exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-06-24

GRR 3.1.0.2
Posted Jun 24, 2016
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Added Chrome desktop notifications. Added ability to create a hunt from a flow. Various other updates.
tags | tool, remote, web, forensics
systems | unix
MD5 | 6b606ace12307bd1a789625928665a17
SugarCRM 6.5.23 SugarRestSerialize.php PHP Object Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 75a86f0ba47e36424e523dde32a8cfb9
SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.

tags | exploit, xss
MD5 | d4aa80fa1772da234e2d9b4d7bd5e299
SugarCRM 6.5.18 PHP Code Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
MD5 | 58722361e515edc078b6dc8a90758f93
SugarCRM 6.5.18 Missing Authorization
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.

tags | exploit
MD5 | 7b4962bd34be471d7a0aac23a8f25eaa
SugarCRM 6.5.18 SAML Authentication XML External Entity
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.

tags | advisory, xxe
MD5 | c28483be9e51e708f3c48952da13852e
Mandos Encrypted File System Unattended Reboot Utility 1.7.10
Posted Jun 24, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | d5e479211c52477807ba2510b23019af
Red Hat Security Advisory 2016-1301-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1301-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8767, CVE-2016-3707, CVE-2016-4565
MD5 | fc52232a313b4abcf56a680b3cc8e7b2
Red Hat Security Advisory 2016-1296-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1296-01 - OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are, causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-8869
MD5 | 61240e7a103afd5c9bec02b0f9cebb49
Red Hat Security Advisory 2016-1277-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1277-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8767, CVE-2016-4565
MD5 | 1c7612b0ee79fcc208264920bc309ec2
Red Hat Security Advisory 2016-1333-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1333-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 385c85f33c14705c490aa0081bfb9b1d
Red Hat Security Advisory 2016-1331-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1331-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | ca57cb105d4fac251b28da9d1e063de2
Red Hat Security Advisory 2016-1329-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1329-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | dcef2e9de3080a8f3f6dfbabc18efea3
Red Hat Security Advisory 2016-1332-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1332-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 322420968b5be668a783bfbc9ae90f05
Red Hat Security Advisory 2016-1330-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1330-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 8d9ccaa7811b9e800fa2d7bebc9c2488
Red Hat Security Advisory 2016-1328-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1328-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 4e8226d25359ea7e5bd0527f6174a234
Red Hat Security Advisory 2016-1334-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1334-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Data Grid 6.6. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 056875c26dadda94e994ee9012bfa175
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close