exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2015-12-21

Faraday 1.0.16
Posted Dec 21, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Immunity Canvas plugin added. Added Dig plugin. Added Traceroute plugin. Various other updates and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | 53da89d5c48f26c0de9020e49b3846f04e034b5b376537463c65565ab2d9503f
Gentoo Linux Security Advisory 201512-04
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-5352, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565
SHA-256 | 38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665b
Red Hat Security Advisory 2015-2673-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2673-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7713
SHA-256 | 969f35c86c24c7d1b1f9d33a4492eaeb80195425deabb40fc950705f06c4fcc6
Red Hat Security Advisory 2015-2650-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2650-01 - Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. It was discovered that the director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2015-5303, CVE-2015-5329
SHA-256 | d0f1e8ff661fe339ce803a3398060afcb6a6a1222c80140dd8a377c45b05ea10
Red Hat Security Advisory 2015-2685-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2685-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5306
SHA-256 | 451c08033547e5a8e92a85c916b75301b75aa87cda617b5fa03c72470715901f
HP Security Bulletin HPSBGN03527 1
Posted Dec 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03527 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user. Notes: - In Eucalyptus, following the AWS model, IAM roles are used to temporarily allow users or services to access resources within or across accounts. Access to roles is determined by the role.s trust policy and a set of user permissions. The trust policy is associated with a role and defines which accounts or services are allowed to assume the role. User permissions are defined by the policy associated with the user, and define a set of actions and resources that the user is allowed to access. - An issue has been identified in how Eucalyptus checks user permissions when allowing a user to assume a role. Given that the grant policy allows the user.s account to assume the role, any user in that account would be able to assume the role, even if the user.s policy does not explicitly grant the AssumeRole permission for the role. As a result, in some cases authenticated users could gain privileges by assuming an IAM role that they were not intended to have access to. The impact is mitigated by the fact that the role.s trust policy still has to explicitly authorize the user.s account to access the role. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2015-6861
SHA-256 | 2503231940024a6e3e8b742a105e37a6cc7ada64c00d60fa8ac15b9667483aeb
Gentoo Linux Security Advisory 201512-05
Posted Dec 21, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-5 - Multiple buffer overflow vulnerabilities in gdk-pixbuf may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.32.1 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-4491, CVE-2015-7673, CVE-2015-7674
SHA-256 | ef788de6dcb6d9c9f6bc6430d2f938d5eb72df557d8948250280d3d8e79d97c3
Red Hat Security Advisory 2015-2684-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2684-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7713
SHA-256 | 8002f61d7727d8aeef6be6e1d3e25856058a74a5a791db67c197cda7d77cdc38
YSTS 10th Edition Call For Papers
Posted Dec 21, 2015
Site ysts.org

The 10th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on June 13th, 2016.

tags | paper, conference
SHA-256 | bb0f28de281939b572e00fba1f21cdc33929e5032d05cbe798180a21c84589d6
Samhain File Integrity Checker 4.1.2
Posted Dec 21, 2015
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 9c451054d240e594fbc81ca20259fac9c5d3c667142311f0e65886c13fd7ccfb
HP Security Bulletin HPSBGN03526 1
Posted Dec 21, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03526 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user resulting in unauthorized modification. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2014-5040
SHA-256 | 1917a28daebe8d4f31abcb5f781ef649cf0478246ad6653b38bf5da3ddf8922a
Red Hat Security Advisory 2015-2671-01
Posted Dec 21, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2671-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
SHA-256 | 255fd5c7c552ccd1e430eb16fa3bd6c12a21497614c3d57bb729f36b13d38515
RSA SecurID Web Agent Authentication Bypass
Posted Dec 21, 2015
Site emc.com

RSA SecurID Web Agent contains a patch that is designed to fix an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the confidentiality and integrity of the affected system. RSA SecurID Web Agent versions prior to 8.0 are affected.

tags | advisory, web, bypass
advisories | CVE-2015-6851
SHA-256 | 56a2b51dcce86a5954dbd192f931aa6b7d8a29ef61e3366a573f528cecc16a0c
PHPDolphin Social Network 1.2.8 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

PHPDolphin Social Network version 1.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1e2892fa0b2a402d8aeeef166dcf16df948e1ea7c7479481e5b1f18f52fa997e
phpMyFAQ 2.7.9 PHP Code Injection
Posted Dec 21, 2015
Authored by indoushka

phpMyFAQ version 2.7.9 remote PHP code injection exploit.

tags | exploit, remote, php
SHA-256 | 28ef4ddf5dbc1a91285aed596e0f9920e5a063689c5832161b764725803d58b4
DBKiss 1.16 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

DBKiss version 1.16 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3966ce413f16038341c1cc0374d8fa1245e79f98e37adae83588fb0c989551eb
ESET NOD32 Antivirus DLL Hijacking
Posted Dec 21, 2015
Authored by Stefan Kanthak

ESET NOD32 Antivirus suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 2ab38e92fa5ab7b2c39968a50d43d16d344f909670ba6b199faaa3c955fb61d1
Debian Security Advisory 3427-1
Posted Dec 21, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3427-1 - It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation.

tags | advisory, local
systems | linux, debian
SHA-256 | 6136f7153e98f9e41be6ab3e4c3cba74952d0d8d154ade9dbf387b86b1dce7b6
Music Cloud 1.3 Cross Site Scripting
Posted Dec 21, 2015
Authored by indoushka

Music Cloud version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f4d5532ee87a0f36b3728ba9a0c264e25a8c6dbe84104b562cc385ca7cd58afd
WordPress Gallery Master 1.0.22 Cross Site Scripting
Posted Dec 21, 2015
Authored by Arash Khazaei

WordPress Gallery Master plugin version 1.0.22 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 125e65f3414e32a56870065345499c7ecdcb1682aa4ebdfd986de2b0949e860f
Joomla Jomestate 1.0 SQL Injection
Posted Dec 21, 2015
Authored by indoushka

Joomla Jomestate component version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 93daf644ff1c2f286ca07f9924df33d30564f22fa6fc3fac04db46a1723ad73d
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close