all things security
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-09-08

Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Posted Sep 8, 2016
Authored by Ross Marks

Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.

tags | exploit, vulnerability, code execution, xss, sql injection, info disclosure, file upload
MD5 | fe6cd5ec5043dc4c0ac9d9e0f99b84be
Zabbix 3.0.3 SQL Injection
Posted Sep 8, 2016
Authored by Zzzians

Zabbix versions 2.0 through 3.0.3 remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | 654c49fa173165e4ba7bfe4ab50dee95
LogMeIn Client 1.3.2462 (64bit) Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman, Alexander Korznikov, Viktor Minin

LogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | f42163efba216fb7cc5b04cf4cf7056c
Apple iCloud Desktop Client 5.2.1.0 Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman, Alexander Korznikov, Viktor Minin

Apple iCloud Desktop Client version 5.2.1.0 local credential memory disclosure exploit.

tags | exploit, local, info disclosure
systems | apple
MD5 | e3de4c2b212ed22ff0cd348244cf3c47
Dropbox Desktop Client 9.4.49 Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman

Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | d397eb76564bfeff5f4fcfe1fd7d35a5
Red Hat Security Advisory 2016-1841-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1841-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
MD5 | 17cac31bd6107b2ce305ebe0e0920bc6
Red Hat Security Advisory 2016-1838-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1838-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
MD5 | ac982b8664d0cafee649299c1190835c
Red Hat Security Advisory 2016-1840-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1840-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
MD5 | e560d26bb9b7e09b40d1b05a839944f8
Red Hat Security Advisory 2016-1839-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1839-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
MD5 | 5c56b75a1f2035c1d558118f80b141cc
Red Hat Security Advisory 2016-1836-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1836-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

tags | advisory
systems | linux, redhat
MD5 | fcde0bf5d648bf9a2cbe37fe25147a83
Windows x86 TCP Bind Shell Shellcode
Posted Sep 8, 2016
Authored by Roziul Hasan Khan Shifat

Microsoft Windows x86 TCP bind shell shellcode.

tags | shell, x86, tcp, shellcode
systems | windows
MD5 | 81ca9b2fe7691f52ad5a45f10902c82e
Dashlane doOnboardingSiteStep API Cross Site Scripting
Posted Sep 8, 2016
Authored by Tavis Ormandy, Google Security Research

Dashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.

tags | exploit, xss
MD5 | 2ed024b727570d7e517255e81b95ccf2
Android debuggerd Mitigation Bypass / Information Leak
Posted Sep 8, 2016
Authored by Jann Horn, Google Security Research

Android debuggerd was recently changed to drop privileges between attaching to a crashed process and dumping it to reduce its attack surface. The following issue allows that mitigation to be bypassed and also allows a privileged attacker (logcat access) to bypass userland ASLR.

tags | advisory
MD5 | 67683a60a52e3f5071f06ffcb5c74cda
Adobe Flash Method Calls Use-After-Free
Posted Sep 8, 2016
Authored by Google Security Research, natashenka

If a method is called on a MovieClip in Adobe Flash, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a user-after-free.

tags | exploit
advisories | CVE-2016-4231
MD5 | 27be5c979611472463a68f8b13658fb7
Adobe Flash Transform.colorTranform Getter Information Leak
Posted Sep 8, 2016
Authored by Google Security Research, natashenka

There is an information leak in Adobe Flash in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will execute when fetching the constructor, which can then free the MovieClip containing the Tranform.

tags | exploit
advisories | CVE-2016-4232
MD5 | 8d079805343452ad82940ac5dc3af405
Android libutils Heap Buffer Overflow
Posted Sep 8, 2016
Authored by Google Security Research, Mark Brand

Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-3861
MD5 | ca48cd81170253fac6461c982222bb7a
Wireshark Analyzer 2.2.0
Posted Sep 8, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | c7de0997f74934f25b456846cf75cb81
SugarCRM REST Unserialize PHP Code Execution
Posted Sep 8, 2016
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.

tags | exploit, arbitrary, php
MD5 | f9879bb95d16d3382f2534b9240c7d25
Red Hat Security Advisory 2016-1821-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1821-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
MD5 | 072c0cf4cc248224a883ed3f69af8300
Red Hat Security Advisory 2016-1820-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1820-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
MD5 | 03845ea8c78fe03beb2a9d6be120a391
Debian Security Advisory 3661-1
Posted Sep 8, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3661-1 - It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

tags | advisory
systems | linux, debian
advisories | CVE-2016-7143
MD5 | 29cce47c9ea70bd964117fc78cd41674
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close