Exploit the possiblities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-03-09

Mandos Encrypted File System Unattended Reboot Utility 1.7.5
Posted Mar 9, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Fixed security restrictions in systemd service file. Time out bug work around added.
tags | tool, remote, root
systems | linux, unix
MD5 | 7e7bb801eebc13c40c8ca6ad978b033d
Ubuntu Security Notice USN-2917-1
Posted Mar 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2917-1 - Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796
MD5 | 892771685c78184c12e68a226acb80be
Linux digi_acceleport Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the digi_acceleport driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3140
MD5 | 9cdf35a95d56ced38d25e151081da7f4
Linux wacom Multiple Null Pointer Dereferences
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of buggy USB device requiring the wacom driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3139
MD5 | 5b43a189a2fa90148d43f6f962bf532d
Linux visor (treo_attach) Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (treo_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-2782
MD5 | b112c06d7c2eee498008fcff318bf3ba
Linux visor clie_5_attach Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the visor (clie_5_attach) driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2015-7566
MD5 | 1914903b6936f47d8d033075d3b2d29d
Linux mct_u232 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the mct_u232_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3136
MD5 | 047af0daefa42f9ac51748a320c68285
Linux cypress_m8 Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device which requires the requiring the cypress_m8 driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3137
MD5 | 2fef15df37ed914caeafb51f9846bd67
Linux cdc_acm Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the cdc_acm driver.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-3138
MD5 | 2e7fe80ddf09cc6544f1121e0f96b67c
Linux aiptek Null Pointer Dereference
Posted Mar 9, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes when presented a buggy USB device using the aiptek driver.

tags | exploit, kernel
systems | linux
MD5 | 1edaffdd5b3540c339f550aa389d918a
WordPress Project Theme 2.0.95 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 9, 2016
Authored by Tim Herres | Site lsexperts.de

WordPress Project Theme version 2.0.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 88524efae1b529042bf918b07f93d24e
Thomson Router TWG850-4U XSS / CSRF / Unauthenticated Access
Posted Mar 9, 2016
Authored by Sebastian Perez

Thomson router model TWG850-4U suffers from cross site scripting, cross site request forgery, and access bypass vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | aa9a483d00ba87e5423ce7ee75a0ae49
WordPress WP Advanced Comment 0.10 Persistent Cross Site Scripting
Posted Mar 9, 2016
Authored by Mohammad Khaleghi

WordPress WP Advanced Comment plugin version 0.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 677e216bb9bcd70c82d6699a51073fa4
Red Hat Security Advisory 2016-0373-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0373-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
MD5 | b8c6b262e2cb1b380c13e00e237a0398
Red Hat Security Advisory 2016-0371-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-1950
MD5 | f855d3fdd3c2a09db33de8fa90c74421
Red Hat Security Advisory 2016-0372-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0372-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | ea2cda3bb25f4c9d5818c05080ce01d2
Red Hat Security Advisory 2016-0370-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0370-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-1950
MD5 | 5ca1dfa8e2256bb9159f3c16a546c0d9
Red Hat Security Advisory 2016-0368-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0368-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-9649, CVE-2014-9650
MD5 | 8f458d5ab901902d2716ff27cac84e4a
Red Hat Security Advisory 2016-0367-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0367-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-9649, CVE-2014-9650
MD5 | 7bf31c37af3ff42d9019d22250b7014b
Gentoo Linux Security Advisory 201603-03
Posted Mar 9, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-3 - Multiple vulnerabilities have been found in Roundcube allowing remote authenticated users to execute arbitrary code, inject arbitrary web scripts, and perform cross-site scripting (XSS). Versions less than 1.1.4 are affected.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, gentoo
MD5 | deb195b49d3b4c1a58f815e7f874d018
Red Hat Security Advisory 2016-0369-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0369-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the URL. A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2014-9649, CVE-2014-9650
MD5 | c0d6e2f48b04669cfe8ffd971b234d85
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close