Exploit the possiblities
Showing 1 - 25 of 483 RSS Feed

Files Date: 2016-03-01 to 2016-03-31

Metaphor Stagefright Implementation
Posted Mar 30, 2016
Authored by Hanan Be'er | Site north-bit.com

Included in this archive is a whitepaper called Metaphor - A (real) real-life Stagefright exploit. It presents a thorough research on libstagefright and new techniques used to bypass ASLR. This archive also includes the Metaphor exploit that leverages CVE-2015-3864.

tags | exploit
systems | linux
MD5 | bbefd3e3677a36a22e3be17f5276aa90
Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
MD5 | 3c5a29ece12ebdfba29f33d2077a59cd
MOBOTIX Video Security Cameras Cross Site Request Forgery
Posted Mar 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

The application interface MOBOTIX VMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | b12d89b94fa1f53c222f083dea77526c
Apache OpenMeetings 3.1.0 Path Traversal
Posted Mar 30, 2016
Authored by Andreas Lindh

Apache OpenMeetings versions 1.9.x through 3.1.0 suffer from a path traversal vulnerability.

tags | exploit
advisories | CVE-2016-0784
MD5 | 9adc5351b3d0168fea1cdddf1be93527
Red Hat Security Advisory 2016-0537-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0537-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
MD5 | caf2773d281e3364806f74a2799d7bbc
Red Hat Security Advisory 2016-0540-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0540-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.2 serves as a replacement for Red Hat JBoss BRMS 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
MD5 | f2dc4bca3037500239a1bc5e582add50
Red Hat Security Advisory 2016-0539-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.2 serves as a replacement for Red Hat JBoss BPM Suite 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
MD5 | d90a95192eb0b78501306eb54a12397e
Cisco Security Advisory 20160330-fp
Posted Mar 30, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | cbe6828486abd044f7e9313e9b285253
Nmap Port Scanner 7.12
Posted Mar 30, 2016
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Fixed a file corruption issue in Zenmap. Added new service probes and match lines for OpenVPN on UDP and TCP. NSE related VNC updates including vnc-brute support for TLS security type and negotiating a lower RFB version if the server sends an unknown higher version. NSE update with STARTTLS support added for VNC, NNTP, and LMTP.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
MD5 | 899aafdb24b202655f1fe79df42e0fc8
CubeCart 6.0.10 CSRF / XSS / SQL Injection
Posted Mar 30, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

CubeCart version 6.0.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | c0a53759e447c5ec0c2b9f8895bf8ea2
Kamailio 4.3.4 Heap Overflow
Posted Mar 30, 2016
Authored by Stelios Tsampas

Kamailio version 4.3.4 suffers from a heap overflow vulnerability in the SEAS module.

tags | advisory, overflow
advisories | CVE-2016-2385
MD5 | 093fb1bf7e6b9c261e7b506c430da603
Manage Engine EventLog Analyzer 11.0 Build 11000 Cross Site Scripting
Posted Mar 30, 2016
Authored by Omkar Joshi

Manage Engine EventLog Analyzer version 11.0 build 11000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c528b0a62ec559f3b4e0efcd26975b34
Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure
Posted Mar 30, 2016
Authored by Kyle Lovett

Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, bypass, info disclosure, file upload
MD5 | 9d781120ac3ccba338e1aeb6ce565e1c
Red Hat Security Advisory 2016-0525-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0525-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 49.0.2623.108. Security Fix: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650
MD5 | 51a4688c7ddc3766d95cd46c61a5a2d7
Debian Security Advisory 3535-1
Posted Mar 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3535-1 - Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy which might result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-2385
MD5 | 9c3d19a05634b69fbf6d1245c1bbbe36
Red Hat Security Advisory 2016-0524-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0524-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
MD5 | 98b52739fd709c187a0437f27e9e117f
Red Hat Security Advisory 2016-0523-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0523-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2074
MD5 | 60b996b8848aa868447398ce77e070f9
PayPal Filter Bypass / Malicious Input
Posted Mar 30, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal suffered from a filter bypass vulnerability that allowed for malicious input into email.

tags | exploit, bypass
MD5 | 81ab73dc8a10d5e1e09860069b2c018f
ATutor 2.2.1 Directory Traversal / Remote Code Execution
Posted Mar 29, 2016
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.

tags | exploit, remote, web, php, vulnerability
MD5 | 00a5594318bf17caf806ec9ee8117179
HP Security Bulletin HPSBGN03444 2
Posted Mar 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03444 2 - Potential vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could allow remote code execution and disclosure of sensitive information. Revision 2 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2016-1988, CVE-2016-1989
MD5 | 47d3b35656c2d406d892ac28203b8097
Debian Security Advisory 3534-1
Posted Mar 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3534-1 - Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-6698, CVE-2012-6699, CVE-2012-6700
MD5 | eeecd282d30663f77ab367bfc8cecbeb
Ubuntu Security Notice USN-2943-1
Posted Mar 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2943-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9769, CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395, CVE-2016-1283, CVE-2016-3191
MD5 | fbd3b35e5c2cb6aa570e6b56ca4e42d5
TrendMicro Remote Debugger Stub Listening
Posted Mar 29, 2016
Authored by Tavis Ormandy, Google Security Research

There is a remote debugger stub listening by default on a new install of TrendMicro Antivirus that can be exploited to launch executables.

tags | exploit, remote
systems | linux
MD5 | 3a82147869e7986bb0baa6525fd4f499
Debian Security Advisory 3533-1
Posted Mar 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3533-1 - Kashyap Thimmaraju and Bhargava Shastry discovered a remotely triggerable buffer overflow vulnerability in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-2074
MD5 | bc8a28807823c1f9a06a4c501812a3f2
Manage Engine Desktop Central 9.1.0 Build 91099 XSS
Posted Mar 29, 2016
Authored by Omkar Joshi

Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 20db165f7c357caa3bdcc229046b6b62
Page 1 of 20
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close