what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-10-29

Libstagefright Saio Tag Integer Overflow / Heap Corruption
Posted Oct 29, 2015
Authored by Chris Evans, Google Security Research

Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3868
MD5 | 7e916b78b0e2070a0f07e3934a07f382
Libstagefright Integer Overflow Check Bypass
Posted Oct 29, 2015
Authored by Google Security Research, natashenka

Libstagefright integer overflow checks can be bypassed with extended chunk lengths.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-1538
MD5 | 2731337a16f999a4060fa253ef21824e
Microsoft Security Bulletin Revision Increment For October, 2015
Posted Oct 29, 2015
Site microsoft.com

This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.

tags | advisory
MD5 | 37fc5b503d6e99570121b46506933e43
Red Hat Security Advisory 2015-1955-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
MD5 | e69f1dc794679a81bf7da177650eb823
Red Hat Security Advisory 2015-1956-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
MD5 | 0f44d6c5db0be138006bb28d8bc430ba
Ubuntu Security Notice USN-2788-1
Posted Oct 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7696, CVE-2015-7697
MD5 | 0280934dc31e2890e5aeb9a1b85496df
The TrustedSec Attack Platform (TAP)
Posted Oct 29, 2015
Authored by David Kennedy | Site github.com

TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.

tags | tool, remote, rootkit
systems | linux, unix
MD5 | 3c249135b3849079f6e70ccc7056b104
Intel x86 Considered Harmful
Posted Oct 29, 2015
Authored by Joanna Rutkowska

This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.

tags | paper, x86
MD5 | 0332f6a23b8f8f97862af9f9d66869bb
Oxwall 1.7.4 Cross Site Request Forgery
Posted Oct 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-5534
MD5 | 0fb896721d9c1e4acd543f69345e3e3a
AMD fglrx-driver 14.4.2 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.

tags | advisory
advisories | CVE-2015-7723
MD5 | af168e7674aa3ddcd91f2741d2711c3d
AMD fglrx-driver 15.7 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 15.7.

tags | advisory
advisories | CVE-2015-7724
MD5 | 0ebfe857657e6659feb58180ca053e66
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/oramipp_lpr servlet.

tags | advisory, xxe
advisories | CVE-2015-4851
MD5 | 41f9bdd52826899db79679c8c2f37aac
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/IspPunchInServlet servlet.

tags | advisory, xxe
advisories | CVE-2015-4849
MD5 | 4b0ce60c5e0545f1ccace54c5952ba6c
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.

tags | advisory, xxe
advisories | CVE-2015-4886
MD5 | 9bdd1acc097b3690a708a7ce77004558
Debian Security Advisory 3382-1
Posted Oct 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3382-1 - Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902, CVE-2015-3903, CVE-2015-6830, CVE-2015-7873
MD5 | b3eb0d1e08c2aa1fc182ea0e4eedc391
Ubuntu Security Notice USN-2787-1
Posted Oct 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2787-1 - Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7747
MD5 | 549c782d659fb918c929b7664ef9047b
Joomla JNews SQL Injection
Posted Oct 29, 2015
Authored by Omer Ramic

The Joomla JNews component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bc7bf9e7ad9f734975bd87bee14dca4d
Mozilla SETUP.EXE DLL Injection
Posted Oct 29, 2015
Authored by Stefan Kanthak

Mozilla's SETUP.exe suffers from a classic DLL injection vulnerability.

tags | exploit
MD5 | 12febf8bf291d45127ff72c6378cdf0d
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    1 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close