Exploit the possiblities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2015-12-21

Faraday 1.0.16
Posted Dec 21, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Immunity Canvas plugin added. Added Dig plugin. Added Traceroute plugin. Various other updates and fixes.
tags | tool, rootkit
systems | unix
MD5 | a46e4575767f14725d0c41c6f5b47035
Gentoo Linux Security Advisory 201512-04
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565
MD5 | b47a12dd6c6720d40e8d0a89de7dcbda
Red Hat Security Advisory 2015-2673-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2673-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7713
MD5 | 1e155bca0560af6f8c3aec221761091c
Red Hat Security Advisory 2015-2650-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2650-01 - Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. It was discovered that the director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2015-5303, CVE-2015-5329
MD5 | 049722414839ad2bc19e573329514bed
Red Hat Security Advisory 2015-2685-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2685-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5306
MD5 | 60f3bc5b4ca5a5be9ee89e57678ecb01
HP Security Bulletin HPSBGN03527 1
Posted Dec 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03527 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user. Notes: - In Eucalyptus, following the AWS model, IAM roles are used to temporarily allow users or services to access resources within or across accounts. Access to roles is determined by the role.s trust policy and a set of user permissions. The trust policy is associated with a role and defines which accounts or services are allowed to assume the role. User permissions are defined by the policy associated with the user, and define a set of actions and resources that the user is allowed to access. - An issue has been identified in how Eucalyptus checks user permissions when allowing a user to assume a role. Given that the grant policy allows the user.s account to assume the role, any user in that account would be able to assume the role, even if the user.s policy does not explicitly grant the AssumeRole permission for the role. As a result, in some cases authenticated users could gain privileges by assuming an IAM role that they were not intended to have access to. The impact is mitigated by the fact that the role.s trust policy still has to explicitly authorize the user.s account to access the role. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2015-6861
MD5 | 426555db719ba33289364fce2f6198da
Gentoo Linux Security Advisory 201512-05
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-5 - Multiple buffer overflow vulnerabilities in gdk-pixbuf may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.32.1 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-4491, CVE-2015-7673, CVE-2015-7674
MD5 | 0efa8909d5403b483c2c9a2703753ede
Red Hat Security Advisory 2015-2684-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2684-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7713
MD5 | 92a9fdfb7f2d56dda2bafd76c20837ee
YSTS 10th Edition Call For Papers
Posted Dec 21, 2015
Site ysts.org

The 10th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on June 13th, 2016.

tags | paper, conference
MD5 | 55133b4bba2c3ca2440457dc4403da46
Samhain File Integrity Checker 4.1.2
Posted Dec 21, 2015
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 80133dc11bd71ffd7250311e9f556802
HP Security Bulletin HPSBGN03526 1
Posted Dec 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03526 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user resulting in unauthorized modification. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2014-5040
MD5 | e41aa20d24faad0c19b2fb37d0feee16
Red Hat Security Advisory 2015-2671-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2671-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | ac2b2f60185ec9eec53d2f1ccbfb6505
RSA SecurID Web Agent Authentication Bypass
Posted Dec 21, 2015
Site emc.com

RSA SecurID Web Agent contains a patch that is designed to fix an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the confidentiality and integrity of the affected system. RSA SecurID Web Agent versions prior to 8.0 are affected.

tags | advisory, web, bypass
advisories | CVE-2015-6851
MD5 | cb67e06cd917a07a009c83e8bf782e09
PHPDolphin Social Network 1.2.8 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

PHPDolphin Social Network version 1.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c7e65a292a93b7d8ee0d2ec50817497f
phpMyFAQ 2.7.9 PHP Code Injection
Posted Dec 21, 2015
Authored by indoushka

phpMyFAQ version 2.7.9 remote PHP code injection exploit.

tags | exploit, remote, php
MD5 | d4fa8c22a8fbd59f9073615170f68d2a
DBKiss 1.16 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

DBKiss version 1.16 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 89cc97b08fb4d0efb18e2ab675ccc7f7
ESET NOD32 Antivirus DLL Hijacking
Posted Dec 21, 2015
Authored by Stefan Kanthak

ESET NOD32 Antivirus suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 6be091cb85bf05cb93553f090787e6c3
Debian Security Advisory 3427-1
Posted Dec 21, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3427-1 - It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation.

tags | advisory, local
systems | linux, debian
MD5 | 969963fccb02c387466426303553495b
Music Cloud 1.3 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

Music Cloud version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8c12cf82aeb9cf501ddd8c3175a495e1
WordPress Gallery Master 1.0.22 Cross Site Scripting
Posted Dec 21, 2015
Authored by Arash Khazaei

WordPress Gallery Master plugin version 1.0.22 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f70cc7fc01a3b5f52a47c141da9a024
Joomla Jomestate 1.0 SQL Injection
Posted Dec 21, 2015
Authored by indoushka

Joomla Jomestate component version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8a257dfdcc083e7357af3bd74da8cf3e
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close