accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-09-15

Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
MD5 | 6a1d15c93ad05a4e23a938523dfc618f
NetBSD mail.local Privilege Escalation
Posted Sep 15, 2016
Authored by h00die, Akat1 | Site metasploit.com

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

tags | exploit, local, root
systems | netbsd
MD5 | cdaa0e49eff853b77338979292a1bfd3
RSA BSAFE Micro Edition Suite SLOTH Updates
Posted Sep 15, 2016
Site emc.com

RSA announces security fixes to RSA BSAFE Micro Edition Suite designed to address Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) attack on TLS 1.2. RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 and all 4.0.x versions prior to 4.0.9 are affected.

tags | advisory
advisories | CVE-2016-0923, CVE-2016-0924
MD5 | 54791e711a56624b43a8364aead12040
Ubuntu Security Notice USN-3080-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3080-1 - Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. Andrew Drake discovered that the Python Imaging Library incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2014-3589
MD5 | 049f41fc88efb9a4b9f78bfc22d3729d
Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS
Posted Sep 15, 2016
Authored by Patryk Bogdan

Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability, xss, csrf
systems | cisco
MD5 | da040bc2a2f881da29f4fe41cf33122f
Android Adobe Air 22.0.0.153 Insecure Tranport
Posted Sep 15, 2016
Site wwws.nightwatchcybersecurity.com

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications' users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.

tags | advisory, web
advisories | CVE-2016-6936
MD5 | 39f90cf5b1a2e010d5019918471e3e10
ASUS RT-N10 CSRF / Code Execution / XSS / Open Redirection
Posted Sep 15, 2016
Authored by MustLive

ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
MD5 | f6f873a9a7063b62b83cfc4a423b2711
Keypatch 2.0
Posted Sep 15, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.

Changes: Various issues addressed. Better support for Python 2.6 and older IDA versions.
tags | tool
systems | unix
MD5 | 8eecdc1700aaadc3d5679d8ade65ca36
PrivateTunnel Client 2.7.0 (x64) Local Credential Disclosure
Posted Sep 15, 2016
Authored by Yakir Wizman, Viktor Minin

PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.

tags | exploit, local, info disclosure
MD5 | b93072e68c9b00bfcbdb941ef187fe27
Red Hat Security Advisory 2016-1847-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1847-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
MD5 | 41ccad68aa5a14474e880fb5ed54d002
Ubuntu Security Notice USN-3058-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3058-1 - An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5150, CVE-2016-5153, CVE-2016-5155, CVE-2016-5156, CVE-2016-5161, CVE-2016-5164, CVE-2016-5165, CVE-2016-5167
MD5 | 6558e054a291ad0d1146bf2dc4645f0b
Red Hat Security Advisory 2016-1875-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1875-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to the kernel-3.10.0-327.36.1 source tree, which provides a number of bug fixes over the previous version. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
MD5 | 4393b4a708efbf806481e5ff04e11556
Red Hat Security Advisory 2016-1883-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1883-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-327.rt56.197, which provides a number of bug fixes over the previous version. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
MD5 | d8be4b948f2b29d404cd38cb26922160
Bezaat Script 2 Shell Upload
Posted Sep 15, 2016
Authored by xBADGIRL21

Bezaat Script version 2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 0973270c9beb31b7fe96b3871889d8d3
Bezaat Script 2 SQL Injection
Posted Sep 15, 2016
Authored by xBADGIRL21

Bezaat Script version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2035ad1e64e07b0706a0d5f233e6ce0b
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close