all things security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-11-03

Redis Remote Command Execution
Posted Nov 3, 2015
Authored by Antirez | Site antirez.com

Redis has eloquently explained how it can be used for remote command execution if not securely configured to mitigate arbitrary access.

tags | exploit, remote, arbitrary, code execution
MD5 | 4bd5ec0bc1f3b82fc84f8b049b8e3eb3
HP Security Bulletin HPSBGN03426 1
Posted Nov 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03426 1 - A potential security vulnerability has been identified with HP Mobility Software (MSM). This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-0235
MD5 | 5b7c45b8fa1fadaba27a006d85f33ee4
Debian Security Advisory 3355-2
Posted Nov 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3355-2 - The previous update for libvdpau, DSA-3355-1, introduced a regression in the stable distribution (jessie) causing a segmentation fault when the DRI_PRIME environment variable is set.

tags | advisory
systems | linux, debian
MD5 | d2f2fa76e6e2b9e6f889c7b2c4c409d0
HP Security Bulletin HPSBMU03518 1
Posted Nov 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03518 1 - A potential security vulnerability has been identified with HP Vertica. The vulnerability could be exploited remotely resulting in code execution. Revision 1 of this advisory.

tags | advisory, code execution
advisories | CVE-2015-6867
MD5 | b046e95b4f2978f8a470238c2735e397
Debian Security Advisory 3390-1
Posted Nov 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3390-1 - It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping.

tags | advisory
systems | linux, debian
advisories | CVE-2015-7835
MD5 | 834d48f97eb8aa1273069c0dae191155
Gentoo Linux Security Advisory 201511-01
Posted Nov 3, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201511-1 - An attacker who already had access to the environment could so append values to parameters passed through programs. Versions less than 50c are affected.

tags | advisory
systems | linux, gentoo
MD5 | 81c757d666c53c3443d18255bf7e8dc1
Alcatel-Lucent Home Device Manager Spoofing
Posted Nov 3, 2015
Authored by Dr. Ulrich Fiedler | Site swisscom.ch

A vulnerability has been discovered in the TR069 protocol that can potentially affect all Automatic Configuration Servers (ACS). The issue has been fixed in the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing filter. HDM allows service providers to remotely manage CPEs, such as residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise a home networking environment. The vulnerability allows an attacker to perform impersonation attacks by spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized access to third-party SIP Credentials for the spoofed device and perform illegal activities (phone fraud). The vulnerability has been tested and confirmed. Versions prior to 4.1.10 may be affected.

tags | advisory, spoof, protocol
advisories | CVE-2015-6498
MD5 | 0d4969094c3655283cb43d570bec43e6
Chyrp CMS 2.5.2 Cross Site Scripting
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

Chyrp CMS version 2.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 201dd30a17ed478a0d1b06e952dbfc0d
SQL Buddy 1.3.3 Cross Site Scripting
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

SQL Buddy version 1.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | df32394bb1f1bbff92d532144d06d971
SQL Buddy 1.3.3 Cross Site Request Forgery
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

SQL Buddy version 1.3.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | dbc684b7f1e0b0135981401fbe986758
DAVOSET 1.2.6
Posted Nov 3, 2015
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of comments in the lists. Various other updates.
tags | tool, denial of service
MD5 | 9a7f2fba63505cc794c1bd9a696fb8cd
Linksys X2000 Command Execution
Posted Nov 3, 2015
Authored by Lorenzo Pistone

The Linksys X2000 suffers from a remote, unauthenticated command execution vulnerability that scores root privileges.

tags | exploit, remote, root
MD5 | 5db17d5fe524fd0f34d24ad23fef1f90
Samsung Galaxy S6 Android.media.process Face Recognition Memory Corruption
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung Galaxy S6 Android.media.process face recognition memory corruption proof of concept exploit.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-7897
MD5 | f6f4ce12e0194b75eb288e879eeca714
Samsung LibQjpeg Image Decoding Memory Corruption
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung LibQjpeg suffers from a memory corruption vulnerability in the DCMProvider service when decoding an image.

tags | exploit
systems | linux
advisories | CVE-2015-7894
MD5 | 44d2610f1692d4238ae96f2b332b415f
Samsung Galaxy S6 LibQjpeg DoIntegralUpsample Crash
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung Galaxy S6 LibQjpeg memory corruption proof of concept exploit.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-7896
MD5 | e864ae62b2e6a520546674e7aa350a53
TeleGraph.co.uk Cross Site Scripting
Posted Nov 3, 2015
Authored by Jing Wang

TeleGraph.co.uk suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 81e19ab474d163f223e7fb8016489f41
Daily Mail Unvalidated Redirect / Cross Site Scripting
Posted Nov 3, 2015
Authored by Jing Wang

Various Daily Mail sites suffered from unvalidated redirect and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | bd8af27dea033a9e4e53fe5370ce1b5a
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    16 Files
  • 24
    Oct 24th
    4 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close