what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2016-02-11

Red Hat Security Advisory 2016-0166-01
Posted Feb 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
SHA-256 | 1816680b824050a758e4c30a63694622b5b24615d87e93c7e7e7ce02de19fcfc
Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder
Posted Feb 11, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.

tags | exploit, java, arbitrary, code execution
SHA-256 | bc2803c96e427d6a6087d645f5637137806ef1a34c69fd155cd263fa3d0bee12
Cisco Security Advisory 20160210-asa-ike
Posted Feb 11, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

tags | advisory, remote, overflow, arbitrary, udp
systems | cisco
SHA-256 | b39dc515a9918053d756c99939d54b8d713da1f97c251287ddcae2d2b507a879
Exponent 2.3.7 PHP Code Execution
Posted Feb 11, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Exponent version 2.3.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-2242
SHA-256 | c860521e13cb68a7d5e2065b83c714419c3402786742f17f19e96a31700e22cc
Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF
Posted Feb 11, 2016
Authored by P. Morimoto | Site sec-consult.com

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file upload
advisories | CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570, CVE-2015-7571, CVE-2015-7572
SHA-256 | 03e6c9d482ae673cb0b908755a1f9f71b4985c832a6f00acd3a78b5606fbb2e1
File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal
Posted Feb 11, 2016
Authored by Jerold Hoong

File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | f7ed220cd1cf701a880107cde599b7c67a2969d8d7a322189e68685fa78dfc62
PivotX CMS 2.3.10 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 11, 2016
Authored by Ehsan Hosseini

PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | e1c1089223f4dd178980e8fdafd9c94f706acb389ba257a206a517387c37ecf5
Mihalism Multi Host 5.0.3 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 11, 2016
Authored by Ehsan Hosseini

Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 07f7ebf8f74c09bb0ac83c04c0164bd294ed6ea10b79947d7803772b8a3feb22
ManageEngine EventLog Analyzer 10.8 Privilege Escalation
Posted Feb 11, 2016
Authored by Nicholas Lehman

ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 0c60a233b11ee96db98238be0dc6eb3999f1ad52bf65bc6a1b30831a5bed3de2
Node.js HTTP Response Splitting
Posted Feb 11, 2016
Authored by Amit Klein

Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.

tags | exploit, web
advisories | CVE-2016-2216
SHA-256 | 4f718c9b8672df70ac27014b0f740610b9cdf5c24f5679eba0497c68bcbe2612
EMC Documentum xCP XXE Injection / DQL Injection
Posted Feb 11, 2016
Site emc.com

EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.

tags | advisory, vulnerability
advisories | CVE-2016-0881, CVE-2016-0882
SHA-256 | 20de6bd9297ddd8a1fb42d72cb5fb400141a8b891a25ad8d400b3196582d67fb
Sophos UTM 9 Cross Site Scripting
Posted Feb 11, 2016
Authored by Mike Lisi

Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-2046
SHA-256 | 4bbb67e3c1104c55b9411087392ea4ec3ac1ff5d5df3b757354cee344210a31d
ASUS Router Administrative Interface Exposure
Posted Feb 11, 2016
Authored by David Longenecker

ASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.

tags | advisory, web
SHA-256 | acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7
Servision HVG Hardcoded Credentials
Posted Feb 11, 2016
Authored by Richard Tafoya

Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.

tags | exploit
SHA-256 | 6d99c0ab96d627084eb77a8ada62536fc9cdfb024d00cd992c46f7b2be77198f
D-Link DSL-2750B Remote Command Execution
Posted Feb 11, 2016
Authored by p

D-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | c531b27d0dbe64804e2588a1796bd7c1c0844a6c84a1427541b9fe1efa394843
Apache Sling Framework 2.3.6 Information Disclosure
Posted Feb 11, 2016
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-0956
SHA-256 | 94ead438d14486e4610edf5583b16d8111dc04148dab800db53d7b3378f9119c
MapsUpdateTask Task DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2016-0041
SHA-256 | 2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2
BDA MPEG2 Transport Information Filter DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2016-0041
SHA-256 | 46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7c
MyScript Memo 3.0 Persistent Script Insertion
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

MyScript Memo version 3.0 suffers from a persistent script insertion vulnerability.

tags | exploit
SHA-256 | 2cc54638497f02d18063a7ea37719d4d396f9b9e24a068450adf0e41638e12ab
File Sharing Manager 1.0 Local File Inclusion / File Upload
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
SHA-256 | 1e932ad37235e084cec291c443559f1618596e9e4aeb99495070e23c3b922ea6
NPS Datastore Server DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2016-0041
SHA-256 | 1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6e
Getdpd Cross Site Scripting
Posted Feb 11, 2016
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Getdpd suffers from cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 743c05bc874ab2ab3394ae6cb221070190c55cd7c5826e809e6fd6b0238efbdc
Deepin 15 lastore-daemon Privilege Escalation
Posted Feb 11, 2016
Authored by King's Way

Deepin 15 suffers from a lastore-daemon privilege escalation vulnerability.

tags | exploit
SHA-256 | f61b80686c02876b5b74515d28d5cf5c64d30582c5d37d244e26872bce0c499b
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close