exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2016-04-04

Easy File Sharing HTTP Server 7.2 SEH Overflow
Posted Apr 4, 2016
Authored by Starwarsfan2099 | Site metasploit.com

This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.

tags | exploit, overflow
SHA-256 | 29b662e3b76be16cb0b4aa2911f8c4a9da3d8df2d650d4583cb5a0c3976e26ae
PCMAN FTP Server 2.0.7 Buffer Overflow
Posted Apr 4, 2016
Authored by Jay Turla, Chris Higgins | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.

tags | exploit, overflow
advisories | OSVDB-94624
SHA-256 | 860df3259810620f34c556a18da76a197f8c3e0724e8476d20abc5f9f70ce870
Open-Xchange 7.8.0 Cross Site Scripting
Posted Apr 4, 2016
Authored by Satish Bommisetty, Tim Schughart

Open-Xchange versions 7.8.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2016-2840
SHA-256 | 5273ac97746a41370e8a7259e9ccb912428c0fe5e29b9545c0ae6f750da37d5f
ManageEngine Password Manager Pro 8.3 CSRF / XSS / Escalation / Bypass
Posted Apr 4, 2016
Authored by Sebastian Perez

ManageEngine Password Manager Pro builds 8.1 through 8.3 suffer from bypass, cross site request forgery, privilege escalation, user enumeration, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, csrf
SHA-256 | 4701b3f6381aa3810fc096ebb5b3fdee574c32658bff2cd5fa61cc5488495a74
Gentoo Linux Security Advisory 201604-01
Posted Apr 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201604-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.5.0-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-8613, CVE-2015-8619, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2392, CVE-2016-2538, CVE-2016-2858
SHA-256 | b896eae21a58d53509df4b5e0d5bd8126548a138daf4735b9968003f5f2023b2
Red Hat Security Advisory 2016-0532-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0532-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Security Fix: A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.

tags | advisory, denial of service, memory leak
systems | linux, redhat
advisories | CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
SHA-256 | 7923c4a26bd8eaff6297576d2f1e25328457dfe3d9715a4441a96cf23a30904c
Red Hat Security Advisory 2016-0590-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0590-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A cross-site scripting flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. Multiple cross-site scripting flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2015-0284, CVE-2016-2103, CVE-2016-2104, CVE-2016-3079
SHA-256 | 42d4f4e3af74814cadcbc87364f9ffead3c998f92991979048ae4a84bcde1e1a
Debian Security Advisory 3540-1
Posted Apr 4, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3540-1 - Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-2347
SHA-256 | f8d0a79a6c7942c40560940314bc4668f67f891744697821c83f60c1fe5de253
Debian Security Advisory 3539-1
Posted Apr 4, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3539-1 - Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.

tags | advisory, remote, denial of service, protocol
systems | cisco, linux, debian
advisories | CVE-2015-6360
SHA-256 | 2a21727a1da862b7191dcc3e6d927736a0e79bdf2e9a74f409de9c5217970cc5
HP Security Bulletin HPSBGN03565 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03565 1 - A vulnerability in the Linux kernel was addressed by HPE Virtualization Performance Viewer. The vulnerability could be exploited locally to allow Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, kernel
systems | linux
advisories | CVE-2015-7872
SHA-256 | 99c40fd384bf32a773b21eee76dfbdc695a46c41dfb88f5edec091d406f3ac30
Slackware Security Advisory - mercurial Updates
Posted Apr 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3068, CVE-2016-3069, CVE-2016-3630
SHA-256 | d0919f77b9b9e732bca1f1e124be77e787a59e2770588c11f149a2c7ab403dc7
Red Hat Security Advisory 2016-0534-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0534-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-2047
SHA-256 | 3b3137ec076d7bc94e6e732f3ca6df727efffef5a325005d4034025729637d02
Slackware Security Advisory - php Updates
Posted Apr 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
SHA-256 | 5df726031a8c8afc2839bb82ba15485ad10cb539dfedf1ba1d01d1fcab5a68fb
HP Security Bulletin HPSBHF03431 3
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03431 3 - Potential security vulnerabilities have been identified with HPE Network Switches. The vulnerabilities could be exploited locally to allow bypass of security restrictions, and indirect vulnerabilities. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-6859, CVE-2015-6860
SHA-256 | d8bb850a08d13bb31ae6e7f3c7450621b23cde7cd2dafccaf2f56290bab825d1
HP Security Bulletin HPSBUX03561 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03561 1 - Potential security vulnerabilities has been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create Denial of Service (DoS), access restriction bypass, unauthorized read access to files, arbitrary code execution, and execution of arbitrary code with privilege elevation. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | hpux
advisories | CVE-2014-0230, CVE-2014-7810, CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714
SHA-256 | b5ecc5252638e66ff1f2f7a910bebebcd847eea2f66b38f774d1ef2569c89a5a
HP Security Bulletin HPSBGN03567 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03567 1 - A security vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Asset Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
advisories | CVE-2016-2000
SHA-256 | b105c64c961cfa4667a4ed0bfe5281184dfa6572901c35582d35e964ea25011c
HP Security Bulletin HPSBGN3547 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN3547 1 - Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot = dot) in the Filename field of an RRQ operation. Revision 1 of this advisory.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4722
SHA-256 | 1f3e8868b00af47129e352df5e7d96c015037163a8da3a3ed509547718297d0b
Gentoo Linux Security Advisory 201604-02
Posted Apr 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201604-2 - Insufficient constraints in Apache's Xalan-Java might allow remote attackers to execute arbitrary code and load arbitrary classes. Versions less than 2.7.2 are affected.

tags | advisory, java, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0107
SHA-256 | 9a6d78ced955ff810283d5ec1c7b0ee7b0670f4eccf9878acd9ba88653d10f55
Red Hat Security Advisory 2016-0566-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0566-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-0739
SHA-256 | bb5114769e158462435967fe99f7c07248d8a74c18dc398bb58e1d28a2fd2d4b
FortiManager / FortiAnalyzer 5.x Script Insertion
Posted Apr 4, 2016
Authored by Marco Onorati, Vulnerability Laboratory | Site vulnerability-lab.com

FortiManager and FortiAnalyzer version 5.x suffer from a client-side malicious script insertion vulnerability.

tags | exploit
SHA-256 | a530b07cdbc75dbde22a04336deb19c76b63dc77cc84aacbdf288faf1e260092
Techsoft Web Solutions CMS 2016 Q2 SQL Injection
Posted Apr 4, 2016
Authored by Vulnerability Laboratory, ICG SEC | Site vulnerability-lab.com

Techsoft Web Solutions CMS version 2016 Q2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 186f090bb2cf0f046f787258942a319ab0136c18238d87314d1832dd492bbb07
BugCrowd CSV Injection
Posted Apr 4, 2016
Authored by Hack Ex

BugCrowd's file upload allows for CSVs that may have malicious formulas in them.

tags | exploit, file upload
SHA-256 | b22bc45847766c3e4f34e0f66a6aeb563bc845db10f668c4635c00ee0bc764a1
MSIE MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free
Posted Apr 4, 2016
Authored by Martin Barbella, Google Security Research

Microsoft Internet Explorer suffers from a MSHTML!CSVGHelpers::SetAttributeStringAndPointer use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2016-0111
SHA-256 | cdfd2516b0415fb4189bf3b250e34e4c24ca6d87e3f8efdff8a5bd6c5a4c5be0
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close