what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-10-26

FreeBSD Security Advisory - ntp Authentication Bypass
Posted Oct 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

tags | advisory, cryptography
systems | freebsd
advisories | CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
SHA-256 | 97daf08486cc4c8cc8703eb625aea225e01f9a851cedc0e7f504b4776cf765dc
Debian Security Advisory 3379-1
Posted Oct 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3379-1 - Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | cisco, linux, debian
advisories | CVE-2015-6031
SHA-256 | b0c1e115225f56b3ee6713291f81e268dbebd0fe866fb7b322cc0e08081268c8
articleFR 3.0.7 Arbitrary File Read
Posted Oct 26, 2015
Authored by cfreer, 0keeteam

articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2015-6591
SHA-256 | f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3c
Google Picasa Phase One Tags Processing Integer Overflow
Posted Oct 26, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 5ae53f5fbef1f5539ef71eddc2a163711178502a8a9d788c3571296844ce496d
cryptmount Filesystem Manager 5.2
Posted Oct 26, 2015
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Added "supath" option to configure PATH via /etc/cryptmount/cmtab. Improved setup of PATH when invoking fsck. Various other updates and fixes.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | 37b509624748d2c8984e02dfdefc9f00882d52f946c8300c95fdfe1b90a2ce26
Oracle Outside In Buffer Overflow
Posted Oct 26, 2015
Authored by Secunia, Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-4877, CVE-2015-4878
SHA-256 | 4ed653941f8a16749d3b9b610f5f0203e8ff2d471eb0c5b330fb01af85a0c3bd
Windows 10 pcap Drive Local Privilege Escalation
Posted Oct 26, 2015
Authored by Rootkitsmm

Microsoft Windows 10 suffers from a pcap 10 local privilege escalation vulnerability.

tags | exploit, local
systems | windows
SHA-256 | 2a6f71e6ea24ffa95d665c29a163c5427a3aee51bf40142dd284a6ecbe29183f
Mandos Encrypted File System Unattended Reboot Utility 1.7.1
Posted Oct 26, 2015
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Bug fix release.
tags | tool, remote, root
systems | linux, unix
SHA-256 | d269a6ef683c236184561ea64a15b276bdde64139cf010d6c4e1bfdccabb09cc
MacOS X 10.11 Hardlink Resource Exhaustion
Posted Oct 26, 2015
Authored by Maksymilian Arciemowicz

MacOS X 10.11 suffers from a hardlink bomb issue that causes resource exhaustion.

tags | exploit, denial of service
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
SHA-256 | 4058ea8977e433e0872ba59dabcc96a98e1a41577ee9392d7c6db485784a1396
Debian Security Advisory 3377-1
Posted Oct 26, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3377-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913
SHA-256 | 93b4e88e2e5ba255c60ff8227ed4819a2b6589e68c8c35afc46963f046e75276
C4 Conference Call For Papers
Posted Oct 26, 2015
Authored by CFP C4CON

C4CON 2015 has announced its call for papers. It will take place in Chile.

tags | paper, conference
SHA-256 | 346fa3484e36a672e30417e6568c47cea1ce7a8e0bf413e95a1cfcc65cdf2112
MacOS X 10.11 FTS Buffer Overflow
Posted Oct 26, 2015
Authored by Maksymilian Arciemowicz

The MacOS X 10.11 FTS library suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
SHA-256 | 6e8afd8414e594a1c22b90fded2505f57393097d961dbd2f8a8dcd3ab5996ea9
Clipbucket 2.8 Blind SQL Injection
Posted Oct 26, 2015
Authored by ayadi

Clipbucket version 2.8 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0879e22ea741f95b1974da688f9ec493df631683872484513b7c5a4f3f884f8c
Virgin Mobile Cross Site Scripting
Posted Oct 26, 2015
Authored by Tommy DeVoss

Virgin Mobile suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c5ae7da77839cb9f55f99e5d57ca2c178ea7e41013c27624b2797528dc9698bf
Winamp Bento Browser Remote Code Execution
Posted Oct 26, 2015
Authored by Ehsan Noreddini

Winamp Bento Browser remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
SHA-256 | 10340d4929422ca8dcaf401b8098025130e2999b595b8d166b2e549c77c4ef71
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close