accept no compromises
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-06-30

OpenSCAP Libraries 1.2.10
Posted Jun 30, 2016
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
MD5 | e9a6c329d97dd687c1ec52070aabb4d0
Packet Storm New Exploits For June, 2016
Posted Jun 30, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 234 exploits added to Packet Storm in June, 2016.

tags | exploit
systems | linux
MD5 | ca77423622cbe297aadf81e2231d9aa3
Huawei HiSuite For Windows 4.0.3.301 Privilege Escalation
Posted Jun 30, 2016
Authored by Benjamin Gnahm

A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Versions 4.0.3.301 and below are affected.

tags | exploit, local, root
systems | windows
advisories | CVE-2016-5821
MD5 | 4a47cc8b8db59a2d9c68e01eef3e016b
Ubuntu Security Notice USN-3015-1
Posted Jun 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3015-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1704
MD5 | a628c16145029394feccb43a6199fb89
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
MD5 | 19d549e2bf200ce1007cbd7889159a9f
Joomla SmartFormer 2.4.1 Shell Upload
Posted Jun 30, 2016
Authored by indoushka

Joomla Smartformer component version 2.4.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 87b4cf503ae790e52d9884ac4311e1cc
Ktools Photostore 4.7.5 Blind SQL Injection
Posted Jun 30, 2016
Authored by Viktor Minin, Gal Goldshtein

Ktools Photostore versions 4.7.5 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-4337
MD5 | 31585cbb01e8a944faec1e5a184b2224
RockLoader SQL Injection / Shell Upload
Posted Jun 30, 2016
Authored by Danail Velev

The RockLoader malware tool suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 9ead0cdbfb4aa372c930fa5b739b199a
Phoenix Exploit Kit Remote Code Execution
Posted Jun 30, 2016
Authored by CrashBandicot

Phoenix Exploit Kit suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 13da5f7b6460e5b2914ab6d216963f28
Debian Security Advisory 3611-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
MD5 | eaa31806900c66154bd56d14b7920190
Debian Security Advisory 3610-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3610-1 - Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library.

tags | advisory, remote, denial of service, overflow
systems | linux, debian
advisories | CVE-2016-4463
MD5 | eddc22b2f91e3165aa1a24d556797560
Ubuntu Security Notice USN-3022-1
Posted Jun 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3022-1 - It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4324
MD5 | e2223e0afd7cbe887b44b402c7d1afc6
Debian Security Advisory 3608-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3608-1 - Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-4324
MD5 | f166db3babbb3b318697f66107fe8818
Debian Security Advisory 3609-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3609-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
MD5 | 677c4d6eebeca538308512427182e0e7
Red Hat Security Advisory 2016-1374-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1374-01 - JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal's web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | 8aa8be959309bf038c8dae5af6f900cf
Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect
Posted Jun 30, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2016-3652, CVE-2016-3653, CVE-2016-5304
MD5 | 7ffb2e34fe50285c721b4aedd83c7b4b
WordPress Ultimate Membership Pro 3.3 SQL Injection
Posted Jun 30, 2016
Authored by wp0Day.com

WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1edf720e1cf5a3365de1109374788267
Cuckoo Sandbox Guest 2.0.1 Code Execution
Posted Jun 30, 2016
Authored by Remi ROCHER

Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.

tags | exploit, remote, code execution
MD5 | ad8c34babcb2db9a30ec00d0ae690133
Lenovo ThinkPad System Management Mode Arbitrary Code Execution
Posted Jun 30, 2016
Authored by Cr4sh

This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.

tags | exploit
systems | linux
MD5 | adf159af4673497e918b5c92202dab2b
Windows 7 SP1 x86 Privilege Escalation
Posted Jun 30, 2016
Authored by blomster81

Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.

tags | exploit, x86
systems | windows, 7
advisories | CVE-2016-0400
MD5 | 74a7278c257d49aa95bce167963b335c
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close