exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2016-07-01

XpoLog Center 6 Cross Site Request Forgery
Posted Jul 1, 2016
Authored by LiquidWorm | Site zeroscience.mk

XpoLog version 6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | c481c46cc63aa10becaba25e85ac5f5dcd5948376fb9dc30cdecde459fdbad9d
HP Security Bulletin HPSBGN03627 1
Posted Jul 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03627 1 - A potential security vulnerability has been identified with HPE Service Manager. This is the RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 7c6ebe827eae0bacd2a4c46ef0accd6ec66d2c234787734246d6671b00c65198
Debian Security Advisory 3612-1
Posted Jul 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3612-1 - Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user running GIMP if a specially crafted XCF file is processed.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-4994
SHA-256 | 091347c6cc4180d8e8112e957c4dd08a82d007da8daacb8b67fbe108025814e8
XpoLog Center 6 XSS / CSRF / Open Redirect
Posted Jul 1, 2016
Authored by LiquidWorm | Site zeroscience.mk

XpoLog version 6 suffers from cross site scripting, open redirection, and cross site request forgery vulnerabilitie.

tags | exploit, xss, csrf
SHA-256 | 2ab464bfc0f5a39be1056dbad1fb0a9fec338572e2cfc1ea1b4a2426dadeeb5e
SQLite Tempdir Selection
Posted Jul 1, 2016
Authored by Hank Leininger | Site korelogic.com

Usually processes writing to temporary directories do not need to perform readdir() because they control the filenames they create, so setting /tmp/ , /var/tmp/ , etc. to be mode 1733 is a not uncommon UNIX hardening practice. Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check. All versions of SQLite prior to 3.13.0 are affected.

tags | exploit
systems | unix
SHA-256 | 762be39effea94233c24738dcf6d499f38f825f4b7984d06ada2c300f0ae4c55
TP-Link Forgot To Register Their Domain
Posted Jul 1, 2016
Authored by Amitay Dan

TP-LINK forgot to buy the domain www.tplinklogin.net which is meant to be used to configure their hardware.

tags | advisory
SHA-256 | 37b7d0f6a0e3adef02f0a3653dcd934598a0fbbbeda891f93cb3629d5e221cfe
HP Security Bulletin HPSBGN03626 1
Posted Jul 1, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03626 1 - A vulnerability in TLS using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" was addressed by HPE Service Manager. The vulnerability could be remotely exploited to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 273336983ab7c89049298197cce72162f447dfe45d581519c19e477dfd6764e3
Putty Beta 0.67 DLL Hijacking
Posted Jul 1, 2016
Authored by Sachin Wagh

Putty version Beta 0.67 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2016-6167
SHA-256 | d37787462e07856730caa0a55900c211e74f847320655af0ae9140840680050f
Microsoft Visual Studio 2015 Community Edition DLL Hijacking
Posted Jul 1, 2016
Authored by Stefan Kanthak

The executable installers for Microsoft Visual Studio 2015 Community Edition suffer from a dll hijacking vulnerability.

tags | advisory
systems | windows
SHA-256 | 6c33844386682e97898f08238081d1ee36b2e189b4bae3c94a154c3d92aa148a
Linux 4.5 Double Fetch / Race Condition
Posted Jul 1, 2016
Authored by Pengfei Wang

The Linux 4.5 kernel suffers from a double-fetch vulnerability.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-6130
SHA-256 | 0fa18c9a6344bc9a0269909726c6c873d1f6b33cf5bb9ba86066463d0e9f78ae
Release Automation XSS / XXE Injection
Posted Jul 1, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.

tags | advisory, remote, web, denial of service, local, vulnerability, xss, xxe
advisories | CVE-2015-7370, CVE-2015-8698, CVE-2015-8699
SHA-256 | 2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9
Linux 4.5 Double Fetch
Posted Jul 1, 2016
Authored by Pengfei Wang

The Linux 4.5 kernel suffers from a double-fetch vulnerability.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-5728
SHA-256 | 13b21223af0684b30336626164fe007fe88951d4f102ce39dcc89f002c2eb02a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close