exploit the possibilities
Showing 1 - 25 of 32 RSS Feed

Files Date: 2016-05-16

Web2py 2.14.5 CSRF / XSS / Local File Inclusion
Posted May 16, 2016
Authored by Nahendra Bhati

Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion, csrf
advisories | CVE-2016-4806, CVE-2016-4807, CVE-2016-4808
MD5 | 01191e32db9c3701e64fd653156642b6
Ubuntu Security Notice USN-2979-4
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-4 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | 282fb7d30f0bbf94c7b32b6f0a27efdf
Ubuntu Security Notice USN-2979-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
MD5 | 6cda871db2e87048ad32190b6e8b4f62
Ubuntu Security Notice USN-2979-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-2 - USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
MD5 | 3643c69d011f231114a3f735b7e0f8f9
Ubuntu Security Notice USN-2977-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2977-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | bcbaece194970f9fe9d41f6fc9adf9e2
Ubuntu Security Notice USN-2976-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2976-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | ca138ed92acf0d0ee1310b3accbd533b
Ubuntu Security Notice USN-2978-3
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | af79d08963f91685eaa9a8e9c2469337
Ubuntu Security Notice USN-2975-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2975-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | c6329661dfc83e935e5495ffe30634d0
Ubuntu Security Notice USN-2975-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2975-2 - USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | 04bf232f750be74145a895683d3d941c
Ubuntu Security Notice USN-2978-2
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-2 - USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
MD5 | 3b4f3ed58a8c12e44ca8098dccbd9e77
Ubuntu Security Notice USN-2979-3
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2979-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758
MD5 | 79a251a71aadb2ae30f2d2714f273acd
Ubuntu Security Notice USN-2978-1
Posted May 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2978-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0758, CVE-2016-3713
MD5 | 81456d3f1850b71e123e93c17a3d75f7
Nexon Games Privilege Escalation
Posted May 16, 2016
Authored by Cyril Vallicari

Multiple Nexon games suffer from an unquoted path privilege escalation vulnerability.

tags | exploit
MD5 | aad776883857d427a8b8acae46f479cd
Debian Security Advisory 3580-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3580-1 - Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.

tags | advisory, web, local, vulnerability
systems | linux, debian
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718
MD5 | 9fd5c59d9ad4be88717f7b2d1dc71527
Hex: Shard Of Fate 1.0.1.026 Privilege Escalation
Posted May 16, 2016
Authored by Cyril Vallicari

Hex: Shard of Fate version 1.0.1.026 suffers from an unquoted path privilege escalation vulnerability.

tags | exploit
MD5 | b2cf367c451a96292d52275a9394788f
TP-Link SC2020n Authenticated Telnet Injection
Posted May 16, 2016
Authored by Nicholas Starke | Site metasploit.com

The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials.

tags | exploit, web, cgi, root
MD5 | 71d95a18afa80e1cd4112fb87a007a63
SAP MII 15.0 Directory Traversal
Posted May 16, 2016
Authored by Dmitry Chastuhin

SAP MII version 15.0 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 9ca2157312c74535aee6c440551ff543
SAP NetWeaver AS JAVA 7.4 Cross Site Scripting
Posted May 16, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA version 7.4 suffers from a cross site scripting vulnerability.

tags | exploit, java, xss
MD5 | bc4e478f9c828d201457d6bbc31b2264
PLANET IP LFI / CSRF / XSS / Authentication Bypass
Posted May 16, 2016
Authored by OrwellLabs | Site orwelllabs.com

Various PLANET IP cameras suffer from local file inclusion, arbitrary file read, information disclosure, cross site request forgery, cross site scripting, and hard-coded credential vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, xss, bypass, file inclusion, info disclosure, csrf
MD5 | daf3dbc42f340bf62736f5b1ee3f8637
Merit LILIN XSS / CSRF / Credential Issues
Posted May 16, 2016
Authored by OrwellLabs | Site orwelllabs.com

Merit LILIN IP cameras suffer from cross site request forgery, cross site scripting, hard-coded credential, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f1d8fad8807645a56ca5924dd0cf8934
Debian Security Advisory 3579-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3579-1 - Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.

tags | advisory
systems | linux, debian
advisories | CVE-2016-2099
MD5 | e650092f49bfe1c35898dca7f534e0be
Debian Security Advisory 3578-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3578-1 - It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.

tags | advisory
systems | linux, debian
advisories | CVE-2015-2059
MD5 | e871a2977022d2e84ed57328b7ccb956
Debian Security Advisory 3577-1
Posted May 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3577-1 - Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2016-4425
MD5 | 6c534c47e3a5164fda4e44fadafa2354
Adobe Flash addProperty Use-After-Free
Posted May 16, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free vulnerability in addProperty.

tags | exploit
systems | linux
advisories | CVE-2016-4108
MD5 | fe319d617b7f4afc51be913f7e98c7a3
Adobe Flash MP4 File Stack Corruption
Posted May 16, 2016
Authored by Google Security Research, natashenka

A malicious mp4 file can cause stack corruption in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2016-1096
MD5 | d2cc05287bbe59ce219f8d2fe20be64b
Page 1 of 2
Back12Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close