exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2016-02-25

Debian Security Advisory 3491-1
Posted Feb 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1523, CVE-2016-1930, CVE-2016-1935
MD5 | 330ee8fe28dcf54c8c2c5874ba900aa3
Apache Xerces-C XML Parser Buffer Overflow
Posted Feb 25, 2016
Authored by Gustavo Grieco

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.

tags | advisory, remote, denial of service, overflow, code execution
advisories | CVE-2016-0729
MD5 | 95b957a31bb8598747cd1d57b0e36f7b
Open Web Analytics 1.5.7 Cross Site Scripting
Posted Feb 25, 2016
Authored by 1N3

Open Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 45bac3d5fb9537f0cbd268c334777d4b
IP-Array IPTables Firewall Script 1.1.0
Posted Feb 25, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: ipset sets can now be defined in xml. Besides creating sets and adding elements, whole sets can be imported from a file saved in ipset xml output format and elements can be imported from a regular file. This new features also have been built into the interactive mode, allowing the set manipulations to be done in a wizard based manner. The interactive mode and the xml parser have been improved. Minor other tweaks have been done. Some documentation bugs were fixed.
tags | tool
systems | linux, unix
MD5 | 1f910dc0d25deb2f7bd14ada1ff84f9b
JSN PowerAdmin 2.3.0 Code Exection / CSRF / XSS
Posted Feb 25, 2016
Authored by RatioSec Research

JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
MD5 | 0738d3a44209c401de2bb97dd315099f
WordPress User Submitted Posts 20151113 Cross Site Scripting
Posted Feb 25, 2016
Authored by Panagiotis Vagenas

WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ba780ecc5b2e194667d2507d7336287b
Magento 1.9.2.2 RSS Feed Information Disclosure
Posted Feb 25, 2016
Authored by EgiX

Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.

tags | exploit, info disclosure
advisories | CVE-2016-2212
MD5 | 72ef98d834f769976ae3af136b7e032f
Linux io_submit L2TP Sendmsg Integer Overflow
Posted Feb 25, 2016
Authored by Google Security Research, hawkes

In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.

tags | exploit, overflow, kernel, local
systems | linux
MD5 | baa8ce9b45b1f1852ce12173de5c6701
Wireshark Vwr_read_s2_s3_W_rec Heap-Based Buffer Overflow
Posted Feb 25, 2016
Authored by Google Security Research, mjurczyk

A crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit, overflow
systems | linux
MD5 | 2a8aa406b157deb56d8fdeee624aad5c
Ubiquiti Networks UniFi 3.2.10 Cross Site Request Forgery
Posted Feb 25, 2016
Authored by Julien Ahrens

Ubiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | feacedbdd6e190261848193e551b9695
ManageEngine Firewall Analyzer 8.5 SP-5.0 Cross Site Scripting
Posted Feb 25, 2016
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f262697d9bea4bdef54e39a137072edd
GTA Firewall GB-OS 6.2.02 Script Insertion
Posted Feb 25, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

GTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.

tags | exploit, local
MD5 | 8e0bf5e50e24d47619c3e9d19dfc7fc4
Ubuntu Security Notice USN-2903-2
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1938
MD5 | 1f3b0079ab0bc9720a464d4ef485e689
Ubuntu Security Notice USN-2912-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-3146, CVE-2016-0739
MD5 | 86103931b74c7c83665bf453d0731365
Debian Security Advisory 3490-1
Posted Feb 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3490-1 - Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.

tags | advisory, remote, web, xss
systems | linux, debian
advisories | CVE-2016-2511
MD5 | f26d1ef9d3d1dbd6556f7bd9b8064480
Ubuntu Security Notice USN-2913-3
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-3 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | fc771648c73b3f6fa76a51083448f54c
eFront Learning CMS 3.6.15.6 Cross Site Scripting
Posted Feb 25, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.

tags | exploit, xss
MD5 | 8a2eed6ef70e4bb0ba94db5b9588c245
eFront Learning CMS 3.6.15.6 Cross Site Scripting
Posted Feb 25, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.

tags | exploit, xss
MD5 | d2f23c9bae8131671f4015318e05e96d
Ubuntu Security Notice USN-2913-2
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-2 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | bfcf9912a9b62c8c3ae0655f300bceb1
Ubuntu Security Notice USN-2913-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.

tags | advisory
systems | linux, ubuntu
MD5 | 98f06e2fc9a9ba4ce82553ba33405c61
Ubuntu Security Notice USN-2913-4
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2913-4 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | 18f8d348663e85582dc4578b3f4c2913
Slackware Security Advisory - ntp Updates
Posted Feb 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-5300, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
MD5 | fcefe73e812ba3898beb2be19f0cc1af
Slackware Security Advisory - libgcrypt Updates
Posted Feb 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3591, CVE-2015-7511
MD5 | 55cff89e11d9d75493db8db796764ea9
Ubuntu Security Notice USN-2905-1
Posted Feb 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2905-1 - A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1629
MD5 | cc3b8cc8d109ef4d674a3a0357bfa340
InstallShield DLL Hijacking
Posted Feb 25, 2016
Authored by Stefan Kanthak

InstallShield suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | cbcc7f114c38518e529c95ba25c3982c
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close