what you don't know can hurt you
Showing 1 - 25 of 27 RSS Feed

Files Date: 2016-09-13

EMC Documentum D2 Authentication Bypass
Posted Sep 13, 2016
Site emc.com

EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.

tags | advisory, remote
advisories | CVE-2016-6644
MD5 | 682181d66d3943d57de57b65080be012
EMC ViPR SRM XSS / CSRF / File Upload / Brute Force
Posted Sep 13, 2016
Site emc.com

EMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload, csrf
advisories | CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643
MD5 | 35b4414787c6f34d8dd86c193785b71b
Microsoft Security Bulletin Summary For September, 2016
Posted Sep 13, 2016
Site microsoft.com

This bulletin summary lists fourteen released Microsoft security bulletins for September, 2016.

tags | advisory
MD5 | 96c420cd6756641339cf106c177054f3
Apache Shiro Filter Bypass
Posted Sep 13, 2016
Authored by Brian Demers

Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.

tags | advisory, root, bypass
advisories | CVE-2016-6802
MD5 | bc370f745c9371a6399b732f98559522
HP Security Bulletin HPSBST03640 1
Posted Sep 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03640 1 - A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-4381
MD5 | 1c8dac7994cda0ed20d222a930406c7d
HP Security Bulletin HPSBGN03572 1
Posted Sep 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03572 1 - A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2016-4382
MD5 | 5782492fe2536354f7b45da47fd89543
Ubuntu Security Notice USN-3078-1
Posted Sep 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2016-6662
MD5 | 8307a1a3c198fab8e8b27851f1da85dd
Android getpidcon Binder Service Replacement
Posted Sep 13, 2016
Authored by Jann Horn, Google Security Research

Android has an issue where racy getpidcon usage permits binder service replacement.

tags | exploit
MD5 | 1d342b5ad8073d0dbdff59d89b2162db
Battle.Net 1.5.0.7963 Privilege Escalation
Posted Sep 13, 2016
Authored by Tulpa

Battle.Net version 1.5.0.7963 suffers from an insecure file permissions privilege escalation vulnerability.

tags | exploit
MD5 | 9af21dbc8c14ee081fc56278dedb447b
Open-Xchange Guard 2.4.2 Cross Site Scripting
Posted Sep 13, 2016
Authored by Martin Heiland, Benjamin Daniel Mussler

Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2016-6851, CVE-2016-6853, CVE-2016-6854
MD5 | d44f33ba21304aefcec92be18ae9b028
Open-Xchange App Suite 7.8.2 Cross Site Scripting
Posted Sep 13, 2016
Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2016-5740
MD5 | 7a2af6d51c5db2a16311fd0e0642821d
ASUS DSL-X11 ADSL Router Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.

tags | exploit, remote
MD5 | f0f1b7c27f65b57a70da84f3f1a81eca
Antisip libosip2 4.1.0 Heap Buffer Overflow / Denial Of Service
Posted Sep 13, 2016
Authored by bshastry

Antisip libosip2 version 4.1.0 suffers from heap buffer overflow vulnerabilities that can lead to a denial of service.

tags | exploit, denial of service, overflow, vulnerability
MD5 | 15d99f32970b082a0667a57cbc9be63f
Red Hat Security Advisory 2016-1856-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1856-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
MD5 | 40ce1e72c60af8fc7487d1e0ca1f3851
Red Hat Security Advisory 2016-1855-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1855-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316, CVE-2016-6317
MD5 | 40af75057d70a5e460f3583e95deddf5
Red Hat Security Advisory 2016-1857-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
MD5 | b2f11a1ca8fc16b93f03da181e048780
Red Hat Security Advisory 2016-1858-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
MD5 | 5496f33dcf9ad8e9523c64d1adccfbd2
wdCalendar 2 SQL Injection
Posted Sep 13, 2016
Authored by Alfonso Castillo Angel

wdCalendar version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7496350c0a0e52bae8d431311bcc3cd1
Cherry Music 0.35.1 Arbitrary File Disclosure
Posted Sep 13, 2016
Authored by feedersec

Cherry Music version 0.35.1 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | e33ac80c90130a332b3777d0df724eee
Windows x86 Password Protected TCP Bind Shell
Posted Sep 13, 2016
Authored by Roziul Hasan Khan Shifat

637 bytes small Microsoft Windows x86 password protect TCP bind shell shellcode.

tags | shell, x86, tcp, shellcode
systems | windows
MD5 | 44673d888c74d09fc997b10a17a7957e
CodeWarrior 0.3
Posted Sep 13, 2016
Authored by coolervoid

CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.

tags | tool, php, javascript, asp, ruby
systems | unix
MD5 | 125797229a978f1c58e1d352c00eb34e
COMTREND ADSL Router CT-5624 C01_R03 Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

COMTREND ADSL router CT-5624 C01_R03 unauthenticated remote DNS changer exploit.

tags | exploit, remote
MD5 | f20b62a18e85aa08a6bdb3726f9d1cc7
COMTREND ADSL Router CT-5367 C01_R12 Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

COMTREND ADSL router CT-5367 C01_R12 unauthenticated remote DNS changer exploit.

tags | exploit, remote
MD5 | 609f383f574c9ff8e673d3fb1922a227
Tenda ADSL2/2+ Modem 963281TAN Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

Tenda ADSL2/2+ modem version 963281TAN unauthenticated remote DNS changer exploit.

tags | exploit, remote
MD5 | bc39c975231442ef0ef9cec43300cdca
PLANET VDR-300NU ADSL Router Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

PLANET VDR-300NU ADSL Router unauthenticated remote DNS changer exploit.

tags | exploit, remote
MD5 | df36401339accd52d17418ff510132ec
Page 1 of 2
Back12Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close