f48a6dac38621e7f50364facf0137e
Ubuntu Security Notice USN-2743-4
Posted Oct 5, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2743-4 - USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-4502, CVE-2015-4504, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4512, CVE-2015-4516, CVE-2015-4519, CVE-2015-4520, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
SHA-256 | 0a58ee64d61da63ededa11a8bcc5386a5bf626dddc842b8aa624807bad330d10
Slackware Security Advisory - seamonkey Updates
Posted Oct 5, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 284c4d1e1d886f86e9d2fdc621915279a6af1fe8bf0e4f394a6232b9f9450d18
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Oct 5, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 81a45a64be680582007bcf1f2f23df7056051309f8dc2e3a9d7ee0f5c49e1a01
Slackware Security Advisory - php Updates
Posted Oct 5, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838
SHA-256 | 203b2ebd7735d8416a3e0ad05d22aab39cd5bbfe50aa7d383272f070b4001d45
HP Security Bulletin HPSBST03418 2
Posted Oct 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03418 2 - A potential security vulnerabilities have been identified with HP P6000 Command View Software. They are the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", and the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3566, CVE-2015-2808
SHA-256 | 6fb29cdacf8c44002ac40358621b5a89aa23f2ebefe73090f8d2e3a3df310841
Apple Safari 8.0.8 URI Spoofing
Posted Oct 5, 2015
Authored by Antonio Sanso

Apple Safari version 8.0.8 was prone to a URI spoofing vulnerability.

tags | advisory, spoof
systems | apple
advisories | CVE-2015-5764
SHA-256 | 56f1ab6b2010771a579cb4098d64865d5cac498ada576c8588d66d4a3b85e943
ManageEngine ServiceDesk File Upload / Code Execution
Posted Oct 5, 2015
Authored by Pedro Ribeiro

ManageEngine ServiceDesk allows for remote code execution via an arbitrary file upload vulnerability. Builds prior to 9103 are affected.

tags | exploit, remote, arbitrary, code execution, file upload
SHA-256 | ad26e4ebb5b76807e284e7b33deed6f22156628be28c87477370677f8456384a
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close