exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-01-11

Ubuntu Security Notice USN-2860-1
Posted Jan 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2860-1 - A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. An issue was discovered with the page serializer in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to inject arbitrary script or HTML. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-6789, CVE-2015-6790, CVE-2015-6791, CVE-2015-8548, CVE-2015-8664
SHA-256 | 90d02e34904669776ec78df314db01a39141e3276465cd38e2e12e48a812ff8b
Amanda 3.3.1 Local Root Privilege Escalation
Posted Jan 11, 2016
Authored by Hacker Fantastic

Amanda version 3.3.1 suffers from a local root privilege escalation vulnerability via the setuid runtar binary.

tags | exploit, local, root
SHA-256 | 2ab1cf9f4f7d96fe3a9f2cf09a358645b047b9ef18ef2daf06d8e51bc6c2b48c
Linux Kernel overlayfs Local Privilege Escalation
Posted Jan 11, 2016
Authored by halfdog

This program demonstrates how to escalate privileges using an overlayfs mount within a user namespace.

tags | exploit
SHA-256 | 245a67dc153f223afb9bd229d16d9f5c37310e1f46c7558980b40f8cb6ac3420
360-FAAR Firewall Analysis Audit And Repair 0.5.2
Posted Jan 11, 2016
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds a vital omission from the last release where it now reads Cisco ASA configs with spaces at the start of lines. This release also backports Cisco ASA log parser snippets from SuperFAAR. Various other updates.
tags | tool, perl
systems | unix
SHA-256 | 6151c2c48e2b8a4509affaaa4d7c5094fec3015411d33d7563a3e966281478af
FireHOL 3.0.1
Posted Jan 11, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Added ipv6mld to simplify enabling Multicast Listener Discovery in FireHOL. Added pre_up to run commands immediately before an interface is started in VNetBuild. Various other improvements.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 7df99bb42d6d85c1cd83a98f79a7489089e6bfd467f2f565bddd7ea568916e1d
Netgear 1.0.0.24 Bypass / Improper Session Management
Posted Jan 11, 2016
Authored by CSW Research Lab, Sathish Kumar

Netgear router version 1.0.0.24 with JNR1010 firmware suffers from improper session management and bypass vulnerabilities.

tags | exploit, vulnerability
SHA-256 | e490b8e5eaf82cdabe3b918f772a70f63831a13c6260c4a3f649b5a052eb2bbf
Netgear 1.0.0.24 Cross Site Request Forgery
Posted Jan 11, 2016
Authored by CSW Research Lab, Sathish Kumar

Netgear router version 1.0.0.24 with JNR1010 firmware suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | da6530ed94ec74ddcb325b48d68b02ef2fe16d9c6ec393e137a00d4987f9e68a
Red Hat Security Advisory 2016-0018-01
Posted Jan 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0018-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A flaw was discovered in the OpenStack Compute snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False".

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7548
SHA-256 | 7d023ec761f5ca1a82c049d7b8aadf9ef29fbf04e95d26ac6b29cdeef7a4af53
Debian Security Advisory 3439-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3439-1 - Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-1231, CVE-2016-1232
SHA-256 | d6be66be95728c7d1f358ee60de7d1f87b3b739c818e293a39dfd5c67ef74c05
Debian Security Advisory 3437-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3437-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2015-7575
SHA-256 | 868dce8773c5d2e53cf3af16d82945ada88658e24fa28370ccaf5449ba858dfc
Debian Security Advisory 3438-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3438-1 - It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8025
SHA-256 | 26a19b86cdc70da913e255ba706418064956fb2a4a26fac734130bb4c8255be8
Debian Security Advisory 3436-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3436-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2015-7575
SHA-256 | 518d455c05a4232810a0a0d67aa2dd6c6277e044b181a622a3a6dc374f475a1d
Debian Security Advisory 3441-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3441-1 - David Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2015-8607
SHA-256 | d3e6cffbb9051b2799a54538299a2a6d85ad36aa7ace7d13a2943668eb0cdd57
Debian Security Advisory 3440-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3440-1 - When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit (read and write) arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wildcards, for example.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-5602
SHA-256 | b7fd5c1572210ca6ee5a1990251b1e0e570a22591356acc8311a24238db62710
Red Hat Security Advisory 2016-0017-01
Posted Jan 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0017-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A flaw was discovered in the OpenStack Compute snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False".

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7548, CVE-2015-7713
SHA-256 | c87524e4121b8ea29c3323dbe2d0d5a0524693379899590770532444f937e6a9
GDCM 2.6.0 / 2.6.1 Out-Of-Bounds Read
Posted Jan 11, 2016
Authored by Stelios Tsampas

GDCM versions 2.6.0 and 2.6.1 suffer from an out-of-bounds read due to missing checks. The vulnerability occurs during the decoding of JPEG-LS images when the dimensions of the embedded JPEG-LS image (as specified in the JPEG headers) are smaller than the ones of the selected region (set by gdcm::ImageRegionReader::SetRegion and usually based on DICOM header values).

tags | advisory
advisories | CVE-2015-8397
SHA-256 | 9fe160664c3de2590fc55b8d5d31baa051f09a4bfdb6a7eea28c5c6a6e20f826
GDCM 2.6.0 / 2.6.1 Integer Overflow
Posted Jan 11, 2016
Authored by Stelios Tsampas

GDCM versions 2.6.0 and 2.6.1 suffer from an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2015-8396
SHA-256 | 15fb0069bbd76c1bfaa4bf715f85332c78f0b2abe13e67cdfcb884e3e0e18f9e
OpenBravo Hibernate HQL Injection
Posted Jan 11, 2016
Authored by Sam Ng

OpenBravo Hibernate suffers from a remote HQL injection vulnerability. Vendor has patched this in versions 3.0PR15Q3.4 and 3.0PR15Q4.1.

tags | exploit, remote
SHA-256 | 4ee3486c0e88207818615826532461db051d1cb19335ebe9e65723f346e26283
Dream Gallery 1.0 SQL Injection
Posted Jan 11, 2016
Authored by Felipe Andrian Peixoto

Dream Gallery version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 33ad05d0f2a68f5a2cd399ca877cb6628ebdcb4ad512b5d4857db14b9c45a5ee
Dolibarr 3.8.3 Cross Site Scripting
Posted Jan 11, 2016
Authored by Mickael Dorigny | Site synetis.com

Dolibarr version 3.8.3 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c17ecf80d34e2c761ee7e596af78927c7c4accbc17e3e897ce53a789bd3b1784
WordPress JS External Link Info 1.21 Open Redirect
Posted Jan 11, 2016
Authored by Cloner-47

WordPress JS External Link Info plugin version 1.21 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 4c091c9a01dc64ef1f3a7175b8ed1bee96a8e5b9527c30132cac8464113bb6da
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close