Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-04-07

Faraday 1.0.18
Posted Apr 7, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Experimental JIRA integration has been added. The Faraday Proxy Server has been added. Various other updates and improvements.
tags | tool, rootkit
systems | unix
MD5 | 98099fb6998d7343312655bfae217bbc
hardwear.io 2016 Call For Papers
Posted Apr 7, 2016
Authored by hardwear.io CFP

hardwear is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. It will take place September 20th through the 23rd, 2016 in The Hague, Netherlands.

tags | paper, conference
MD5 | 68217593e7e127db715d35e48c9fb465
Cisco Security Advisory 20160406-cts
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, kernel
systems | cisco
MD5 | fbdc70fecf3e8f623a41893b1410ec28
Cisco Security Advisory 20160406-cts1
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web
systems | cisco
MD5 | b47f43afa43559f4c22d7ad37533fd4f
Cisco Security Advisory 20160406-cts2
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote
systems | cisco
MD5 | 4e846c6a99766e7f207c0d9a3930c3fc
HP Security Bulletin HPSBST03568 1
Posted Apr 7, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03568 1 - A potential security vulnerability has been identified with HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition Software including Device Manager and Hitachi Automation Director (HAD). The vulnerability could be remotely exploited resulting in Server-Side Request Forgery (SSRF). Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-5255
MD5 | d33d232bf3798e0914e909c35e8e0b8b
HP Security Bulletin HPSBGN03569 2
Posted Apr 7, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03569 2 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 2 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-3566, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
MD5 | 03e7b5159892da6b5f222f36aed886a4
Cisco Security Advisory 20160406-remcode
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending an HTTP POST with crafted deserialized user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be used to conduct further attacks. Cisco has released software updates that address this vulnerability. Workarounds are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 790461dd687e6bbee01f457667000ca2
Cisco Security Advisory 20160406-privauth
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the application programming interface (API) web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter. An attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges on the application to view and edit unauthorized data. Cisco has released software updates that address this vulnerability. Workarounds are not available.

tags | advisory, remote, web
systems | cisco
MD5 | b11fd4bd01ee4f534eadd86bd8ac4109
Cisco Security Advisory 20160406-ucs
Posted Apr 7, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, root
systems | cisco
MD5 | d9e1dee4a0189ee2641680eba9c2a3db
Panda Security URL Filtering Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2015-7378
MD5 | 8de4a1b0c3c187a6a2da1b6c123aed76
Panda Endpoint Administration Agent Privilege Escalation
Posted Apr 7, 2016
Authored by Kyriakos Economou

Panda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2016-3943
MD5 | 35f46b82439c8a818c276df662df6752
SIDU 5.3 Cross Site Scripting
Posted Apr 7, 2016
Authored by Ozer Goker

SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | a3f89fb863b5a720fe542dbeb5a7e3f5
SIDU 5.2 Cross Site Scripting
Posted Apr 7, 2016
Authored by Ozer Goker

SIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 552773c3017474ef33da25f217cb186c
Linux ASLR Weakness Addressed
Posted Apr 7, 2016
Authored by Hector Marco

A weakness in the Linux ASLR implementation has been addressed.

tags | advisory
systems | linux
advisories | CVE-2016-3672
MD5 | df8e77ca181afbaa1b9f9d2e85cdf208
Microsoft Windows 8.1 Console Driver Job Object Process Limit Bypass
Posted Apr 7, 2016
Authored by Google Security Research, forshaw

One change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess which creates an instance of conhost.exe. This method calls ZwCreateUserProcess which means that the system call runs with kernel permissions, it also passes a flag (0x400) to the system call which indicates that the new process should not be assigned to the parent job. This allows for the conhost process to bypass the job restrictions.

tags | exploit, kernel
systems | linux, windows, 7
MD5 | 19c23ba38514cdf1e5097db2a3684f70
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close