exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-06-01

Wireshark erf_meta_read_tag SIGSEGV Invalid Memory Read
Posted Jun 1, 2016
Authored by Google Security Research, mjurczyk

A SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark.

tags | exploit
systems | linux
SHA-256 | 7a79500232fbb76e6ea3d5162c37796352dfa61a8bbe83f3d1c9c2a97aaa480a
HP Security Bulletin HPSBOV03615 1
Posted Jun 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03615 1 - Potential security vulnerabilities have been identified in OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine. These vulnerabilities could be exploited remotely resulting in access restriction bypass, Cross-Site Request Forgery (CSRF), directory traversal, unauthorized read access to data, execution of arbitrary code with privilege elevation, or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
SHA-256 | ede618831ba4bd88562474a907f609650ab7e6942ea6ff0205c3ea9f43a8cc05
Debian Security Advisory 3592-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3592-1 - It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might processes.

tags | advisory
systems | linux, debian
advisories | CVE-2016-4450
SHA-256 | 02cf83827d28ed0185f384fd43ea855491aaff4cd89c0c7854b6f96491871ad4
Cisco Security Advisory 20160601-prime3
Posted Jun 1, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the IPv6 packet decode function of the Cisco Network Analysis Module (NAM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an improper calculation of the IPv6 payload length of certain IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets on the network where the NAM is collecting and monitoring traffic. An exploit could allow the attacker to cause a DoS condition and the NAM could cease to collect and monitor traffic for a short time. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 51f69964f7439cfe1bae3d80db56bd007b12e61cdc735671b6e92a4cbc93ecf0
Cisco Security Advisory 20160601-prime
Posted Jun 1, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | 7c7ea13df45660d4b78111757b93a051b277d7a22b1910e1ccb0b99b73521a3e
Packet Storm New Exploits For May, 2016
Posted Jun 1, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 151 exploits added to Packet Storm in May, 2016.

tags | exploit
systems | linux
SHA-256 | 7d1ae806d142e11adfdc4a4c72908bb6e3fb61700b07a9e91c2c3a795ab21e8f
Joomla SecurityCheck 2.8.9 Cross Site Scripting / SQL Injection
Posted Jun 1, 2016
Authored by Muhammet Dilmac, Gokmen Guresci

Joomla SecurityCheck component version 2.8.9 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 644ee7776a488493e83ee5ba795c7a55e8e19c6d9eb7ee5b7ae99055ad7d487f
Liferay CE Stored Cross Site Scripting
Posted Jun 1, 2016
Authored by Fernando Camara

Liferay CE versions prior to 6.2 CE GA6 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-3670
SHA-256 | 3e690a22ff5bca0489c813c1cf6feee3cda703e240550e0b23a3d268f6238f9c
PHPList 3.2.4 Cross Site Request Forgery / Cross Site Scripting
Posted Jun 1, 2016
Authored by Mickael Dorigny

PHPList version 3.2.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | f0da55dd29ff527bd052188fb9c5477c678b51589e98191eacd2521bb2069799
AjaxExplorer 1.10.3.2 CSRF / XSS / Command Execution
Posted Jun 1, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

AjaxExplorer version 1.10.3.2 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | 8ff0f3f0129c5a4f84d3ceadd12e8a052fc48892ec283b4438ab448170a13f73
KeePass 2 Man-In-The-Middle
Posted Jun 1, 2016
Authored by Florian Bogner

KeePass 2's update check suffers from a man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2016-5119
SHA-256 | 3ffce8ffcecf431af8017ab2207683659b2cf428b3fa6bac7f17d32917130f17
FreeBSD Security Advisory - FreeBSD-SA-16:20.linux
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo() system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | linux, freebsd
SHA-256 | 6b27a6a1f473e7ec8c1d3d2d15e96112361176be54633c0fd438e73581a1ad54
FreeBSD Security Advisory - FreeBSD-SA-16:22.libarchive
Posted Jun 1, 2016
Authored by Alexander Cherepanov | Site security.freebsd.org

