the original cloud security
Showing 1 - 7 of 7 RSS Feed

Files Date: 2016-05-06

Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
Posted May 6, 2016
Authored by Google Security Research, Sven Blumenstein

Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.

tags | exploit, remote, vulnerability, protocol
advisories | CVE-2007-0932, CVE-2014-7299, CVE-2016-2031, CVE-2016-2032
MD5 | 79bbcc053b93555ca4f82417addfb3ca
ImageMagick Delegate Arbitrary Command Execution
Posted May 6, 2016
Authored by wvu, Nikolay Ermishkin, hdm, stewie | Site metasploit.com

This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.

tags | exploit, shell
systems | linux, unix, bsd, apple, osx
MD5 | 673c4b90719c9b8a377e4c72d8396c29
Ruby on Rails Development Web Console (v2) Code Execution
Posted May 6, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution feature of the Ruby on Rails framework. This feature is exposed if the config.web_console.whitelisted_ips setting includes untrusted IP ranges and the web-console gem is enabled.

tags | exploit, remote, web, code execution, ruby
MD5 | d0edf8ed42e473bd899ea40ae4b535e7
HP Security Bulletin HPSBMU03584 1
Posted May 6, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03584 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization and other vulnerabilities have been addressed by HPE Network Node Manager I (NNMi). These vulnerabilities could be remotely exploited resulting in arbitrary code execution, authentication bypass, Cross-Site Scripting (XSS), disclosure of information, or unauthorized access. Revision 1 of this advisory.

tags | advisory, java, arbitrary, vulnerability, code execution, xss
advisories | CVE-2012-6153, CVE-2014-3577, CVE-2016-2009, CVE-2016-2010, CVE-2016-2011, CVE-2016-2012, CVE-2016-2013, CVE-2016-2014
MD5 | 422ccebcbc7205e90c1150a56290f2b9
Debian Security Advisory 3570-1
Posted May 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3570-1 - Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2016-3105
MD5 | e5892b46ecd160c44eea72ecfcc123e5
Apple Security Advisory 2016-05-03-1
Posted May 6, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-03-1 - Xcode 7.3.1 is now available and addresses a heap-based buffer overflow vulnerability.

tags | advisory, overflow
systems | apple
advisories | CVE-2016-2315, CVE-2016-2324
MD5 | f9b8bc1dabb1d23d58121349e25a256c
Faraday 1.0.19
Posted May 6, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Open services count to Hosts list in WEB UI. Improved zsh integration. Various other updates and improvements.
tags | tool, rootkit
systems | unix
MD5 | c28176f8588d2157caddd9125a51be58
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close