Exploit the possiblities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2015-12-03

Aethra SV2242E XXE Injection
Posted Dec 3, 2015
Authored by Ahmed Sultan

Aethra SV2242E suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | b2b0bd5457731b596668f82591c55514
Red Hat Security Advisory 2015-2545-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2545-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-6764, CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6776, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786, CVE-2015-6787
MD5 | a2648deff1f7e484a08a91f74624a2cb
Red Hat Security Advisory 2015-2544-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2544-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7528
MD5 | 2249e56d4a9a7b13cedebdcfec231550
WordPress Cool Video Gallery 1.9 Command Injection
Posted Dec 3, 2015
Authored by Larry W. Cashdollar

WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2015-7527
MD5 | 93957d650a1d3a660742297dd69baea5
ASUS RT-N15U Code Execution / XSS / Open Redirect
Posted Dec 3, 2015
Authored by MustLive

ASUS RT-N15U suffers from code execution, cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
MD5 | 5c917a1ae6db29d0e7c5d8b4ceea798f
OpenSSL Toolkit 1.0.2e
Posted Dec 3, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fix applied to BN_mod_exp which may produce incorrect results on x86_64. Also addressed was a certificate verify crash with missing PSS parameter, an X509_ATTRIBUTE memory leak, and various other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-3193, CVE-2015-3194, CVE-2015-3195
MD5 | 2218c1a6f807f7206c11eb3ee3a5ec80
EMC NetWorker Denial Of Service
Posted Dec 3, 2015
Site emc.com

EMC NetWorker contains a denial of service vulnerability that is caused by incorrect handling of malformed messages. A malicious user can construct and use malformed messages as a part of RPC authentication attempt, which can result in denial of service from critical NetWorker processes. Versions affected include 8.0.4.5 or later, 8.1.3.6 or later, 8.2.2.2 or later, and 9.0 Build 407 or higher.

tags | advisory, denial of service
MD5 | 35108fd299318c4d4215bf63e1778af3
Banner Student XSS / Information Disclosure / Open Redirect
Posted Dec 3, 2015
Authored by Sean Dillon

Banner Student suffers from cross site scripting, information disclosure, user enumeration, and open redirect vulnerabilities. Versions affected range through 8.5.1.2 to 8.7.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2015-4687, CVE-2015-4688, CVE-2015-4689, CVE-2015-5054
MD5 | b91400b80b1df8d0a07db08a9a65127a
Ubuntu Security Notice USN-2827-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2827-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911
MD5 | 252d0079132c4163bf115067871e7123
Slackware Security Advisory - libpng Updates
Posted Dec 3, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-7981
MD5 | 6b33b74cf7e84be4db2211c0e73b8088
Ubuntu Security Notice USN-2826-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
MD5 | 7c18a32b11105e93942f2bfd8fdce219
Debian Security Advisory 3411-1
Posted Dec 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3411-1 - Michal Kowalczyk discovered that missing input sanitizing in the foomatic-rip print filter might result in the execution of arbitrary commands.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-8327
MD5 | aa3ea1f5c7611d2cb2b9e99b44499e15
Ubuntu Security Notice USN-2828-1
Posted Dec 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2828-1 - Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in loopback mode. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345
MD5 | ab3c18be6b0a944062947ad7deab1028
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Dec 3, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 0cb65ce6c05cd2d914cbeecc4c5f9476
huutoporssi.fi Disclosure / XSS / Privilege Escalation
Posted Dec 3, 2015
Authored by Wub TheCaptain

huutoporssi.fi, which is currently offline, suffers from cross site scripting, privilege escalation, information disclosure, and user data modification vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
MD5 | c08fae707116bf904ad7e19880740ab4
OpenSCAP Libraries 1.2.7
Posted Dec 3, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
MD5 | e8e317c5475e4b335f51a10077fb407b
Oracle BeeHive 2 Code Execution
Posted Dec 3, 2015
Authored by mr_me, sinn3r, 1c239c43f521145fa8385d64a9c32243 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2010-4417
MD5 | 5321a69c2ebeac5dc0f2c49f8b4fd827
Mobius Forensic Toolkit 0.5.24
Posted Dec 3, 2015
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Many updates to the C++ and python APIs. Various other improvements.
tags | tool, python, forensics
MD5 | 900c5272996e4ade4536231c8b72ebc5
Oracle BeeHive 2 Arbitrary File Upload
Posted Dec 3, 2015
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.

tags | exploit, remote, arbitrary, code execution
MD5 | 1f1f12c14e043d34f839956dce879e1e
Red Hat Security Advisory 2015-2542-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2542-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-5304, CVE-2015-7501
MD5 | a58b27d6b410e742b742e76551b22da3
Red Hat Security Advisory 2015-2541-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2541-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-5304, CVE-2015-7501
MD5 | b82b4588c5912618febcce3da62577df
Red Hat Security Advisory 2015-2540-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2540-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-5304, CVE-2015-7501
MD5 | 2bdb9bfd5d920313806bf69542db86bc
Red Hat Security Advisory 2015-2539-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2539-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-5304, CVE-2015-7501
MD5 | b3060dc715d2f5c627efe2ba18bc0754
Red Hat Security Advisory 2015-2538-01
Posted Dec 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2538-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-5304, CVE-2015-7501
MD5 | f1d6531e272756854961bb9201e0fe5c
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close