exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2016-02-11

Red Hat Security Advisory 2016-0166-01
Posted Feb 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
MD5 | 88ab7b3b4102bd8accdcfdf4cfa93f6c
Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder
Posted Feb 11, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wieland wieplan version 4.1 suffers from an arbitrary java code execution when parsing WIE documents that uses XMLDecoder, allowing system access to the affected machine. The software is used to generate custom specification order saved in .wie XML file that has to be sent to the vendor offices to be processed.

tags | exploit, java, arbitrary, code execution
MD5 | e786bb378c57d5b456d3ece1834c4da6
Cisco Security Advisory 20160210-asa-ike
Posted Feb 11, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

tags | advisory, remote, overflow, arbitrary, udp
systems | cisco
MD5 | c3c2db6ca599bd3ddeed4362da3c3e1f
Exponent 2.3.7 PHP Code Execution
Posted Feb 11, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Exponent version 2.3.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-2242
MD5 | 06282dadbf528761a212ebba8de2a28d
Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF
Posted Feb 11, 2016
Authored by P. Morimoto | Site sec-consult.com

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file upload
advisories | CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570, CVE-2015-7571, CVE-2015-7572
MD5 | 52c426706da7c84f5ccd2b0fd6939d01
File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal
Posted Feb 11, 2016
Authored by Jerold Hoong

File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | ea479a9db0f43f7d678bf4a3c112e551
PivotX CMS 2.3.10 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 11, 2016
Authored by Ehsan Hosseini

PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 599daddbca4b64bcc49cadb1e5e997aa
Mihalism Multi Host 5.0.3 Cross Site Request Forgery / Cross Site Scripting
Posted Feb 11, 2016
Authored by Ehsan Hosseini

Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b8569a8549aa92d5ba4b7abf0c625fce
ManageEngine EventLog Analyzer 10.8 Privilege Escalation
Posted Feb 11, 2016
Authored by Nicholas Lehman

ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 20207216cc899c503992ce4102dbceed
Node.js HTTP Response Splitting
Posted Feb 11, 2016
Authored by Amit Klein

Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.

tags | exploit, web
advisories | CVE-2016-2216
MD5 | b4347de1f70a4ee9859e0a6f8dcd08bd
EMC Documentum xCP XXE Injection / DQL Injection
Posted Feb 11, 2016
Site emc.com

EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.

tags | advisory, vulnerability
advisories | CVE-2016-0881, CVE-2016-0882
MD5 | 83549d0a3264410db77907b3175b6724
Sophos UTM 9 Cross Site Scripting
Posted Feb 11, 2016
Authored by Mike Lisi

Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-2046
MD5 | 0170a588f886d71b8871fad6e8f2547d
ASUS Router Administrative Interface Exposure
Posted Feb 11, 2016
Authored by David Longenecker

ASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.

tags | advisory, web
MD5 | 00e62587a24303e07531652cea981350
Servision HVG Hardcoded Credentials
Posted Feb 11, 2016
Authored by Richard Tafoya

Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.

tags | exploit
MD5 | 3dfc8a8b9c01fc309e22e68f6ff1f6ea
D-Link DSL-2750B Remote Command Execution
Posted Feb 11, 2016
Authored by p

D-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 917680b66d32b46ee7b9a6ddc3564888
Apache Sling Framework 2.3.6 Information Disclosure
Posted Feb 11, 2016
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-0956
MD5 | d90c1f5b5923a024fe37e8e7b021bcef
MapsUpdateTask Task DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2016-0041
MD5 | 632b9c6f9b607be841c941291563eda9
BDA MPEG2 Transport Information Filter DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows, vista
advisories | CVE-2016-0041
MD5 | 03d0994a8891ad04f91944e661be197c
MyScript Memo 3.0 Persistent Script Insertion
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

MyScript Memo version 3.0 suffers from a persistent script insertion vulnerability.

tags | exploit
MD5 | 00f071b38af03dfdd378125b05430227
File Sharing Manager 1.0 Local File Inclusion / File Upload
Posted Feb 11, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Sharing Manager version 1.0 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | eaedfd5785c0a9dfda966f034d006a98
NPS Datastore Server DLL Hijacking
Posted Feb 11, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows, vista
advisories | CVE-2016-0041
MD5 | 170d90f9095d8cc1c7d35ab9cd4b5937
Getdpd Cross Site Scripting
Posted Feb 11, 2016
Authored by Hadji Samir | Site vulnerability-lab.com

Getdpd suffers from cross site scripting vulnerability.

tags | exploit, xss
MD5 | 06e30923894b1f9e230681c5eb77e0d5
Deepin 15 lastore-daemon Privilege Escalation
Posted Feb 11, 2016
Authored by King's Way

Deepin 15 suffers from a lastore-daemon privilege escalation vulnerability.

tags | exploit
MD5 | da48a83086ca33a3ce89cb7d05f7902d
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    15 Files
  • 21
    Feb 21st
    17 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close