exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-03-11

Red Hat Security Advisory 2016-0438-01
Posted Mar 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
MD5 | fa800c799aaa7a2496eb49680394bbd1
IP-Array IPTables Firewall Script 1.1.2
Posted Mar 11, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: Bugfix - If in interactive mode and the dialog program was used, option lists were truncated.
tags | tool
systems | linux, unix
MD5 | b101c71aacee90ed15851d7e23fab80f
Chrome GPU Process Sandbox Escape
Posted Mar 11, 2016
Authored by Google Security Research, ianbeer

The Chrome GPU process suffers from a sandbox escape vulnerability due to the use of an invalid iterator in its IPC handler.

tags | advisory
systems | linux
advisories | CVE-2016-1642
MD5 | b19f27dd942724a40b8a331bec005ec1
PHP Utility Belt Remote Code Execution
Posted Mar 11, 2016
Authored by Jay Turla, WICS | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

tags | exploit, remote, arbitrary, php, code execution
MD5 | d69780ace51d1d01c4f1ce68e30bc957
SAP Download Manager 2.1.142 Weak Encryption
Posted Mar 11, 2016
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.

tags | exploit, java
MD5 | 229590470a8be1c064d928eb9d902bc6
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
Posted Mar 11, 2016
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

The Samsung SW Update tool version 2.2.5.16 suffers from a man-in-the-middle vulnerability.

tags | exploit
MD5 | 60159a622a73952074ae7f293204a463
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
MD5 | 369b993c622ffb5038ab3ff0a3006afc
IP-Array IPTables Firewall Script 1.1.1
Posted Mar 11, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: The interactive mode has been improved. Mainly the dialog program is now also supported. It is now possible to do the xml parsing selectively by category. Also the iptables arguments can now be shown by category. Two hard and some minor bugs were fixed. Minor other tweaks have been done. Documentation was updated.
tags | tool
systems | linux, unix
MD5 | fabafe05cd915352058bf4f9d337c34a
Microsoft Security Out-Of-Band Bulletin For March, 2016
Posted Mar 11, 2016
Site microsoft.com

This summary lists one bulletin that is added to the March, 2016 Microsoft security bulletin.

tags | advisory
MD5 | c28e7ac0b262bda2e9cd08e8f8076637
libotr 4.1.0 Memory Corruption
Posted Mar 11, 2016
Authored by Markus Vervier

A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2016-2851
MD5 | 755a6a30a93f1774c13c4a8525548fc9
PuTTY / PSCP 0.66 Buffer Overflow
Posted Mar 11, 2016
Authored by oststrom

PuTTY / PSCP versions 0.66 and below suffer from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2016-2563
MD5 | c5b8e728b962930bf0eae0a769870df8
Ubuntu Security Notice USN-2926-1
Posted Mar 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2926-1 - Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2851
MD5 | 281b48c463692f76d0d908eb55853454
Ubuntu Security Notice USN-2920-1
Posted Mar 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2920-1 - It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. It was discovered that the PPB_Flash_MessageLoop_Impl::InternalRun function in Chromium mishandled nested message loops. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-1630, CVE-2016-1631, CVE-2016-1633, CVE-2016-1634, CVE-2016-1636, CVE-2016-1637, CVE-2016-1641, CVE-2016-1642, CVE-2016-1643, CVE-2016-1644, CVE-2016-2843, CVE-2016-2844, CVE-2016-2845
MD5 | 513bd1415107ebd18f27b168e93115f3
Red Hat Security Advisory 2016-0430-01
Posted Mar 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0430-01 - Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-0729
MD5 | be920c199238cbe1c134b05220e1e23b
Linux Netfilter IPT_SO_SET_REPLACE Memory Corruption
Posted Mar 11, 2016
Authored by Google Security Research, hawkes

A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing.

tags | exploit
systems | linux
MD5 | 2bb163d4c99aef67a29bb7b35a88ecb7
GNU Transport Layer Security Library 3.3.22
Posted Mar 11, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.

Changes: Various updates.
tags | protocol, library
MD5 | 7e12ab5a9de0741fac4606c979fd2eb7
Android BnBluetoothGattServer / BnBluetoothGatServerCallback IPC Memory Corruption
Posted Mar 11, 2016
Authored by Google Security Research, forshaw

The SEND_RESPONSE_TRANSACTION and SEND_NOTIFICATION_TRANSACTION IPC calls in BnBluetoothGattServer::onTransact are vulnerable to stack corruption which could allow an attacker to locally elevate privileges to the level of the bluetooth service.

tags | advisory
systems | linux
MD5 | 153772ea89b8a8898aee537986bef494
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close