what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-03-30

Metaphor Stagefright Implementation
Posted Mar 30, 2016
Authored by Hanan Be'er | Site north-bit.com

Included in this archive is a whitepaper called Metaphor - A (real) real-life Stagefright exploit. It presents a thorough research on libstagefright and new techniques used to bypass ASLR. This archive also includes the Metaphor exploit that leverages CVE-2015-3864.

tags | exploit
systems | linux
SHA-256 | f07eb4b93d0c5ed4ac3acfdd080168b0c0f2917e15949d5acd7bb6a2f38b1ff7
Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
SHA-256 | 75dc3f56f008a8dff11a4e6782315336b04b08630b92550374fb4ef2d5ccb3a4
MOBOTIX Video Security Cameras Cross Site Request Forgery
Posted Mar 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

The application interface MOBOTIX VMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | 77cbabac557201e3332a96765390bee02b5dc304912c8cf70fa98cb20b8c8fa3
Apache OpenMeetings 3.1.0 Path Traversal
Posted Mar 30, 2016
Authored by Andreas Lindh

Apache OpenMeetings versions 1.9.x through 3.1.0 suffer from a path traversal vulnerability.

tags | exploit
advisories | CVE-2016-0784
SHA-256 | 06155ed4077ed8cf25d3a08079ba858161b87ca4e65b378d5564e026638cbca2
Red Hat Security Advisory 2016-0537-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0537-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
SHA-256 | 4fc3e01f8e5dfd4b5ae11a4fe157e753c7b29481ff68f3accb0ca9e4f7e4447c
Red Hat Security Advisory 2016-0540-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0540-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.2 serves as a replacement for Red Hat JBoss BRMS 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
SHA-256 | 665962cdf4a13cefb40da7085a3dc36d59169021a46e32bf03064620138404c6
Red Hat Security Advisory 2016-0539-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.2 serves as a replacement for Red Hat JBoss BPM Suite 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
SHA-256 | 28fb3ef69702b9d7f3b33434cb18f2b8b3b0d567bda819e727e091164c8cdec9
Cisco Security Advisory 20160330-fp
Posted Mar 30, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
SHA-256 | 7c1df269898accac055dd3aa3405c31b1bbc823d2087744a9891a6ee1a47869d
Nmap Port Scanner 7.12
Posted Mar 30, 2016
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Fixed a file corruption issue in Zenmap. Added new service probes and match lines for OpenVPN on UDP and TCP. NSE related VNC updates including vnc-brute support for TLS security type and negotiating a lower RFB version if the server sends an unknown higher version. NSE update with STARTTLS support added for VNC, NNTP, and LMTP.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | a60a9035349322f1026907d67e4d424dc3011c044a733ff8722df8b50289fbee
CubeCart 6.0.10 CSRF / XSS / SQL Injection
Posted Mar 30, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

CubeCart version 6.0.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 3dca54cdd3a351d32b94d67ca282145aea98405b953947e783751533ae0c5b89
Kamailio 4.3.4 Heap Overflow
Posted Mar 30, 2016
Authored by Stelios Tsampas

Kamailio version 4.3.4 suffers from a heap overflow vulnerability in the SEAS module.

tags | advisory, overflow
advisories | CVE-2016-2385
SHA-256 | 6fedcc73fcc0ae7d95340442033ef8adcad854d21bc18335d02bdf5bb8c4a966
Manage Engine EventLog Analyzer 11.0 Build 11000 Cross Site Scripting
Posted Mar 30, 2016
Authored by Omkar Joshi

Manage Engine EventLog Analyzer version 11.0 build 11000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 825a03cbb015a5b79cbb7eb9f62d92d862768e7e84d9cbd4d1497eb92c26ea12
Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure
Posted Mar 30, 2016
Authored by Kyle Lovett

Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, bypass, info disclosure, file upload
SHA-256 | 92d027b491a0587f69c8ac9a28d8b652868ac013c1ddd4a5765f2af4ee55d67e
Red Hat Security Advisory 2016-0525-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0525-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 49.0.2623.108. Security Fix: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650
SHA-256 | b84a0441abaa6f5e18f265c0a0116a1adc3ce9d569acd59f07223f68664cd525
Debian Security Advisory 3535-1
Posted Mar 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3535-1 - Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-2385
SHA-256 | 3abd622f662beb65b8429da94cac1cb4e6da4e4b72274a49f23a20814382b259
Red Hat Security Advisory 2016-0524-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0524-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
SHA-256 | a0a3545c7b208e9c35d0e08b75464b2db15357ced13f8da28909e968260aa835
Red Hat Security Advisory 2016-0523-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0523-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
SHA-256 | 31843e30bf9328d34f66744ae1945d45f31b90b4abe463911f5a789219adfb93
PayPal Filter Bypass / Malicious Input
Posted Mar 30, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal suffered from a filter bypass vulnerability that allowed for malicious input into email.

tags | exploit, bypass
SHA-256 | fe4d650bbad9b984a3100d0893167bcbde00cf4efdd6e965562337ffd31c3f01
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close