exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-10-26

FreeBSD Security Advisory - ntp Authentication Bypass
Posted Oct 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

tags | advisory, crypto
systems | freebsd
advisories | CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
MD5 | ad57d8b6fd48b773d3e8e84c18d972e4
Debian Security Advisory 3379-1
Posted Oct 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3379-1 - Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | cisco, linux, debian
advisories | CVE-2015-6031
MD5 | 6b5b0452c112ff4cc5dfb647873d5fe7
articleFR 3.0.7 Arbitrary File Read
Posted Oct 26, 2015
Authored by cfreer, 0keeteam

articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2015-6591
MD5 | 3df12522a4ab174c179d277c31bcbb58
Google Picasa Phase One Tags Processing Integer Overflow
Posted Oct 26, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
MD5 | a50ca7789fd842d29a76ad55242cbd86
cryptmount Filesystem Manager 5.2
Posted Oct 26, 2015
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Added "supath" option to configure PATH via /etc/cryptmount/cmtab. Improved setup of PATH when invoking fsck. Various other updates and fixes.
tags | tool, kernel, encryption
systems | linux, unix
MD5 | 1d463071a270f422139e2c48e9d85698
Oracle Outside In Buffer Overflow
Posted Oct 26, 2015
Authored by Secunia, Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-4877, CVE-2015-4878
MD5 | 238c5d118f935b69d5d542c52194e62c
Windows 10 pcap Drive Local Privilege Escalation
Posted Oct 26, 2015
Authored by Rootkitsmm

Microsoft Windows 10 suffers from a pcap 10 local privilege escalation vulnerability.

tags | exploit, local
systems | windows
MD5 | f49b3bd9239f248b1d801dfa09acf15f
Mandos Encrypted File System Unattended Reboot Utility 1.7.1
Posted Oct 26, 2015
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Bug fix release.
tags | tool, remote, root
systems | linux, unix
MD5 | dd60a3b41050a84a6f93864ad64dc5be
MacOS X 10.11 Hardlink Resource Exhaustion
Posted Oct 26, 2015
Authored by Maksymilian Arciemowicz

MacOS X 10.11 suffers from a hardlink bomb issue that causes resource exhaustion.

tags | exploit, denial of service
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
MD5 | 8c5414e45c6ca9b641f094c5a3f77d90
Debian Security Advisory 3377-1
Posted Oct 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3377-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913
MD5 | 271931d3ac052478839c0cf68a22961a
C4 Conference Call For Papers
Posted Oct 26, 2015
Authored by CFP C4CON

C4CON 2015 has announced its call for papers. It will take place in Chile.

tags | paper, conference
MD5 | 1e236d4b0358cf4ff6d870578f80d417
MacOS X 10.11 FTS Buffer Overflow
Posted Oct 26, 2015
Authored by Maksymilian Arciemowicz

The MacOS X 10.11 FTS library suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
MD5 | 9743ffd8cc8914fcc53cea6bc0727ce7
Clipbucket 2.8 Blind SQL Injection
Posted Oct 26, 2015
Authored by ayadi

Clipbucket version 2.8 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6fa298a81ffe3ab7964a831d639be9d8
Virgin Mobile Cross Site Scripting
Posted Oct 26, 2015
Authored by Tommy DeVoss

Virgin Mobile suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 63a1cecc99e36702ced74438f6827773
Winamp Bento Browser Remote Code Execution
Posted Oct 26, 2015
Authored by Ehsan Noreddini

Winamp Bento Browser remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
MD5 | 213def3514e58e34c181cffa3e8aca2b
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close