accept no compromises
Showing 1 - 25 of 333 RSS Feed

Files Date: 2016-04-01 to 2016-04-30

Debian Security Advisory 3561-1
Posted Apr 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3561-1 - Several vulnerabilities were discovered in Subversion, a version control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2167, CVE-2016-2168
MD5 | b23f16f854ad8a913fcb71a65f6118aa
GLPI 0.90.2 SQL Injection
Posted Apr 29, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2c2bc727021894555545066d1c21025e
Mozilla Firefox / Thunderbird DLL Hijacking
Posted Apr 29, 2016
Authored by Stefan Kanthak

Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.

tags | exploit
systems | windows
MD5 | 3a7773a1eef943e50f4d2710742d2ba2
WordPress Truemag Theme Cross Site Scripting
Posted Apr 29, 2016
Authored by ICG SEC | Site vulnerability-lab.com

WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f1ca607fdfa4b0f1d2365da088941388
Windows Primitive Keylogger Null Free Shellcode
Posted Apr 29, 2016
Authored by Fugu

431 bytes small NULL free shellcode for windows that is a primitive keylogger that writes to a file.

tags | shellcode
systems | windows
MD5 | 95baa416c64784bf8f830e561a634ea6
HP Security Bulletin HPSBUX03583 SSRT110084 1
Posted Apr 28, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03583 SSRT110084 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-1285, CVE-2016-1286
MD5 | 89b6347ee7f06f57801fb90fdaa71701
PHP 7.x Heap Overflow
Posted Apr 28, 2016
Authored by Hans Jerry Illikainen

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.

tags | exploit, overflow, php
advisories | CVE-2016-3078
MD5 | a681c55094ed13770f1f961d5c5dde1d
Red Hat Security Advisory 2016-0699-01
Posted Apr 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0699-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.

tags | advisory
systems | linux, redhat
MD5 | c0d5eb7b5cbc315bbcea623b58371139
Debian Security Advisory 3560-1
Posted Apr 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3560-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2015-8865, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073
MD5 | 41a933eee7d30ee30a8e376640625e3d
Apache Cordova iOS 3.9.1 Access Bypass
Posted Apr 28, 2016
Authored by Muneaki Nishimura

Apache Cordova iOS versions 3.9.1 and below suffer from an access bypass vulnerability.

tags | advisory, bypass
systems | ios
advisories | CVE-2015-5207
MD5 | d3e27114a3b585742111bbdb0e732900
Apache Cordova iOS 3.9.1 Arbitrary Plugin Execution
Posted Apr 28, 2016
Authored by Muneaki Nishimura

Apache Cordova iOS versions 3.9.1 and below allow for arbitrary plugin execution.

tags | advisory, arbitrary
systems | ios
advisories | CVE-2015-5208
MD5 | ff85ca99ae191e3adac2d159263e6b8f
Packet Fence 6.0.0
Posted Apr 28, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various updates. Typo fixes added along with doc modifications.
tags | tool, remote
systems | unix
MD5 | a0198d0ae9df05ec91c004936be2884b
Microsoft Windows Kernel win32k.sys TTF Processing Pool Corruption
Posted Apr 28, 2016
Authored by Google Security Research, mjurczyk

A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2016-0145
MD5 | 03655c617bca96ec7e0f05501dd92609
Android Service Manager One Way Binder Transaction Crash
Posted Apr 28, 2016
Authored by Google Security Research, forshaw

If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.

tags | exploit, denial of service
systems | linux
MD5 | 99e18c7b5134fd0d4dcd4383654d1372
Ubuntu Security Notice USN-2936-1
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2936-1 - Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2804, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2811, CVE-2016-2812, CVE-2016-2814, CVE-2016-2816, CVE-2016-2817, CVE-2016-2820, CVE-2018-2817
MD5 | 9dda7e88d57a605520c6b4c443e20fac
Ubuntu Security Notice USN-2934-1
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2934-1 - Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-1950, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1964, CVE-2016-1966, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
MD5 | b201b017c2e8ff3aad7d9a0824d057b3
Ubuntu Security Notice USN-2955-1
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2955-1 - A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. An out-of-bounds read was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1578, CVE-2016-1646, CVE-2016-1647, CVE-2016-1649, CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1659, CVE-2016-3679
MD5 | dc07d36baf6262e0f5d1e242b1ed2d1e
Debian Security Advisory 3559-1
Posted Apr 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3559-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-2805, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814
MD5 | a2f97b7e4e9a5ecd1eb8f0f2616d7fe1
Ubuntu Security Notice USN-2952-2
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2952-2 - USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9767, CVE-2015-8838, CVE-2016-1903, CVE-2016-2554, CVE-2016-3141, CVE-2016-3142
MD5 | 46573c2a67141cd49c531625378337dc
Ubuntu Security Notice USN-2950-2
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
MD5 | 4378a3e1b91e771dd7893d559ac783d4
Mach Race OS X Local Privilege Escalation
Posted Apr 27, 2016
Authored by reverser

This is a SUID, SIP, and binary entitlements universal OS X local privilege escalation exploit.

tags | exploit, local
systems | apple, osx
advisories | CVE-2016-1757
MD5 | 5e928a94c937ab6683178d70d0000c4e
EMC ViPR SRM Cross Site Request Forgery
Posted Apr 27, 2016
Authored by Securify B.V.

EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-0891
MD5 | 5c998f817d0bd863cd2844f5ca0014b5
AWS CAPTCHA Bypass
Posted Apr 27, 2016
Authored by David Leo

AWS appears to suffer from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
MD5 | c4514c132311303459541cc65e978f96
Voo Branded Netgear CG3700b Firmware CSRF / Authentication
Posted Apr 27, 2016
Authored by dev

Voo branded Netgear CG3700b custom firmware version 2.02.03 suffers from cross site request forgery and insufficient authentication vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | f56165d9368729c1623e374b5e46c6e3
Microsoft Windows CSRSS Privilege Escalation
Posted Apr 27, 2016
Authored by Google Security Research, forshaw

The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges.

tags | exploit
systems | linux
advisories | CVE-2016-0151
MD5 | b53f1c042d141766251ba3d2c5ce4315
Page 1 of 14
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close