exploit the possibilities
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-02-23

Core FTP Server 1.2 Buffer Overflow
Posted Feb 23, 2016
Authored by INSECT.B

Core FTP Server version 1.2 buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 6c9e003125e6fe84ce006abc7a63f8bd
Android Calling Getpidcon Gets Wrong Security Context
Posted Feb 23, 2016
Authored by Google Security Research, forshaw

The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass.

tags | advisory
systems | linux
MD5 | 6ce23a75db73489ee0a2ef4120537678
Wireshark Dissect_oml_attrs Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | 5bd01744aa3c85269671bbea4dac3807
Wireshark Add_ff_vht_compressed_beamforming_report Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | b365fc1006371bd05f84e480a62218d1
Wireshark Dissect_ber_set Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | 5e62a35f0e0298e41ea997b642881b3d
Adobe Flash SimpleButton Creation Type Creation
Posted Feb 23, 2016
Authored by Google Security Research, natashenka

There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created in the Button class, and it not of type Button, type confusion can occur.

tags | exploit
systems | linux
advisories | CVE-2015-8644
MD5 | 8c9e852b02901acb24dcb226b8b2ab39
Red Hat Security Advisory 2016-0286-01
Posted Feb 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0286-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.116, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1629
MD5 | 6cf1f37b53dc769c668fa795174bf24b
libquicktime 1.2.4 Integer Overflow
Posted Feb 23, 2016
Authored by Marco Romano

libquicktime version 1.2.4 suffers from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2016-2399
MD5 | c29b687e6f50b986a7c9fd38c301bb43
OpenCms 9.5.2 Cross Site Scripting
Posted Feb 23, 2016
Authored by Rainer Boie

OpenCms version 9.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a6af34fe7a22b91166ac0237d8daca26
Ubiquiti Networks airCRM Cross Site Scripting
Posted Feb 23, 2016
Authored by Milan A Solanki | Site vulnerability-lab.com

Ubiquiti Networks airCRM suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4c6d09e4257016ad7a397f9814e8a20e
InstantCoder 1.0 Local File Inclusion / Directory Traversal
Posted Feb 23, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

InstantCoder version 1.0 suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 02ed4367eb9b35988a1d904d964f6307
Apache Tomcat Security Manager Bypass
Posted Feb 23, 2016
Authored by Mark Thomas | Site tomcat.apache.org

ResourceLinkFactory.setGlobalContext() is a public method and was accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. Apache Tomcat versions 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 through 9.0.0.M2 are affected.

tags | advisory, web
advisories | CVE-2016-0763
MD5 | 112e004efaeced2fb60845b506cae23d
Prezi Cross Site Scripting
Posted Feb 23, 2016
Authored by Milan A Solanki | Site vulnerability-lab.com

Prezi suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3c205be0076be04a1b9238ffdefc6a8
Apache Tomcat Directory Disclosure
Posted Feb 23, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was therefore possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.65, and 8.0.0.RC1 through 8.0.29.

tags | advisory, web, root
advisories | CVE-2015-5345
MD5 | 417be5a08eca0d569330765e7eec5d08
Debian Security Advisory 3486-1
Posted Feb 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3486-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627, CVE-2016-1628, CVE-2016-1629
MD5 | 25a9360fc46690123b78fe9095a2af2c
HP Security Bulletin HPSBHF03544 1
Posted Feb 23, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03544 1 - Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-3143, CVE-2015-3148
MD5 | 56eb018c4dbe9834f7aed0b9ce25898a
Debian Security Advisory 3485-1
Posted Feb 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3485-1 - Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

tags | advisory
systems | linux, debian
advisories | CVE-2013-7448
MD5 | 3449087360022d1b36c806f8fc391f81
Ubuntu Security Notice USN-2911-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2911-1 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7550
MD5 | 608e2a9d874cd41029747fa0eacd2ea5
Ubuntu Security Notice USN-2911-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2911-2 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7550
MD5 | 0407e24fcba9d10b553a34ebaaf8e2e0
Ubuntu Security Notice USN-2909-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | c3d900dc55125d606c8ada34c35b315d
Ubuntu Security Notice USN-2910-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 5ed676fa5fe812b5a94013b6252bcc09
Ubuntu Security Notice USN-2908-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 2d7c7ee60e1a7d19a52efbf09b6c634a
Ubuntu Security Notice USN-2908-3
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-3 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 5680672e83a8e72b5207ee657a22e029
Ubuntu Security Notice USN-2908-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | d5d7f2d06c1fbed5492bd96a66c1e041
Ubuntu Security Notice USN-2907-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 798142f94f449f05b15e2d12b69f7543
Page 1 of 2
Back12Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close