exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2015-11-02

Packet Storm New Exploits For October, 2015
Posted Nov 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 166 exploits that were added to Packet Storm in October, 2015.

tags | exploit
systems | linux
SHA-256 | b0e2060471086003d6a269d4fb0e20b4fb3da221b127ef235b12e76ef3f37e9d
Xplico Network Forensic Analysis Tool 1.1.1
Posted Nov 2, 2015
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: Added MGCP dissector. IMAP bug fixed.
tags | tool, imap, forensics
systems | linux
SHA-256 | 81bb75ca79ffbb80d1cd1cbf1eb4137bd99bcdef18081279196a64b53a6b67f0
actiTIME 2015.2 Privilege Escalation / Open Redirect
Posted Nov 2, 2015
Authored by LiquidWorm | Site zeroscience.mk

actiTIME 2015.2 suffers from multiple security vulnerabilities including open redirection, HTTP response splitting, and unquoted service path elevation of privilege.

tags | exploit, web, vulnerability
SHA-256 | 52657f25b0674b9d07a88d9d6016185ec679c88a79bb978f285cbadb9f3d410e
Spetnik TCPing Utility 2.1.0 Buffer Overflow
Posted Nov 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

If TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and malicious shellcode. Spetnik TCPing version 2.1.0 is affected.

tags | exploit, tcp, shellcode
SHA-256 | f06cc5b1273a53dd542910fc1defe06e91902dd50c024cd10a345a30dfa1bc90
Gentoo Linux Security Advisory 201510-08
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-8 - Multiple vulnerabilities have been found in cups-filters, the worst of which could lead to arbitrary code execution. Versions less than 1.0.71 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-3258, CVE-2015-3279
SHA-256 | 041e6a048891992ba3f2bb942be02df0e975338e5a91443a7651927b9952486c
Gentoo Linux Security Advisory 201510-07
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-7 - Multiple vulnerabilities have been found in CUPS, the worst of which could lead to arbitrary code execution. Versions less than 2.0.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-1158, CVE-2015-1159
SHA-256 | 0e5a198a274ec259cba3b346f27743dd9477459b1edd099ae6617e3b7514f1a6
Gentoo Linux Security Advisory 201510-06
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-6 - Multiple vulnerabilities have been found in Django, the worst of which may allow a remote attacker to cause Denial of Service. Versions less than 1.8.3 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5143, CVE-2015-5144, CVE-2015-5145
SHA-256 | 8bd4c2b1b1de56b721cbb6931bbd2b8930e0465c4d3e16665e5015985af20ac7
Gentoo Linux Security Advisory 201510-05
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-5 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service. Versions less than 1.25.2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2931, CVE-2015-2932, CVE-2015-2933, CVE-2015-2934, CVE-2015-2935, CVE-2015-2936, CVE-2015-2937, CVE-2015-2938, CVE-2015-2939, CVE-2015-2940, CVE-2015-2941, CVE-2015-2942, CVE-2015-6728, CVE-2015-6729, CVE-2015-6730, CVE-2015-6731, CVE-2015-6732, CVE-2015-6733, CVE-2015-6734, CVE-2015-6735, CVE-2015-6736, CVE-2015-6737
SHA-256 | 3d8836f5ef2ab0649b4948144dfd99b4cff01decdd6a361e8f73fd93f2e2ecaf
Gentoo Linux Security Advisory 201510-04
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-4 - Multiple vulnerabilities have been found in tcpdump, the worst of which can allow remote attackers to cause Denial of Service condition or executive arbitrary code. Versions less than 4.7.4 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 8f44b4c35a4f81dafcda57ddeddbfc53a20fe647f7c2d18c988a66c606c662f2
Gentoo Linux Security Advisory 201510-03
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-3 - Multiple vulnerabilities have been found in Wireshark, allowing attackers to cause Denial of Service condition. Versions less than 1.12.7 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2187, CVE-2015-2188, CVE-2015-2189, CVE-2015-2190, CVE-2015-2191, CVE-2015-2192, CVE-2015-3182, CVE-2015-3808, CVE-2015-3809, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2015-3814, CVE-2015-3815, CVE-2015-3906, CVE-2015-4651, CVE-2015-4652
SHA-256 | a3e5d00b0cd3a49572c7757598c6e9c785cd441fba78a9925be26a715a2e0f5b
Gentoo Linux Security Advisory 201510-02
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-2 - A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Versions less than 2.3.0-r4 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2015-3209, CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 947d9bf965c7d67dffe41ba0520fc50e4a6c74e1a0831f6018772274dde8386f
Debian Security Advisory 3389-1
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3389-1 - Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so.

