This archive contains 166 exploits that were added to Packet Storm in October, 2015.
b0e2060471086003d6a269d4fb0e20b4fb3da221b127ef235b12e76ef3f37e9dXplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
81bb75ca79ffbb80d1cd1cbf1eb4137bd99bcdef18081279196a64b53a6b67f0actiTIME 2015.2 suffers from multiple security vulnerabilities including open redirection, HTTP response splitting, and unquoted service path elevation of privilege.
52657f25b0674b9d07a88d9d6016185ec679c88a79bb978f285cbadb9f3d410eIf TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and malicious shellcode. Spetnik TCPing version 2.1.0 is affected.
f06cc5b1273a53dd542910fc1defe06e91902dd50c024cd10a345a30dfa1bc90Gentoo Linux Security Advisory 201510-8 - Multiple vulnerabilities have been found in cups-filters, the worst of which could lead to arbitrary code execution. Versions less than 1.0.71 are affected.
041e6a048891992ba3f2bb942be02df0e975338e5a91443a7651927b9952486cGentoo Linux Security Advisory 201510-7 - Multiple vulnerabilities have been found in CUPS, the worst of which could lead to arbitrary code execution. Versions less than 2.0.3 are affected.
0e5a198a274ec259cba3b346f27743dd9477459b1edd099ae6617e3b7514f1a6Gentoo Linux Security Advisory 201510-6 - Multiple vulnerabilities have been found in Django, the worst of which may allow a remote attacker to cause Denial of Service. Versions less than 1.8.3 are affected.
8bd4c2b1b1de56b721cbb6931bbd2b8930e0465c4d3e16665e5015985af20ac7Gentoo Linux Security Advisory 201510-5 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service. Versions less than 1.25.2 are affected.
3d8836f5ef2ab0649b4948144dfd99b4cff01decdd6a361e8f73fd93f2e2ecafGentoo Linux Security Advisory 201510-4 - Multiple vulnerabilities have been found in tcpdump, the worst of which can allow remote attackers to cause Denial of Service condition or executive arbitrary code. Versions less than 4.7.4 are affected.
8f44b4c35a4f81dafcda57ddeddbfc53a20fe647f7c2d18c988a66c606c662f2Gentoo Linux Security Advisory 201510-3 - Multiple vulnerabilities have been found in Wireshark, allowing attackers to cause Denial of Service condition. Versions less than 1.12.7 are affected.
a3e5d00b0cd3a49572c7757598c6e9c785cd441fba78a9925be26a715a2e0f5bGentoo Linux Security Advisory 201510-2 - A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Versions less than 2.3.0-r4 are affected.
947d9bf965c7d67dffe41ba0520fc50e4a6c74e1a0831f6018772274dde8386fDebian Linux Security Advisory 3389-1 - Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so.
fcdf6851022c5214839df75b2e415d9cbdf8b5d2a155e9af7b1e260296d05f4dDebian Linux Security Advisory 3381-2 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service.
abc7b7a5d57f2b7fd0e625d7745a70dd3cee719a528a40490bb64cda58d99e16Debian Linux Security Advisory 3388-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.
4fac4f7e1a4e533ef9921e59f6edea64818b9257321c6c0272d58e5b47a7c5a7Debian Linux Security Advisory 3387-1 - John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets.
1244cf997342ec06e4704144cb59bd5b80087354e7355ef778f3fd411e00f1cbDebian Linux Security Advisory 3386-1 - Two vulnerabilities have been found in unzip, a de-archiver for .zip files.
1d96ea53d623622b341bae44daabd23b7f09e532459e9ae9579ed4c1e0792d88Debian Linux Security Advisory 3385-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22.
5a46f5434c5a59a57af7c0a4b98b7ab582fa63ce6351afb0d791990ed578a4b1Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.
4fbbcdb0014f6b5b36412b5b0d77e13fcea4362e7222692a9ca1f45aad0c9e23Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.
215ced90e06682bf1853666f18abba9118707d5f15f9bdb78f63075a6ea12305Python versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modules\audioop.c.
2c8b66929eceb72bf3da7c48c1148a09862a0cd29361eca125f67b93810e39c3Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c.
ada2d4f0a482e3504f02bdd84933b923a7fbe62837b34a1a13838fd8b8480ca2Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.
4a88d411899b3dbec134ad2fd731df7ad8bb96206440397840cb6a04963e5ab7Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.
1a0162389dadd3c3ed027351470e8c0be159c0f185fd44220ede2cc603b48d8aPython version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.
94542f2a805b7a58ea094d2832d50dc1b24b949fa6c966598dd788d4698a07fcMilton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.
46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed