Twenty Year Anniversary
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-06-01

Wireshark erf_meta_read_tag SIGSEGV Invalid Memory Read
Posted Jun 1, 2016
Authored by Google Security Research, mjurczyk

A SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark.

tags | exploit
systems | linux
MD5 | 5b8b361d24d00409e22a66bb92547b0b
HP Security Bulletin HPSBOV03615 1
Posted Jun 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03615 1 - Potential security vulnerabilities have been identified in OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine. These vulnerabilities could be exploited remotely resulting in access restriction bypass, Cross-Site Request Forgery (CSRF), directory traversal, unauthorized read access to data, execution of arbitrary code with privilege elevation, or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
MD5 | 8394455f273dcafb1f16b907206d1f9f
Debian Security Advisory 3592-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3592-1 - It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might processes.

tags | advisory
systems | linux, debian
advisories | CVE-2016-4450
MD5 | 42cbce0b30d64e931e4e4c79f64bcae1
Cisco Security Advisory 20160601-prime3
Posted Jun 1, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the IPv6 packet decode function of the Cisco Network Analysis Module (NAM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an improper calculation of the IPv6 payload length of certain IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets on the network where the NAM is collecting and monitoring traffic. An exploit could allow the attacker to cause a DoS condition and the NAM could cease to collect and monitor traffic for a short time. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | a54ae8462e1069a6923abdedd418d033
Cisco Security Advisory 20160601-prime
Posted Jun 1, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 07d458aca42a1bee351287e78712def6
Packet Storm New Exploits For May, 2016
Posted Jun 1, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 151 exploits added to Packet Storm in May, 2016.

tags | exploit
systems | linux
MD5 | cb6eb07bc728cffa15f99394b39cf0ba
Joomla SecurityCheck 2.8.9 Cross Site Scripting / SQL Injection
Posted Jun 1, 2016
Authored by Muhammet Dilmac, Gokmen Guresci

Joomla SecurityCheck component version 2.8.9 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | e67ea4f9e599a33173c405f40af88ff7
Liferay CE Stored Cross Site Scripting
Posted Jun 1, 2016
Authored by Fernando Camara

Liferay CE versions prior to 6.2 CE GA6 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-3670
MD5 | 2dee8950339496f20e648117530aff66
PHPList 3.2.4 Cross Site Request Forgery / Cross Site Scripting
Posted Jun 1, 2016
Authored by Mickael Dorigny

PHPList version 3.2.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b27a45e55fe8110a04dcdd2c862beb1f
AjaxExplorer 1.10.3.2 CSRF / XSS / Command Execution
Posted Jun 1, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

AjaxExplorer version 1.10.3.2 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
MD5 | 8013f704f820aebcbce3062d6a0ba4a9
KeePass 2 Man-In-The-Middle
Posted Jun 1, 2016
Authored by Florian Bogner

KeePass 2's update check suffers from a man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2016-5119
MD5 | 1f024e377d720a2b975fff06d3851287
FreeBSD Security Advisory - FreeBSD-SA-16:20.linux
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo() system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | linux, freebsd
MD5 | 1e15711ef418910a989c906474f5221c
FreeBSD Security Advisory - FreeBSD-SA-16:22.libarchive
Posted Jun 1, 2016
Authored by Alexander Cherepanov | Site security.freebsd.org

FreeBSD Security Advisory - The cpio(1) tool from the libarchive(3) bundle is vulnerable to a directory traversal problem via absolute paths in an archive file. A malicious archive file being unpacked can overwrite an arbitrary file on a filesystem, if the owner of the cpio process has write access to it.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2015-2304
MD5 | 274629714de89c0dd89194957e9ee690
FreeBSD Security Advisory - FreeBSD-SA-16:23.libarchive
Posted Jun 1, 2016
Site security.freebsd.org

FreeBSD Security Advisory - An integer signedness error in the archive_write_zip_data() function in archive_write_set_format_zip.c in libarchive(2) could lead to a buffer overflow on 64-bit machines. An attacker who can provide input of their choice for creating a ZIP archive can cause a buffer overflow in libarchive(2) that results in a core dump or possibly execution of arbitrary code provided by the attacker.

tags | advisory, overflow, arbitrary
systems | freebsd
advisories | CVE-2013-0211
MD5 | 4e380ba863ed7b8823111e3484f3780e
FreeBSD Security Advisory - FreeBSD-SA-16:21.43bsd
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of historic stat(2) system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | freebsd
MD5 | 050fa392be53d3265e4e182e8ba729df
Ubuntu Security Notice USN-2988-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2988-1 - Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged container into privileged mode. A local attacker could use this issue to access any world readable path in the container directory, including setuid binaries. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-1581, CVE-2016-1582
MD5 | 862658ec7daa085c55f4fa50a49fcc05
Ubuntu Security Notice USN-2987-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2987-1 - It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-2497, CVE-2014-9709, CVE-2015-8874, CVE-2015-8877, CVE-2016-3074
MD5 | 99231ebd2c99339086c13e49358bf8a1
HP Security Bulletin HPSBGN03609 1
Posted Jun 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03609 1 - Several potential security vulnerabilities have been identified in HPE LoadRunner and Performance Center. These vulnerabilities could be exploited remotely to allow code execution, and Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2016-4359, CVE-2016-4360, CVE-2016-4361
MD5 | 4aaa5d5299494240f548b5049f93ffdd
Red Hat Security Advisory 2016-1190-01
Posted Jun 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1190-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.63. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695
MD5 | dcedea7b2b4fe755d8a21da4a5579efe
Debian Security Advisory 3591-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3591-1 - Bob Friesenhahn from the GraphicsMagick project discovered a command injection vulnerability in ImageMagick, a program suite for image manipulation. An attacker with control on input image or the input filename can execute arbitrary commands with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-5118
MD5 | 0f04d44662ba26899332dd9edc703be1
Debian Security Advisory 3590-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3590-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695
MD5 | ee70bb4ab7a090834ec70da55311e97e
Ubuntu Security Notice USN-2989-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2989-1 - Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-4004, CVE-2016-2069, CVE-2016-2117, CVE-2016-2187, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-4485, CVE-2016-4486, CVE-2016-4581
MD5 | 41544a4b1b693961a2ae9408e0f7754d
Ubuntu Security Notice USN-2986-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2986-1 - Hanno Boeck discovered that dosfstools incorrectly handled certain malformed filesystems. A local attacker could use this issue to cause dosfstools to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-8872, CVE-2016-4804
MD5 | 5e32117efa1eddd39048eb0ce9d15625
Boxoft Wav To MP3 Converter 1.0 Buffer Overflow
Posted Jun 1, 2016
Authored by Mandar Jadhav

Boxoft WAV to MP3 Converter version 1.0 SEH-based buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-7243
MD5 | b8cc9c856e567506608d5ddfa311e212
AirOS NanoStation M2 5.6-beta File Download / Command Execution
Posted Jun 1, 2016
Authored by Pablo Rebolini

AirOS NanoStation M2 version 5.6-beta suffers from arbitrary file download and remote command execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability
MD5 | 3f16a9b7e8966a9cd87c3ba40778320d
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close