tags | advisory
systems | linux, debian
SHA-256 | fcdf6851022c5214839df75b2e415d9cbdf8b5d2a155e9af7b1e260296d05f4d
Debian Security Advisory 3381-2
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3381-2 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911
SHA-256 | abc7b7a5d57f2b7fd0e625d7745a70dd3cee719a528a40490bb64cda58d99e16
Debian Security Advisory 3388-1
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3388-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-9750, CVE-2014-9751, CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7850, CVE-2015-7852, CVE-2015-7855, CVE-2015-7871
SHA-256 | 4fac4f7e1a4e533ef9921e59f6edea64818b9257321c6c0272d58e5b47a7c5a7
Debian Security Advisory 3387-1
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3387-1 - John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets.

tags | advisory
systems | linux, debian
advisories | CVE-2015-7762, CVE-2015-7763
SHA-256 | 1244cf997342ec06e4704144cb59bd5b80087354e7355ef778f3fd411e00f1cb
Debian Security Advisory 3386-1
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3386-1 - Two vulnerabilities have been found in unzip, a de-archiver for .zip files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-7696, CVE-2015-7697
SHA-256 | 1d96ea53d623622b341bae44daabd23b7f09e532459e9ae9579ed4c1e0792d88
Debian Security Advisory 3385-1
Posted Nov 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3385-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913
SHA-256 | 5a46f5434c5a59a57af7c0a4b98b7ab582fa63ce6351afb0d791990ed578a4b1
Python 2.7 check_multiply_size() Integer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.

tags | advisory, overflow
SHA-256 | 4fbbcdb0014f6b5b36412b5b0d77e13fcea4362e7222692a9ca1f45aad0c9e23
Python 2.7 Hotshot pack_string Heap Buffer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.

tags | exploit, overflow, python
SHA-256 | 215ced90e06682bf1853666f18abba9118707d5f15f9bdb78f63075a6ea12305
Python 3.6 audioop.lin2adpcm Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modules\audioop.c.

tags | advisory, python
SHA-256 | 2c8b66929eceb72bf3da7c48c1148a09862a0cd29361eca125f67b93810e39c3
Python 3.6 audioop.adpcm2lin Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c.

tags | advisory, python
SHA-256 | ada2d4f0a482e3504f02bdd84933b923a7fbe62837b34a1a13838fd8b8480ca2
Python 3.5 Bytearray Pop And Remove Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.

tags | advisory, python
SHA-256 | 4a88d411899b3dbec134ad2fd731df7ad8bb96206440397840cb6a04963e5ab7
Python 2.7 array.fromstring Use After Free
Posted Nov 2, 2015
Authored by John Leitch

Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.

tags | exploit, python
SHA-256 | 1a0162389dadd3c3ed027351470e8c0be159c0f185fd44220ede2cc603b48d8a
Python 2.7 strop.replace() Integer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Python version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.

tags | exploit, overflow, code execution, python
SHA-256 | 94542f2a805b7a58ea094d2832d50dc1b24b949fa6c966598dd788d4698a07fc
Milton Webdav 2.7.0.1 XXE Injection
Posted Nov 2, 2015
Authored by Mikhail Egorov

Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7326
SHA-256 | 46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close