exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2015-11-30

Brocade Fabric OS 6.3.1b Weak System Configuration
Posted Nov 30, 2015
Authored by Karn Ganeshen

Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.

tags | exploit, info disclosure
systems | linux
MD5 | af834fa8d8d7ae90a0618b693088de99
Ubuntu Security Notice USN-2821-1
Posted Nov 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2821-1 - It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.

tags | advisory, remote
systems | linux, ubuntu
MD5 | d38efe06f4d85b64db0d8a5d7e8893f1
LibRaw 0.17 Overflow
Posted Nov 30, 2015
Authored by ChenQin

LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.

tags | advisory, code execution
advisories | CVE-2015-8366, CVE-2015-8367
MD5 | 68c42759b64238be00dbd113405ac4a9
SE-2014-02 Oracle Errata
Posted Nov 30, 2015
Authored by Adam Gowdiak | Site security-explorations.com

In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.

tags | advisory, java, root
advisories | CVE-2015-4871
MD5 | f5d69d86ab0d1a9e96b53a0507bf6a08
Red Hat Security Advisory 2015-2522-01
Posted Nov 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2522-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 6613d582794783a9b9d2e26e79432c5f
Red Hat Security Advisory 2015-2521-01
Posted Nov 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2521-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 75a266954d5bd71f5b3c5473cd91eb3b
Red Hat Security Advisory 2015-2523-01
Posted Nov 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2523-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | d014b030a2215d10db57c4a967ba7001
Red Hat Security Advisory 2015-2524-01
Posted Nov 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2524-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | c058fab07ac7f395014020bdeb9e955b
HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection
Posted Nov 30, 2015
Authored by Eric Sesterhenn | Site lsexperts.de

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 400bde2bac4c7b555de4b6f5013ef7d4
Belkin N150 XSS / CSRF / Session Hijacking
Posted Nov 30, 2015
Authored by Rahul Pratap Singh

Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b89a96154a2d0883126e4c0a87679cba
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
Easy File Sharing Web Server 7.2 Buffer Overflow
Posted Nov 30, 2015
Authored by Knaps

Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.

tags | exploit, remote, web, overflow
MD5 | b224ead213f4f689ec1bd50840477e46
ProFTP 1.3.5a Missing Bounds Checks / Memory Allocation
Posted Nov 30, 2015
Authored by Nicholas Lemonias

ProFTP version 1.3.5a suffers from missing boundary checks and memory allocation problems.

tags | advisory
MD5 | 2d43d65a7f542da03c07037b0fd3e74f
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close