exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-05-03

OpenSSL Toolkit 1.0.2h
Posted May 3, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes to prevent padding oracle in AES-NI CBC MAC check. Fixed various overflows and other security issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
SHA-256 | 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation
Posted May 3, 2016
Authored by Tim Herres | Site lsexperts.de

OXID eShop Community Edition version 4.9.7 suffers from path traversal and privilege escalation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 6d480e472dd8ac2378c54bdb33cab32a7b02cd23ec4e03639daf3671e5bd7067
Swagger Editor 2.9.9 Cross Site Scripting
Posted May 3, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Swagger Editor version 2.9.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2c9f139677da0df23f3a83e1dfd810fd387124a00de5fae2c2e07e62c09ac0ef
NetCommWireless HSPA 3G10WVE Authentication Bypass / Code Execution
Posted May 3, 2016
Authored by Bhadresh Patel

NetCommWireless HSPA 3G10WVE suffers from authentication bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
advisories | CVE-2015-6023, CVE-2015-6024
SHA-256 | 9996c2e688f51727de634672566a4b67b0fea81f1759e9ab8f7ea6e2e10391bb
libxml 2.9.2 Stack Overflow
Posted May 3, 2016
Authored by Simon Lees

libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file.

tags | exploit, overflow
advisories | CVE-2016-3627
SHA-256 | e627232db6fe21d686a937565c9d43af1ef4a7e15710847f48703d1656e2f593
Zabbix Agent 3.0.1 mysql.size Shell Command Injection
Posted May 3, 2016
Authored by Timo Juhani Lindfors

Zabbix Agent version 3.0.1 suffers from a remote shell command injection vulnerability via mysql.size.

tags | exploit, remote, shell
advisories | CVE-2016-4338
SHA-256 | 6f4704de4bcf1cffa3bdc31fb48a54c0bbd0e2a752f76897323a61d5406a6f59
Red Hat Security Advisory 2016-0711-01
Posted May 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0711-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.642.2 LTS that addresses a large number of security issues, including XSS, CSRF, information disclosure, and code execution.

tags | advisory, code execution, info disclosure
systems | linux, redhat
advisories | CVE-2016-0788, CVE-2016-0789, CVE-2016-0790, CVE-2016-0791, CVE-2016-0792
SHA-256 | 8cb241f7f26e24db895bca20b367c5d2ec75547e9aa7d1d03f82eab44c897d01
Ubuntu Security Notice USN-2959-1
Posted May 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
SHA-256 | 3fb297642dda424c9a2fdccf91144e60ea85032eaaa5c25bace6373ceec41e05
Red Hat Security Advisory 2016-0716-01
Posted May 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0716-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 078167b3a1b6eede13852019b0c8bb3574483fe875d568c5496e595340c7d03d
Debian Security Advisory 3566-1
Posted May 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | c4d2a15eb0d1dceb59a021eef09bc9edd0bfe8717d7f9c3514d177c58c51295f
Slackware Security Advisory - mercurial Updates
Posted May 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3105
SHA-256 | 691ee2b30ae6b117b4855ba8e0f0dd25e513546845e8670049741f2b2fe52eb8
Moxa MiiNePort Weak Credential Management / CSRF
Posted May 3, 2016
Authored by Karn Ganeshen

Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2016-2285, CVE-2016-2286, CVE-2016-2295
SHA-256 | 7ed488745e4d059d12d5ec837be93fd1917ea75cdbe335cca37b64e00022a474
CONFidence 2016 Call For Papers
Posted May 3, 2016
Site 2016.confidence.org.pl

CONFidence 2016 Call For Papers - This conference will take place from May 19th through the 20th, 2016 in Krakow, Poland.

tags | paper, conference
SHA-256 | 866cf1ecab274d7a542c851887290f1a1e0a616227e02188fa9b5a7c1896d9e6
Linux double-fdput() Use-After-Free
Posted May 3, 2016
Authored by Jann Horn, Google Security Research

Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().

tags | exploit
systems | linux
advisories | CVE-2016-4557
SHA-256 | fdf02d266337b84af0f49b7c8b000f74559cac23baf06e83b0bb199f19224b59
McAfee Relocation Processing Memory Corruption
Posted May 3, 2016
Authored by Tavis Ormandy, Google Security Research

Fuzzing packed executables with McAfee's LiveSafe version 14.0 on Windows found a signedness error parsing sections and relocations.

tags | exploit
systems | linux, windows
SHA-256 | df3a3c638fb803483492e5595745c6b207dc5378a2e3150bc4c2f7d4306afa97
Linux BPF Maps Reference Count Overflow
Posted May 3, 2016
Authored by Jann Horn, Google Security Research

Linux suffers from a reference count overflow using BPF maps.

tags | exploit, overflow
systems | linux
SHA-256 | 7adaf8180063a09e3682592ef0ccca5ec1a3445cd1c0424d7f622a7d8f579117
Mobile Security Framework MobSF 0.9.2 Beta
Posted May 3, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
SHA-256 | 9a9189b4d7fe03495edaca2f8d76a9fbb34f18d666bd43cc24ac1ab1a8d428dd
Linux perf_event_open() / execve() Race Condition
Posted May 3, 2016
Authored by Google Security Research, ianbeer

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.

tags | exploit, local
systems | linux
SHA-256 | 34223fcdcb6cbd70c6b1a484cbbe82f7969a88b8b78a173e0396adc447df53aa
CMS Made Simple Cache Poisoning
Posted May 3, 2016
Authored by Mickael Walter

CMS Made Simple versions prior to 2.1.3 and 1.12.2 suffer from a web server cache poisoning vulnerability.

tags | exploit, web
advisories | CVE-2016-2784
SHA-256 | a13d86771a20355ec31260d111b449108279447a297ac945443686c587923cee
Page 1 of 1

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By