what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2016-07-13

WordPress Top 10 Popular Posts 2.3.0 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Top 10 Popular Posts plugin version 2.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ef13b9046be953e681d2fe0e87def1da4ba275c47d315b48c71767de2390123
WordPress Simple Membership 3.2.8 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Simple Membership plugin version 3.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3e8992560e17c27925537a0aace108c6ef22f9b536239abaf910f9e8ea96163e
Red Hat Security Advisory 2016-1423-01
Posted Jul 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1423-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225
SHA-256 | 9f4c4559dcc06b30ea7338671d732f696623ebe9e897337ee5a38a3ddeba841d
Gentoo Linux Security Advisory 201607-03
Posted Jul 13, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-3 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.632 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244
SHA-256 | 0ced70ce46c6bc69a8de361251892d7f727488e726c52bdd9e961f23649e5d8c
WordPress WP No External Links 3.5.15 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WP No External Links plugin version 3.5.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 708a16d3086d6d4fbf54c12feb7c24010807b262e8b4085980426fd79cdb8538
Red Hat Security Advisory 2016-1424-01
Posted Jul 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1424-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2016-0734, CVE-2016-0782
SHA-256 | 1f8ef5e671baaab7e8547e070bffdc69105dac1529159adb5f0b5131fa269819
Cisco Security Advisory 20160713-ncs6k
Posted Jul 13, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the Route Processor (RP) on the affected platform. The vulnerability is due to improper management of system timer resources. An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device. An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

tags | advisory, remote, shell, protocol
systems | cisco, osx
SHA-256 | d2a2fb27fa8069e1f32a27a53e552ca35bbb07276c635891d08f5591239efdb9
Open-Xchange App Suite 7.8.1 Cross Site Scripting
Posted Jul 13, 2016
Authored by Martin Heiland

Open-Xchange App Suite version 7.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-5124
SHA-256 | 54885411364ea66a6a88cc613ff3399708f6b52cbe59e735d9647a8e158559b8
WordPress Google Forms 0.84 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Google Forms plugin version 0.84 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8fb3153cc86d1f165cf198ec1a8cceeefd1b6e4eae41b148c5f367fda60005dd
Adobe Acrobat Reader DC 15.016.20045 Memory Corruption
Posted Jul 13, 2016
Authored by Sebastien Morin, Pier-Luc Maltais

Adobe Acrobat Reader DC version 15.016.20045 suffers from multiple memory corruption vulnerabilities while handling font (.ttf) files. Adobe is offering support for this issue here: https://forums.adobe.com/community/adobe_reader_forums.

tags | exploit, vulnerability
systems | linux
advisories | CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208
SHA-256 | bdb4c4a106248c3069f4855591ddaf79f2160358e93e9ff16c4c15d0d021d23a
Suricata IDPE 3.1.1
Posted Jul 13, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: DNS transaction handling issues addressed. libhtp updated. Various other bug fixes and feature additions.
tags | tool, intrusion detection
systems | unix
SHA-256 | b8f5711f4c24627b056a3889b296b29ec515b34bc2287ad20d13ca20da777ff7
Lynis Auditing Tool 2.3.0
Posted Jul 13, 2016
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Several big changes have been made to core functions of Lynis. There is a risk of breaking your existing configuration. As this is a major release, please check the changelog for details.
tags | tool, scanner
systems | unix
SHA-256 | c48c9a7e0abd16efb2d35975f105f10f5d25b1b9439a4d1e7933579b9f159a11
pmount 0.9.23 Arbitrary Device Mount
Posted Jul 13, 2016
Authored by Imre Rad

pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted system completely. Versions 0.9.23 is affected.

tags | exploit, arbitrary, local
SHA-256 | 2721035920e3ee68f9a9ba12f5b428e825d1682c57e62014bc2baa2e25fb29e5
WSO2 SOA Enablement Server Cross Site Scripting
Posted Jul 13, 2016
Authored by Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a reflective cross site scripting vulnerability.

tags | exploit, java, xss
SHA-256 | fa89320b02ace12f9ce8f44cd234672b01d01cdb40063e5160e5018276a2cba0
WSO2 SOA Enablement Server XML External Entity Injection
Posted Jul 13, 2016
Authored by Jakub Palaczynski, Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from an XML external entity injection vulnerability.

tags | exploit, java, xxe
SHA-256 | d9e516d3777daf410177b4c7a8c4a54f5f7f7677f5de9b1ae66ff8fa3a81c9c2
WSO2 SOA Enablement Server Server Side Request Forgery
Posted Jul 13, 2016
Authored by Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a server-side request forgery vulnerability.

tags | exploit, java
SHA-256 | 594a45b22a23f9e58e46937bbcd941f25047119a629d5af81361518a99390750
RootExplorer Man-In-The-Middle / Remote Code Execution
Posted Jul 13, 2016
Authored by 0x3d5157636b525761

RootExplorer is a rooted Android App aimed to ultimately control file operations on an Android device. Unfortunately, RootExplorer tries to download an external busybox from plain a HTTP website, which might cause rooted remote code execution.

tags | advisory, remote, web, root, code execution
SHA-256 | 198bffa368d070bf6edcd0638d73b7f559980f3f73607c0265ebe726b5beffb2
GSX Analyzer 10.12 / 11 Backdoor Account
Posted Jul 13, 2016
Authored by ndevnull

GSX Analyzer versions 10.12 and 11 appear to have a hard-coded backdoor account in Main.swf.

tags | exploit
SHA-256 | 6d80581013db353159aba11395fc2dae0e7f7efdada56ef40a81c5ebb8a043a1
Linux x86 Reverse Shell Using Xterm Shellcode
Posted Jul 13, 2016
Authored by RTV

Linux x86 reverse shell shellcode using xterm ///usr/bin/xterm -display 127.1.1.1:10.

tags | shell, x86, shellcode
systems | linux
SHA-256 | cebb6dfd9fc7d25b9474817067d4e33c98b2cbde02d6887292bcb0ac4f022622
Bitdefender Antivirus Free Edition DLL Hijacking
Posted Jul 13, 2016
Authored by Himanshu Mehta

Bitdefender Antivirus Free Edition suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 7a561aabd827fc247f1828536bebb8f12c7d544c14a39de3ea814851f10f9b24
Windows x86 Download / Execute Shellcode
Posted Jul 13, 2016
Authored by Roziul Hasan Khan Shifat

Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | fe70b42b0ff9740dddf091231d8cb5b25f3fa26da592d971f7324912ff25a9ca
7-Zip 16.02 DLL Hijacking
Posted Jul 13, 2016
Authored by Himanshu Mehta

7-Zip version 16.02 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 9c942b3d29760a010a0264e776039ca442e49ac4dc1d71898af0038a680adc6d
C.COM Events CMS 0.1.02 SQL Injection / Authentication Bypass
Posted Jul 13, 2016
Authored by indoushka

C.COM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
SHA-256 | badd4e311620c0ffc4e4e10b647342354403647a5028bddefb06ef4694285b41
Adobe Flash Player fpb.tmp Privilege Escalation
Posted Jul 13, 2016
Authored by Stefan Kanthak

The executable installers of Adobe Flash Player released on 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained allowing for fpb.tmp to be executed with elevated privileges.

tags | advisory
advisories | CVE-2016-1014, CVE-2016-4247
SHA-256 | 7fce869dc5cc72a56c6ca8e37ed36104181ea7438b19857348e8d22068b38b07
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close