what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-08-25

Apple Security Advisory 2016-08-25-1
Posted Aug 25, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
SHA-256 | 5c8254f6d029f1bd1d46ecd3f6c71e08629723831b6317f16c4037f0d55ee4b6
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0424
SHA-256 | 889f5e3dd07c7308e8658794c8da5c0f5284acb131eb8f9f9a5633ddc0a01a18
Hacking Soft Tokens - Advanced Reverse Engineering On Android
Posted Aug 25, 2016
Authored by Bernhard Mueller

Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for users but also exposes the tokens to attacks by mobile malware and manual attacks. To compensate for these risks, many software token vendor apply a combination of obfuscation, anti-tampering, and cryptography. The question is, how effective are these measures in protecting the users' data? In this paper, the author shows different kinds of attacks that can be used to reverse engineer OTP algorithms and extract the stored secrets. Techniques range from classical static and dynamic analysis to custom kernel sandboxes and full-system emulation. The author demonstrates proof-of-concept exploits for current soft tokens of major vendors, and explain methods of assessing the effectiveness of a given set of obfuscation.

tags | paper
SHA-256 | dfddec2a3011688d5204b41866d859bf209f9d75098433f3997a79ab1b4de264
JD Edwards 9.1 EnterpriseOne Server Create Users
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.

tags | advisory
advisories | CVE-2016-0420
SHA-256 | ca565817d3ce7b6ada51f79927008a327710729db5d5e96af07939a94de5a0bd
Ubuntu Security Notice USN-3069-1
Posted Aug 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3069-1 - It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6855
SHA-256 | 501aedaad4ec423bfaa8963bc9240d1596336e79197ccc47ff97929d717a25d3
FreePBX 13.0.35 Remote Code Execution
Posted Aug 25, 2016
Authored by Ahmed Sultan

FreePBX version 13.0.35 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 9f37827142bf53b0013d7940253b895919f35fe0422d0f437e0b24e641c86bbd
JD Edwards 9.1 EnterpriseOne Server JDENet Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.

tags | advisory
advisories | CVE-2016-0422
SHA-256 | 4f1e778e88e221bb4ce3c6afa9a34ba2a2c2b9ca7fc096f5c96232f9c74fe045
JD Edwards 9.1 EnterpriseOne Server JDENET Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0423
SHA-256 | c8d127427c2da707a52dde5b0e9cf0feca87adcede5955d36f02c566422d65b7
JD Edwards 9.1 EnterpriseOne Server Manager Shutdown
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.

tags | advisory
advisories | CVE-2016-0421
SHA-256 | f554646aa3f6dfa37e5cf970dfccc59f2a82098df1f7e66dec5919c9d1c7de0d
JD Edwards 9.1 EnterpriseOne Server Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-0425
SHA-256 | f62b06ca46ce6a950bf75e81bcd7d1a68c1c5faa0828341fcfd2c92b0be3d0e8
Micro Focus GroupWise Cross Site Scripting / Overflows
Posted Aug 25, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.

tags | exploit, overflow, vulnerability, xss
advisories | CVE-2016-5760, CVE-2016-5761, CVE-2016-5762
SHA-256 | 259e1178ca32777e61016eaf9c26499e22db2bed9b9f9028eb31c3fc116900c6
WebKitGTK+ SOP Bypass / Information Disclosure
Posted Aug 25, 2016
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from same-origin bypass, information disclosure, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
SHA-256 | c93c90aa095a8005973c2738f5cdc52a381cac0a35ec331ae2bb11cdd652f0a6
Dotclear 2.9.1 SSRF / XSPA
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 allows authenticated users to leverage the RSS import functionality to scan ports of the internal network.

tags | exploit
SHA-256 | b4ca9a915294a5f4bbde53e55111eef594e01219e39ac3a8e6cd43243e379090
Dotclear 2.9.1 Shell Upload
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, bypass
SHA-256 | ba8acc3417c99536c3b107bc026c7f484a8fbe713e64b1bc8e9382c721b867af
Dotclear 2.9.1 Directory Download
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 suffers from a directory download vulnerability.

tags | exploit
SHA-256 | 12d8a11be25e1fffa3e1545be1c56d3281f8b11c9eb0a5d1daf717597c92f8b4
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close