what you don't know can hurt you
Showing 1 - 25 of 366 RSS Feed

Files Date: 2015-10-01 to 2015-10-31

PHP Server Monitor 3.1.1 Privilege Escalation
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.

tags | exploit, php
MD5 | a8d93d0765a7ef8c053689bf16f98416
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | 1fdc5c7830f2da4287fa3946e611790a
eBay Magento XXE Injection
Posted Oct 30, 2015
Authored by Dawid Golunski

eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.

tags | exploit
MD5 | d2181bd7beca099c282ae1ffab5c7129
Pligg CMS 2.0.2 SQL Injection
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e705ad82b5f949eb6258c6cf69e353c4
Pligg CMS 2.0.2 Directory Traversal
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 099c1daa6ff543433a0f7a9e639d18c3
Pligg CMS 2.0.2 CSRF / Code Execution
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
MD5 | b83af660caef210e0cc64398f4838206
Slackware Security Advisory - curl Updates
Posted Oct 30, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3236, CVE-2015-3237
MD5 | c3a4cd0f371e31c21f7e0fa057acc7b9
Slackware Security Advisory - ntp Updates
Posted Oct 30, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-9750, CVE-2015-5196, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
MD5 | 0793c71e5b11f5d11fbb4d91f15162aa
Debian Security Advisory 3384-1
Posted Oct 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3384-1 - Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-4813, CVE-2015-4896
MD5 | a176783623893216933f42c296ff1ecc
Debian Security Advisory 3383-1
Posted Oct 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3383-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-2213, CVE-2015-5622, CVE-2015-5714, CVE-2015-5715, CVE-2015-5731, CVE-2015-5732, CVE-2015-5734, CVE-2015-7989
MD5 | 0230183090bf9c31d852418ca52d1c95
Python 3.5 scan_eol() Buffer Over-Read
Posted Oct 30, 2015
Authored by John Leitch

Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.

tags | exploit, python
MD5 | 515b5867e161a589089030fb49cd7c81
Debian Security Advisory 3332-2
Posted Oct 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3332-2 - The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem.

tags | advisory
systems | linux, debian
MD5 | af0b24aace123761eafc5402ef8450ea
Slackware Security Advisory - jasper Updates
Posted Oct 30, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2008-3520, CVE-2008-3522, CVE-2011-4516, CVE-2011-4517, CVE-2014-8137, CVE-2014-8138, CVE-2014-8157, CVE-2014-8158, CVE-2014-9029
MD5 | f82c4f5ffb2f82e1974245bfd0863dd6
PHP yaml_parse_url Double Free
Posted Oct 30, 2015
Authored by John Leitch

The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.

tags | advisory
MD5 | 6535acd96143e2df25ceaf842dacb743
PHP yaml_parse_url Unsafe Deserialization
Posted Oct 30, 2015
Authored by John Leitch

The PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.

tags | advisory, arbitrary, php, code execution
MD5 | dae14b730720b054280ebf01f6da9cb3
Libstagefright Saio Tag Integer Overflow / Heap Corruption
Posted Oct 29, 2015
Authored by Chris Evans, Google Security Research

Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3868
MD5 | 7e916b78b0e2070a0f07e3934a07f382
Libstagefright Integer Overflow Check Bypass
Posted Oct 29, 2015
Authored by Google Security Research, natashenka

Libstagefright integer overflow checks can be bypassed with extended chunk lengths.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-1538
MD5 | 2731337a16f999a4060fa253ef21824e
Microsoft Security Bulletin Revision Increment For October, 2015
Posted Oct 29, 2015
Site microsoft.com

This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.

tags | advisory
MD5 | 37fc5b503d6e99570121b46506933e43
Red Hat Security Advisory 2015-1955-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
MD5 | e69f1dc794679a81bf7da177650eb823
Red Hat Security Advisory 2015-1956-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
MD5 | 0f44d6c5db0be138006bb28d8bc430ba
Ubuntu Security Notice USN-2788-1
Posted Oct 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7696, CVE-2015-7697
MD5 | 0280934dc31e2890e5aeb9a1b85496df
The TrustedSec Attack Platform (TAP)
Posted Oct 29, 2015
Authored by David Kennedy | Site github.com

TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.

tags | tool, remote, rootkit
systems | linux, unix
MD5 | 3c249135b3849079f6e70ccc7056b104
Intel x86 Considered Harmful
Posted Oct 29, 2015
Authored by Joanna Rutkowska

This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.

tags | paper, x86
MD5 | 0332f6a23b8f8f97862af9f9d66869bb
Oxwall 1.7.4 Cross Site Request Forgery
Posted Oct 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-5534
MD5 | 0fb896721d9c1e4acd543f69345e3e3a
AMD fglrx-driver 14.4.2 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.

tags | advisory
advisories | CVE-2015-7723
MD5 | af168e7674aa3ddcd91f2741d2711c3d
Page 1 of 15
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close