what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-05-03

OpenSSL Toolkit 1.0.2h
Posted May 3, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes to prevent padding oracle in AES-NI CBC MAC check. Fixed various overflows and other security issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
MD5 | 9392e65072ce4b614c1392eefc1f23d0
OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation
Posted May 3, 2016
Authored by Tim Herres | Site lsexperts.de

OXID eShop Community Edition version 4.9.7 suffers from path traversal and privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 967a169d170e23b852bab8a8ae953b71
Swagger Editor 2.9.9 Cross Site Scripting
Posted May 3, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b53df8f45f91a77bb2ce060de0233f8d
NetCommWireless HSPA 3G10WVE Authentication Bypass / Code Execution
Posted May 3, 2016
Authored by Bhadresh Patel

NetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
advisories | CVE-2015-6023, CVE-2015-6024
MD5 | 757797a6cf41e96e0225c3f51900b37f
libxml 2.9.2 Stack Overflow
Posted May 3, 2016
Authored by Simon Lees

libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file.

tags | exploit, overflow
advisories | CVE-2016-3627
MD5 | 4f1082b373da496d63b7f7f54ce7ab65
Zabbix Agent 3.0.1 mysql.size Shell Command Injection
Posted May 3, 2016
Authored by Timo Juhani Lindfors

Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.

tags | exploit, remote, shell
advisories | CVE-2016-4338
MD5 | 0e127395045646f3d0f4f76cf5df25ec
Red Hat Security Advisory 2016-0711-01
Posted May 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0711-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.

tags | advisory, code execution, info disclosure
systems | linux, redhat
advisories | CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792
MD5 | acdd67c123ba61e93f16c9e70e9fc173
Ubuntu Security Notice USN-2959-1
Posted May 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
MD5 | 4925406da94e0165485ac54ee227166b
Red Hat Security Advisory 2016-0716-01
Posted May 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0716-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
MD5 | 954a455dd4654d2e23193d1b51f899eb
Debian Security Advisory 3566-1
Posted May 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 2c73861f374ae26a66c6684a585a8fed
Slackware Security Advisory - mercurial Updates
Posted May 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3105
MD5 | 0fbf869fd346cd8bdb9121760b0488e3
Moxa MiiNePort Weak Credential Management / CSRF
Posted May 3, 2016
Authored by Karn Ganeshen

Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2016-2285, CVE-2016-2286, CVE-2016-2295
MD5 | 92a9adf18f62186fdffb40720a4c11fc
CONFidence 2016 Call For Papers
Posted May 3, 2016
Site 2016.confidence.org.pl

CONFidence 2016 Call For Papers - This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.

tags | paper, conference
MD5 | d0c8524e81294f8ae3552e05e5b117a2
Linux double-fdput() Use-After-Free
Posted May 3, 2016
Authored by Jann Horn, Google Security Research

Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().

tags | exploit
systems | linux
advisories | CVE-2016-4557
MD5 | dfd0a1c5e8fc8b444a14c6a1a6f6c484
McAfee Relocation Processing Memory Corruption
Posted May 3, 2016
Authored by Tavis Ormandy, Google Security Research

Fuzzing packed executables with McAfee's LiveSafe version 14.0 on Windows found a signedness error parsing sections and relocations.

tags | exploit
systems | linux, windows
MD5 | 3b23a5a592ee656d437e100b6c4c4322
Linux BPF Maps Reference Count Overflow
Posted May 3, 2016
Authored by Jann Horn, Google Security Research

Linux suffers from a reference count overflow using BPF maps.

tags | exploit, overflow
systems | linux
MD5 | e910d3a25817a9fb6a4cfca080ea791a
Mobile Security Framework MobSF 0.9.2 Beta
Posted May 3, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
MD5 | f3df40afd37a25833c3786065c2145fd
Linux perf_event_open() / execve() Race Condition
Posted May 3, 2016
Authored by Google Security Research, ianbeer

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.

tags | exploit, local
systems | linux
MD5 | 8a00dfb29a5769d243754a1a99030296
CMS Made Simple Cache Poisoning
Posted May 3, 2016
Authored by Mickael Walter

CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.

tags | exploit, web
advisories | CVE-2016-2784
MD5 | 68c513709fea71de8af188448ecd5734
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close