what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-03-07

ATutor LMS 2.2.1 CSRF Remote Code Execution
Posted Mar 7, 2016
Authored by mr_me

ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.

tags | exploit, remote, php, code execution, csrf
advisories | CVE-2016-2539
SHA-256 | a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001
EMC Documentum xCP 2.1 / 2.2 Information Disclosure
Posted Mar 7, 2016
Site emc.com

EMC Documentum xCP allows authenticated non-admin users to view information about other users.

tags | advisory
advisories | CVE-2016-0886
SHA-256 | d204ecebd693cb7dc0af19bead0d1f1d091bff3be94a465a248c655202283b24
Mandos Encrypted File System Unattended Reboot Utility 1.7.4
Posted Mar 7, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Compilation tweak for GCC 4.9 on mips, mipsel, and s390x. Added error handling for configure_networking. Added extra security restrictions in systemd service file.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 388ffb0d7e4b971f73e32f060de1274f92ef20326f4b8bfba8af268be8ea1e0c
AIEngine 1.4
Posted Mar 7, 2016
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Added support for Java Language, RegexManagers on IPSet, and for network forensics on real time. Enabled rejecting for StackLanIPv6. Various other updates and fixes.
tags | tool
systems | unix
SHA-256 | b1fb6eff0e49ee672a8fcbba6da66b2b56b917d74c66909872a528753070ddb1
Ubuntu Security Notice USN-2915-3
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-3 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 8586794c9845209ae592e937ccc373ca4df735b81aa0e813802d3d4267969fd5
WordPress SP Projects And Document Manager 2.5.9.6 XSS / SQL Injection
Posted Mar 7, 2016
Authored by Michael Helwig

WordPress SP Projects and Document Manager plugin version 2.5.9.6 suffers from code execution, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, sql injection, file upload
SHA-256 | 75e1fa334e9af6f61114b52bf47a241a442419c6a9bfdca517ecb622eb11c479
Red Hat Security Advisory 2016-0358-01
Posted Mar 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0358-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-0757
SHA-256 | 4ef90c45af8aab162bdef1825d225307bca654e129481f197b0dd3041908c49a
Gentoo Linux Security Advisory 201603-02
Posted Mar 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-2 - OSC is vulnerable to the remote execution of arbitrary code. Versions less than 0.152.0 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2015-0778
SHA-256 | 2f95cc19f4194671cc2e95e4ffd224c049e39ff8715c37ceba23033512b39045
Gentoo Linux Security Advisory 201603-01
Posted Mar 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-1 - GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service. Versions less than 2.8.0 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4245
SHA-256 | 2d937b6ac357f3db2174623be462148d061d7a88daeede1c70456a45ef12569f
Ubuntu Security Notice USN-2921-1
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-6270, CVE-2016-2571
SHA-256 | f84a712b7c12a4726bf1d75a8afc8c6d4f1498171252c77c3fa8930e91956d57
Ubuntu Security Notice USN-2915-2
Posted Mar 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-2 - USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 934e0831f012dc4a73f5c187aa3304a84cc43ea7c0219724406b5567359fb26a
Debian Security Advisory 3508-1
Posted Mar 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3508-1 - Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-1577, CVE-2016-2089, CVE-2016-2116
SHA-256 | d72cd025ee8c1eebbea9a16ad7bf25444a0bbf771cc91a3c358473b215021d7c
Debian Security Advisory 3507-1
Posted Mar 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3507-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-8126, CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642
SHA-256 | d43c9bf4f0b9ec302e70ab07d62a1c9aca98d089c0dffc06400b3bafb689ed34
Red Hat Security Advisory 2016-0359-01
Posted Mar 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0359-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 49.0.2623.75, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642
SHA-256 | 621f9498a76216a5b979a7ccbd6b3deadcb0773b1f6d38fd7454125fa5877ce8
Wireshark Wtap_optionblock_free Use-After-Free
Posted Mar 7, 2016
Authored by Google Security Research, mjurczyk

A crash was discovered due to a use-after-free condition that can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
SHA-256 | 525502296b8244692bc3110a6323103f8e1f5f973df4862e4d19079d8ecd17e8
Win32 x86 Reverse Shell In Assembly
Posted Mar 7, 2016
Authored by Andrea Sindoni

This is a simple reverse shell written in assembly for remote command execution on win32.

tags | remote, shell, shellcode
systems | windows
SHA-256 | 896d5235c9827973cc96df4bfde3554d14494a09f77c947ad44f5ed8f639a7a6
ClamWin 0.99 DLL Hijacking
Posted Mar 7, 2016
Authored by Stefan Kanthak

ClamWin version 0.99 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | b2be3253bb37ef5ad3a81cc596f0eb316ab73089f786a5ac15cca8b8d5244edb
Malwarebytes 2.2.0.1024 DLL Hijacking
Posted Mar 7, 2016
Authored by Stefan Kanthak

Malwarebytes setup installer for version 2.2.0.1024 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 4c68ab7be17dc69d5fc7d842b67e3ba92a96d4a9d648dc198085ce4cde220967
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close