exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-08-17

GNU Privacy Guard 1.4.21
Posted Aug 17, 2016
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Added dummy option --with-subkey-fingerprint. Updated Russian translation. Various other updates and tweaks.
tags | tool, encryption
SHA-256 | 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276
Red Hat Security Advisory 2016-1625-02
Posted Aug 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1625-02 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387
SHA-256 | e46f7e48c371c1fb23dc15c019ebef4662dc5d09b16f0d3ac63da730c3ac35b6
Red Hat Security Advisory 2016-1624-01
Posted Aug 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1624-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387, CVE-2016-5388
SHA-256 | ca7ccdac8b6da50eb2b2518f63459ecd23735de90547e027d6dc0d4318c75e65
Faraday 2.0.0
Posted Aug 17, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Faraday Server. Improved performance in web UI. Added some basic APIs to Faraday Server. Added licenses management section in web UI. Various other updates and changes.
tags | tool, rootkit
systems | unix
SHA-256 | 05d69e401006acaebfc9c7c51cc1d781e8c2439f1ccfc2b05ef2d928ee6f5a63
Siemens IP-Camera Unauthenticated Remote Credential Disclosure
Posted Aug 17, 2016
Authored by Yakir Wizman

Siemens IP-Camera versions x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, and x.2.2.1235 suffer from an unauthenticated credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 6f66438ce50ec2d5fc732fa79d30cf3d29dcbb1b1a9b5a54690478fb7fa6a831
Microsoft Windows Kernel win32k.sys FON Divide-By-Zero
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

There exists a Microsoft Windows kernel win32k.sys FON font processing divide-by-zero exception in win32k!MAPPER::bFoundExactMatch.

tags | exploit, kernel
systems | windows
SHA-256 | 86fb74f0e63010ff0a7fb4973eb0c6d1caaf2804f136ab3f0378d821bad93cd8
Microsoft GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Buffer Overflow
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

There exists a Microsoft GDI+ heap-based buffer overflow vulnerability in the handling of EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA records.

tags | exploit, overflow
advisories | CVE-2016-3304
SHA-256 | 440b0349f3fb3326757edc43d915b3d78d5de13ebfbd99f1dedbbe5e5af5ad08
Microsoft GDI+ DecodeCompressedRLEBitmap Out-Of-Bounds Write
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in DecodeCompressedRLEBitmap.

tags | exploit, proof of concept
advisories | CVE-2016-3301
SHA-256 | f844fc522185ba44ce4354d3b48adb145bfe386433316fd5ea471ef8d2828ce7
Microsoft GDI+ ValidateBitmapInfo Out-Of-Bounds Write
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in ValidateBitmapInfo.

tags | exploit, proof of concept
advisories | CVE-2016-3303
SHA-256 | 7b31bbc88836070948b74762707fba14655f55a51249826bb0bd82fc4dec8240
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann | Site syss.de

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260
Ubuntu Security Notice USN-3063-1
Posted Aug 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3063-1 - Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-5384
SHA-256 | 36e3ca185d26d83c3e43e46cd3a405429a27c098352c0bba16ccb878680482ed
Cisco Security Advisory 20160817-fmc
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, root
systems | cisco
SHA-256 | 8c21b803e3d6d780b64143a8afceabb01b50eb9a9179666705264a98099bc1b0
Cisco Security Advisory 20160817-apic
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, arbitrary, root
systems | cisco
SHA-256 | 444b2e4249124581943354f845beac2191b8d53f74743737e7b7a114de4d86e2
Cisco Security Advisory 20160817-firepower
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web
systems | cisco
SHA-256 | f4d8d88c507a46b15e32ffc35830cdfebf152e82a43148cb0c2b116c9bb2e5be
Ubuntu Security Notice USN-3062-1
Posted Aug 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3062-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
SHA-256 | b0a61a13fda58ff4a8591689f876e85279d2a48175e5999bde42a3d939844357
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close