FreeBSD Security Advisory - The cpio(1) tool from the libarchive(3) bundle is vulnerable to a directory traversal problem via absolute paths in an archive file. A malicious archive file being unpacked can overwrite an arbitrary file on a filesystem, if the owner of the cpio process has write access to it.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2015-2304
SHA-256 | cce26b2a1835322695e6fff10188668916dff833800347947b8674400f19415d
FreeBSD Security Advisory - FreeBSD-SA-16:23.libarchive
Posted Jun 1, 2016
Site security.freebsd.org

FreeBSD Security Advisory - An integer signedness error in the archive_write_zip_data() function in archive_write_set_format_zip.c in libarchive(2) could lead to a buffer overflow on 64-bit machines. An attacker who can provide input of their choice for creating a ZIP archive can cause a buffer overflow in libarchive(2) that results in a core dump or possibly execution of arbitrary code provided by the attacker.

tags | advisory, overflow, arbitrary
systems | freebsd
advisories | CVE-2013-0211
SHA-256 | 87a7f61237be219ef487e8ed9b0715b7f4968873a982c7e3f7783ca63eca8013
FreeBSD Security Advisory - FreeBSD-SA-16:21.43bsd
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of historic stat(2) system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | freebsd
SHA-256 | 5aea37987852d0521df4d2905049a1846239ec7524662651c8d72205994223c8
Ubuntu Security Notice USN-2988-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2988-1 - Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-1581, CVE-2016-1582
SHA-256 | eaa7edec08f0e3f46bdd99e86421a02ee9649cd7ed30ad06309fea46089f3b8f
Ubuntu Security Notice USN-2987-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2987-1 - It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-2497, CVE-2014-9709, CVE-2015-8874, CVE-2015-8877, CVE-2016-3074
SHA-256 | badd026155b500126de84bd40c800d8fd8b461aeb003b12a0187b90f9886cbd0
HP Security Bulletin HPSBGN03609 1
Posted Jun 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03609 1 - Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2016-4359, CVE-2016-4360, CVE-2016-4361
SHA-256 | 8dd85acecdc21de2b83763c45a87e794f9470dfbfb9e4a32c3ab4870e2d8c66f
Red Hat Security Advisory 2016-1190-01
Posted Jun 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1190-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.63. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695
SHA-256 | 2cdb99307c0c2ee1b5be811784b62f4b9a772c88a740db63207c1fbe61d37538
Debian Security Advisory 3591-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3591-1 - Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-5118
SHA-256 | ba44ce3e1259313b7e90399ec59f58622a898da2a842de433343bef4220f354e
Debian Security Advisory 3590-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3590-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695
SHA-256 | 2eb8ab6a5247168fe00cbb95698acbd6ddd274b0ca4fa6a206624a6c2e994ad4
Ubuntu Security Notice USN-2989-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2989-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-4004, CVE-2016-2069, CVE-2016-2117, CVE-2016-2187, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-4485, CVE-2016-4486, CVE-2016-4581
SHA-256 | 176f40d6b9ca149610db188404fb65b5dd57970bcbf0fa0ce08d2db323c1cc4d
Ubuntu Security Notice USN-2986-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2986-1 - Hanno Boeck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-8872, CVE-2016-4804
SHA-256 | da38661d6945da1e3b285a9b98f21ee0540c0b6f2c623eb141bf3bb5abcf7497
Boxoft Wav To MP3 Converter 1.0 Buffer Overflow
Posted Jun 1, 2016
Authored by Mandar Jadhav

Boxoft WAV to MP3 Converter version 1.0 SEH-based buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-7243
SHA-256 | f167dce35f2d2b1bd9eb8b12d0b2dd01542576bb1c7c0db3f34346dfd453255c
AirOS NanoStation M2 5.6-beta File Download / Command Execution
Posted Jun 1, 2016
Authored by Pablo Rebolini

AirOS NanoStation M2 version 5.6-beta suffers from arbitrary file download and remote command execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability
SHA-256 | 3ddab30cdd87f40d54e6b180428a988618f8d325f7556d7093973d1ac3342f6a
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close