Exploit the possiblities
Showing 1 - 25 of 452 RSS Feed

Files Date: 2016-02-01 to 2016-02-29

Libxml2 XmlParserPrintFileContextInternal Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | a956ef69b6eec1c1f29c363156850bec
Libxml2 XmlDictAddString Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | 23fc0430ca45db9b403d1ee9087def24
Libxml2 XmlParseEndTag2 Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | 02efc3b1b4986da7c5166e2d64e02944
Coppermine 1.5.40 Weak Cryptography
Posted Feb 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.

tags | exploit
MD5 | 6fa277e88c20784e30161eadab71c9c1
Faraday 1.0.17
Posted Feb 28, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed bug in pip debian. Added support for Mint 17. Various other updates and fixes.
tags | tool, rootkit
systems | unix
MD5 | 50337edcf8fd3eb99bebe4d37a0a5caf
Proxmox VE 3 / 4 XSS / Privilege Escalation / Code Execution
Posted Feb 27, 2016
Authored by Nicolas Chatelain

Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | 7bf79fb1f827a09a146b676a1cc4f9e0
Ubuntu Security Notice USN-2908-5
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-5 - USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | 44f70adacad6e1a82cf0ae5fbdf70a53
Ubuntu Security Notice USN-2909-2
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-2 - USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 1cf78b342906c878c9d7c072a8ead99f
Ubuntu Security Notice USN-2910-2
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-2 - USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
MD5 | 11ae9b71c8bba7139d801079e610e2a9
Gentoo Linux Security Advisory 201602-03
Posted Feb 27, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-3 - Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.2.8.4-r6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696
MD5 | 72088a23dcc230d4fbd97066df4e7147
Ubuntu Security Notice USN-2908-4
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-4 - USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
MD5 | f40420f5e2b4f0bbe668489ac95575e3
Apple Security Advisory 2016-02-25-1
Posted Feb 26, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2012-6685, CVE-2014-0191, CVE-2014-3660, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3759
MD5 | 9ee9ba5f1db7f810bbb124ace07e9da4
WordPress WP Ultimate Exporter 1.0 / 1.1 SQL Injection
Posted Feb 26, 2016
Authored by Henri Salo

WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e0b2a7f7b9a61ae9647b10e3a4aeceea
Centreon 2.5.3 Code Execution
Posted Feb 26, 2016
Authored by Nicolas Chatelain

Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 40b9869aaae9701f0648ec3012fe5f27
Debian Security Advisory 3492-1
Posted Feb 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.

tags | advisory, spoof
systems | linux, debian
advisories | CVE-2015-8688
MD5 | 7f990faefcadc55fd4c0588fa966b7be
Red Hat Security Advisory 2016-0297-01
Posted Feb 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.

tags | advisory
systems | linux, redhat
MD5 | 00e83d49fb0422c61126aab91853b99c
Debian Security Advisory 3493-1
Posted Feb 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-0729
MD5 | 7b64bc56bdfb15859350ad791e96f648
Infor CRM 8.2.0.1136 Cross Site Scripting
Posted Feb 26, 2016
Authored by LiquidWorm | Site zeroscience.mk

Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 74b4a98d4859dcfa47ba7f62afa1bc50
Zimbra 8.0.9 GA Cross Site Request Forgery
Posted Feb 26, 2016
Authored by Damien Cauquil, Anthony Laou-Hine Tsuei

Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c2e1a71f34137aeaee5e6fa5f9557534
HP Security Bulletin HPSBGN03549 1
Posted Feb 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
MD5 | f735bb2272e9e3ec3ef4646dc97d36eb
Htcap Analysis Tool Beta 1.0
Posted Feb 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: Major code rewrite and many features were added.
tags | tool, web, javascript, sniffer, python
MD5 | 09bdd3514bd444e411a87140b8bd28c2
Cygwin DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Cygwin suffers suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 945e53b5cd9a63c5a7567d5da7106823
D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
Posted Feb 26, 2016
Authored by Dominic Chen

Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.

tags | advisory, overflow, vulnerability, info disclosure
advisories | CVE-2016-1555, CVE-2016-1557, CVE-2016-1558, CVE-2016-1559
MD5 | 125fe218a81ccd560b65ee071febb0cd
Google Chrome Cleanup Tool DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Google's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 2f03231c35dc579fb0a013456600b14b
GIMP For Windows DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

GIMP for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 18c41257dcf0401926b3da64a6a1ca33
Page 1 of 19
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close