seeing is believing
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-05-31

CMSimple 4.6.2 Cross Site Scripting
Posted May 31, 2016
Authored by Manuel Garcia Cardenas

CMSimple versions 4.6.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e93f6e0a70519ec45c3974333b210d29
Keystone 0.9
Posted May 31, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

tags | tool, x86, python, ruby
systems | windows, unix
MD5 | da122aa5ce802c38054bd1e7441e7369
Relay Ajax Directory Manager 1.5.3 File Upload / Command Execution
Posted May 31, 2016
Site redteam-pentesting.de

Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.

tags | exploit, shell, file upload
MD5 | 70c083691ddb4ee8164629e359687241
Websockify 0.8.0 Buffer Overflow / Remote Code Execution
Posted May 31, 2016
Site redteam-pentesting.de

Websockify versions 0.8.0 and below suffer a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | e4766a4ef58a2fb66e4cd0abcdef749d
Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
Posted May 31, 2016
Site redteam-pentesting.de

PRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.

tags | exploit
advisories | CVE-2015-7743
MD5 | e5f6ec186a8de5447c115e78b64400c0
ProcessMaker 3.0.1.7 Cross Site Request Forgery / Cross Site Scripting
Posted May 31, 2016
Authored by Mickael Dorigny

ProcessMaker version 3.0.1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 3c1dd341fc8ffe2bc824278e759f1a52
Konica Minolta FTP Utility 1.0 SEH Buffer Overflow
Posted May 31, 2016
Authored by Mandar Jadhav

Konica Minolta FTP Utility version 1.0 CWD command SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-7768
MD5 | 4469930ff497574ef623756742dc487b
Red Hat Security Advisory 2016-1166-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1166-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix: The following fix was applied to the python component: The Python standard library HTTP client modules did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2013-2099, CVE-2013-7440
MD5 | eb14dd1081988f81d83fb63991cc2460
Red Hat Security Advisory 2016-1141-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1141-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518
MD5 | 39609b1d1ed35a540a846b3ce318ba00
Red Hat Security Advisory 2016-1140-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1140-01 - The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which provide Squid version 3.1. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | linux, redhat
advisories | CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556
MD5 | 45504d41466709f36e10ee4bc7a5bbb7
Red Hat Security Advisory 2016-1139-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1139-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | linux, redhat
advisories | CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556
MD5 | d4bf0d9e273df3d236543e9a6101bb60
Red Hat Security Advisory 2016-1138-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1138-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | linux, redhat
advisories | CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4554, CVE-2016-4556
MD5 | 50f8c1df80ebbfdd47438d4d521cd4d9
Red Hat Security Advisory 2016-1137-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1137-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2108
MD5 | dd13913a15943588588e3f588b141519
Gentoo Linux Security Advisory 201605-06
Posted May 31, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201605-6 - Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Versions less than 4.12 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2711, CVE-2015-2712, CVE-2015-2713, CVE-2015-2714, CVE-2015-2715, CVE-2015-2716, CVE-2015-2717, CVE-2015-2718, CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482, CVE-2015-4483, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4490
MD5 | 296fbfa09f6556e678dae038772623aa
Gentoo Linux Security Advisory 201605-05
Posted May 31, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201605-5 - Multiple vulnerabilities have been found in Linux-PAM, allowing remote attackers to bypass the auth process and cause Denial of Service. Versions less than 1.2.1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7041, CVE-2014-2583, CVE-2015-3238
MD5 | 50e1e89da52f32ad9ec5d0a867b9fa64
Red Hat Security Advisory 2016-1182-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1182-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
MD5 | 0fda9594e8e5b3591dd3431be2be24a3
Mosca Analysis Tool 0.05
Posted May 31, 2016
Authored by coolervoid

Mosca is a tool that checks code for poor security practices akin to using grep against it for static analysis.

tags | tool, scanner
systems | unix
MD5 | f901b9b86eacef1e026ea3290ec92238
Raptor WAF 0.01
Posted May 31, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

tags | tool, web, firewall, xss, sql injection
systems | unix
MD5 | f148e0de498b08141846ae0eb97a718c
Payload Mask 0.1
Posted May 31, 2016
Authored by coolervoid

Payload Mask is a payload editor that can mutate an initial dataset.

tags | tool
systems | unix
MD5 | bf2c348ff9a58ebbe384404df32dd718
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close