exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-09-15

Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
SHA-256 | 5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74d
NetBSD mail.local Privilege Escalation
Posted Sep 15, 2016
Authored by h00die, Akat1 | Site metasploit.com

This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.

tags | exploit, local, root
systems | netbsd
SHA-256 | 538ce6a834dffd6d9e669ab16ae984c12556d38cab1d2870f6bbbd5bc570cb23
RSA BSAFE Micro Edition Suite SLOTH Updates
Posted Sep 15, 2016
Site emc.com

RSA announces security fixes to RSA BSAFE Micro Edition Suite designed to address Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) attack on TLS 1.2. RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5 and all 4.0.x versions prior to 4.0.9 are affected.

tags | advisory
advisories | CVE-2016-0923, CVE-2016-0924
SHA-256 | 5d6e2f099f8ccb45904c59f7fb1b77ce959845f9396dc506196e49e869659a8a
Ubuntu Security Notice USN-3080-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3080-1 - Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. Andrew Drake discovered that the Python Imaging Library incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2014-3589
SHA-256 | d1ec6ef38949653dea8c3e73dc30bf74f615becbac00bfbf51a96b5385184e0a
Cisco EPC 3925 XSS / CSRF / HTTP Response Injection / DoS
Posted Sep 15, 2016
Authored by Patryk Bogdan

Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability, xss, csrf
systems | cisco
SHA-256 | ed4af8b74667a82a5e98bb51f2fba7e957bd5c72c053429d6de82646b744cb56
Android Adobe Air 22.0.0.153 Insecure Tranport
Posted Sep 15, 2016
Site wwws.nightwatchcybersecurity.com

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications' users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.

tags | advisory, web
advisories | CVE-2016-6936
SHA-256 | 7116841c325788e68cfc1fa448456174602554df31525c572ce4f81042034b28
ASUS RT-N10 CSRF / Code Execution / XSS / Open Redirection
Posted Sep 15, 2016
Authored by MustLive

ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
SHA-256 | dcdcb2b75c0284cb708af0e9f786968b3347b8b5d0a0914ab6939ef508380ad5
Keypatch 2.0
Posted Sep 15, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.

Changes: Various issues addressed. Better support for Python 2.6 and older IDA versions.
tags | tool
systems | unix
SHA-256 | ac8fecccf11ba40a14bf2ad5bea920bf53440cc0b4c59b963b860dc8ad64f401
PrivateTunnel Client 2.7.0 (x64) Local Credential Disclosure
Posted Sep 15, 2016
Authored by Yakir Wizman, Viktor Minin

PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.

tags | exploit, local, info disclosure
SHA-256 | 833c62176b378d25b4bb3217d9ac7e9b9d1544e1f72f511ed6bc0bf04f288d96
Red Hat Security Advisory 2016-1847-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1847-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
SHA-256 | 97c4833d6ef062497ce53d7bc4c425df6db32d45c28eb4202a714264ea140c56
Ubuntu Security Notice USN-3058-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3058-1 - An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5150, CVE-2016-5153, CVE-2016-5155, CVE-2016-5156, CVE-2016-5161, CVE-2016-5164, CVE-2016-5165, CVE-2016-5167
SHA-256 | 1a6d9dccdc1ad228648a7fe517941aaa2262f710c49018ca68a1528a45e0054e
Red Hat Security Advisory 2016-1875-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1875-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to the kernel-3.10.0-327.36.1 source tree, which provides a number of bug fixes over the previous version. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
SHA-256 | 0fa57f8af62588a757e2e80f9e728575d38e5444f6abbf06db0b8907755051df
Red Hat Security Advisory 2016-1883-01
Posted Sep 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1883-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-327.rt56.197, which provides a number of bug fixes over the previous version. Security Fix: A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-3134, CVE-2016-4997, CVE-2016-4998
SHA-256 | 560ae7b8c932b8db101f981656564278badc38c9fb1687c8d0d32cffb6951d8e
Bezaat Script 2 Shell Upload
Posted Sep 15, 2016
Authored by xBADGIRL21

Bezaat Script version 2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | deac276f862436d000fd9e40fb444322456cb14fc468456ee75425acb2115792
Bezaat Script 2 SQL Injection
Posted Sep 15, 2016
Authored by xBADGIRL21

Bezaat Script version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f7543b385c7de6c651fac0838df731683cc5ae7045b0102b68f2d852c71b3087
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close