exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-10-15

netis RealTek 2.1.1 Backdoor Accounts / RBAC Failure / CSRF
Posted Oct 15, 2015
Authored by Karn Ganeshen

netis RealTek routers with firmware version 2.1.1 suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | b83e882bd01bcc0a37ba5a6e8a1e6197
PROLiNK H5004NK Backdoor Accounts / RBAC Failure / CSRF
Posted Oct 15, 2015
Authored by Karn Ganeshen

PROLiNK H5004NK ADSL routers with firmware version R76S Slt 4WNE1 6.1R suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | c32d65c25f9e472e067a35fe958b66a8
Red Hat Security Advisory 2015-1905-01
Posted Oct 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1905-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
MD5 | 6736b20637791f267a55ffdc61f26bea
Red Hat Security Advisory 2015-1904-01
Posted Oct 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1904-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.

tags | advisory, java, web, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2015-5178, CVE-2015-5188, CVE-2015-5220
MD5 | 518e2b3c66c01786e5a87fe804e6d62b
Kentico CMS 8.2 Cross Site Scripting / Open Redirect
Posted Oct 15, 2015
Authored by KINGSABRI

Kentico CMS version 8.2 suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7822, CVE-2015-7823
MD5 | 898518fbe55bb0b70d24ce7c2315e892
UISGCON11 Call For Papers
Posted Oct 15, 2015
Site 11.uisgcon.org

The UISGCON11 Call For Papers has been announced. It will take place on December 4th, 2015 in Kyiv, Ukraine at Hotel Bratislava.

tags | paper, conference
MD5 | 3d38d7435a02a4ad31629256c7001adc
CakePHP 3.0.5 XML Class SSRF
Posted Oct 15, 2015
Authored by Takeshi Terada

CakePHP version 3.0.5 suffers from server-side request forgery attacks that can cause a denial of service condition.

tags | exploit, denial of service
MD5 | 510a26ab9d349441ea85a6bc719c2ad9
Red Hat Security Advisory 2015-1893-01
Posted Oct 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1893-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-25 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
MD5 | 517f01007e865ebbb8756972e322bafe
Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice
Posted Oct 15, 2015
Authored by Eric Wustrow, J. Alex Halderman, Karthikeyan Bhargavan, Matthew Green, Pierrick Gaudry, David Adrian, Benjamin VanderSloot, Nadia Heninger, Drew Springall, Luke Valenta, Paul Zimmermann, Emmanuel Thome, Zakir Durumeric, Santiago Zanella-Beguelin

This paper investigates the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, they present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, the researchers implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, they can compute arbitrary discrete logs in that group in about a minute. They found that 82% of vulnerable servers use a single 512-bit group, allowing them to compromise connections to 7% of Alexa Top Million HTTPS sites. They go on to consider Diffie-Hellman with 768- and 1024-bit groups. They estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. They conclude that moving to stronger key exchange methods should be a priority for the Internet community.

tags | paper, web, arbitrary, protocol
MD5 | 6d13b1ef77ba8f3acea1e122c94a07b8
hack4 2015 Call For Papers
Posted Oct 15, 2015
Authored by dash | Site hack4.org

Hack4 has announced its Call For Papers. It will be held December 28th through the 29th, 2015 in Berlin, Germany.

tags | paper, conference
MD5 | 182b8704ab9bfe69d4edce86eb7c4ee2
Freemake Video Downloader 3.7.1 Code Execution
Posted Oct 15, 2015
Authored by ZwX | Site vulnerability-lab.com

Freemake Video Downloader version 3.7.1 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 8a242f06039668461c4ff40f013b362c
PayPal Session Fixation
Posted Oct 15, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

A session fixation web vulnerability has been discovered in the official PayPal Inc online service web application.

tags | exploit, web
MD5 | 088e52abf3ba82cd1f45b1972b799405
Ubuntu Security Notice USN-2709-2
Posted Oct 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2709-2 - USN-2709-1 updated pollinate's certificate for entropy.ubuntu.com but did not include a new certificate authority certificate. This update fixes the problem. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | f2765a6e1c62c40ee78003a16e580997
Ubuntu Security Notice USN-2769-1
Posted Oct 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2769-1 - It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-5783, CVE-2012-6153, CVE-2014-3577, CVE-2015-5262
MD5 | 1a5ad1bfa1d60966928a324d463f8b9c
Windows Sandboxed Mount Reparse Point Creation Mitigation Bypass
Posted Oct 15, 2015
Authored by Google Security Research, forshaw

A mitigation added to Windows 10 to prevent NTFS Mount Reparse Points being created at integrity levels below medium can be bypassed.

tags | exploit
systems | linux, windows
advisories | CVE-2015-2553
MD5 | 14c29ffbdf03915a72fc87aa0b6cae13
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close