accept no compromises
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-03-07

ATutor LMS 2.2.1 CSRF Remote Code Execution
Posted Mar 7, 2016
Authored by mr_me

ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.

tags | exploit, remote, php, code execution, csrf
advisories | CVE-2016-2539
MD5 | 5517b308f0dc455ea67cc292718ea182
EMC Documentum xCP 2.1 / 2.2 Information Disclosure
Posted Mar 7, 2016
Site emc.com

EMC Documentum xCP allows authenticated non-admin users to view information about other users.

tags | advisory
advisories | CVE-2016-0886
MD5 | d84a9d1758678deedf18aba01a6f883f
Mandos Encrypted File System Unattended Reboot Utility 1.7.4
Posted Mar 7, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Compilation tweak for GCC 4.9 on mips, mipsel, and s390x. Added error handling for configure_networking. Added extra security restrictions in systemd service file.
tags | tool, remote, root
systems | linux, unix
MD5 | 1170e24b27af6f6a2e4b1cfecb7e1761
AIEngine 1.4
Posted Mar 7, 2016
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Added support for Java Language, RegexManagers on IPSet, and for network forensics on real time. Enabled rejecting for StackLanIPv6. Various other updates and fixes.
tags | tool
systems | unix
MD5 | a97304979ae12ee6c05c8a6cb875d117
Ubuntu Security Notice USN-2915-3
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-3 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | e1d5e9d0a0d3989fd32d0ba711747df5
WordPress SP Projects And Document Manager 2.5.9.6 XSS / SQL Injection
Posted Mar 7, 2016
Authored by Michael Helwig

WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, sql injection, file upload
MD5 | f0ee8e78d641daa37faf343aa8631f66
Red Hat Security Advisory 2016-0358-01
Posted Mar 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0358-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-0757
MD5 | aa455463dbc9ef6c17ba9eb4371b0160
Gentoo Linux Security Advisory 201603-02
Posted Mar 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-2 - OSC is vulnerable to the remote execution of arbitrary code. Versions less than 0.152.0 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2015-0778
MD5 | 6277b06abfbf259cb8e96ea8915dc649
Gentoo Linux Security Advisory 201603-01
Posted Mar 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-1 - GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service. Versions less than 2.8.0 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4245
MD5 | 0fa4d0eb8e74a9ee78089178d6a551a5
Ubuntu Security Notice USN-2921-1
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6270, CVE-2016-2571
MD5 | 2c51fe6009c9d7f7a1b2228a743fad3e
Ubuntu Security Notice USN-2915-2
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-2 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 2d429d69795c3784fb84392cbee2d691
Debian Security Advisory 3508-1
Posted Mar 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3508-1 - Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-1577, CVE-2016-2089, CVE-2016-2116
MD5 | 381667af4b7fce21b5df6c8fed08a3fe
Debian Security Advisory 3507-1
Posted Mar 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3507-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-8126, CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642
MD5 | aed71b4335e03c94381072424db20f72
Red Hat Security Advisory 2016-0359-01
Posted Mar 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0359-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.75, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642
MD5 | f21eaad3f24bea6c9e0ce0f3af50a692
Wireshark Wtap_optionblock_free Use-After-Free
Posted Mar 7, 2016
Authored by Google Security Research, mjurczyk

A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | 0fe2f06291109a599b9dede95f3e6663
Win32 x86 Reverse Shell In Assembly
Posted Mar 7, 2016
Authored by Andrea Sindoni

This is a simple reverse shell written in assembly for remote command execution on win32.

tags | remote, shell, shellcode
systems | windows
MD5 | 481dd9c88ee519582c60b54e7f9739f2
ClamWin 0.99 DLL Hijacking
Posted Mar 7, 2016
Authored by Stefan Kanthak

ClamWin version 0.99 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 06eb64b45675cd8a61802e37e8f95dd9
Malwarebytes 2.2.0.1024 DLL Hijacking
Posted Mar 7, 2016
Authored by Stefan Kanthak

Malwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 083123885250862107321a21976b41ce
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close