This archive contains 166 exploits that were added to Packet Storm in October, 2015.
f7a8c465c3c47d8975ca49d967f015cbXplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.
ce666a8bee310b268392ae99f51d67e5actiTIME 2015.2 suffers from multiple security vulnerabilities including open redirection, HTTP response splitting, and unquoted service path elevation of privilege.
d6bac3864720f887621d60d6e9c3418eIf TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and malicious shellcode. Spetnik TCPing version 2.1.0 is affected.
d105f0923bdad52b007c0d96d579cdf4Gentoo Linux Security Advisory 201510-8 - Multiple vulnerabilities have been found in cups-filters, the worst of which could lead to arbitrary code execution. Versions less than 1.0.71 are affected.
56d93cf967f9955e743003da05bac6daGentoo Linux Security Advisory 201510-7 - Multiple vulnerabilities have been found in CUPS, the worst of which could lead to arbitrary code execution. Versions less than 2.0.3 are affected.
a1f3c72e2b0964286fa3aa4219c4f808Gentoo Linux Security Advisory 201510-6 - Multiple vulnerabilities have been found in Django, the worst of which may allow a remote attacker to cause Denial of Service. Versions less than 1.8.3 are affected.
a4341a97716ee882ef92af010a727473Gentoo Linux Security Advisory 201510-5 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service. Versions less than 1.25.2 are affected.
b68adca516c3f867a2626b70d265e3bbGentoo Linux Security Advisory 201510-4 - Multiple vulnerabilities have been found in tcpdump, the worst of which can allow remote attackers to cause Denial of Service condition or executive arbitrary code. Versions less than 4.7.4 are affected.
8339ca0e7e0bab3945e75259a312f764Gentoo Linux Security Advisory 201510-3 - Multiple vulnerabilities have been found in Wireshark, allowing attackers to cause Denial of Service condition. Versions less than 1.12.7 are affected.
cec32f523a1b9f7b0753458e424b0853Gentoo Linux Security Advisory 201510-2 - A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Versions less than 2.3.0-r4 are affected.
4da92efc0eb99430cf833a4562bc7557Debian Linux Security Advisory 3389-1 - Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so.
76f04aaa0a00b2c33343083e22894cdaDebian Linux Security Advisory 3381-2 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service.
18dee3c41c3850666ca7518d8ccce392Debian Linux Security Advisory 3388-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.
d8bbdd9253d9a0b5ea833e6dfa0c4a14Debian Linux Security Advisory 3387-1 - John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets.
dfcf873b8dc495d46db6330a68385553Debian Linux Security Advisory 3386-1 - Two vulnerabilities have been found in unzip, a de-archiver for .zip files.
e7ed264ebecf780a44bfda6394dc426aDebian Linux Security Advisory 3385-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.22.
48e92c645c054db9f592bada050ccacbSeveral functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.
c0d5beed5205da28e1e53b71191859e6Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.
f1c3a22ae9e1578337b2d49d8f157affPython versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modules\audioop.c.
8fd04559881dffdf8c326ab397ef5309Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c.
8f7957712172174e8434592d61af6c90Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.
d77ffcd44c3ef49ea3629c746de84811Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.
25015ebb8a6741931ddef2b587049c0bPython version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.
a3589a69b3bfc5feef80c86576cdb315Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.
7fd999695fd917692484e1f97ab1c0df
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed