exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-09-21

jsch 0.1.53 Path Traversal
Posted Sep 21, 2016
Authored by oststrom

A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.

tags | exploit
advisories | CVE-2016-5725
MD5 | 48b4baae72e4661c4b353acd11d8fe15
Red Hat Security Advisory 2016-1929-01
Posted Sep 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1929-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4443
MD5 | 93a50e60f39f363754d44a018138d8ed
Ubuntu Security Notice USN-3086-1
Posted Sep 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3086-1 - Gabriel Campana and Adrien Guinet discovered that the format parsing code in Irssi did not properly verify 24bit color codes. A remote attacker could use this to cause a denial of service. Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed in the format parsing code in Irssi. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2016-7044, CVE-2016-7045
MD5 | 65a4a77027b26541a9748039489d5bd8
Cisco Security Advisory 20160921-csp2100-2
Posted Sep 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 054951f57555576d5ab1b4c219d10c33
Cisco Security Advisory 20160921-csp2100-1
Posted Sep 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands. An exploit could allow the attacker to execute arbitrary commands on the host operating system with the privileges of root. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 31d5e0e2764f8eb2d4869c7723ab9be0
Red Hat Security Advisory 2016-1912-01
Posted Sep 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1912-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284
MD5 | 608951525f9c69a3aee00069432ba926
Debian Security Advisory 3672-1
Posted Sep 21, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3672-1 - Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-7044, CVE-2016-7045
MD5 | b80f6f92bdd90ac5d3c70ee805b540eb
Slackware Security Advisory - pidgin Updates
Posted Sep 21, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 8a2977e9188c0cdb2fd6f71b00359e3c
HP Security Bulletin HPSBGN03645 2
Posted Sep 21, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03645 2 - Potential vulnerabilities have been identified in HPE Helion OpenStack Glance. The vulnerabilities can be remotely exploited to allow access restriction bypass and unauthorized access. A malicious tenant is able to reuse deleted Glance image IDs to share malicious images with other tenants in a manner that is undetectable to the victim tenant if the Helion OpenStack administrators have both: 1. Edited the policy.json file to allow non-admin tenants to share images with other tenants or edited policy.json to allow non-admin tenants to create public images. 2. Deleted image IDs from the Glance database, either manually or using the purge tool ("glance-manage db purge"). Revision 2 of this advisory.

tags | advisory, web, vulnerability
advisories | CVE-2016-4383
MD5 | acb08cf6784360e1dd45305a562e2de4
HP Security Bulletin HPSBHF03646 1
Posted Sep 21, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03646 1 - Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or other impacts affecting integrity. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-7704, CVE-2015-7705, CVE-2015-7855, CVE-2015-7871
MD5 | 7bc37acc0eae42a542d13ecfee1d3b3d
Slackware Security Advisory - irssi Updates
Posted Sep 21, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-7044, CVE-2016-7045
MD5 | 8ca7dc30d0247bd700239b85e71d10a1
Ubuntu Security Notice USN-3085-1
Posted Sep 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3085-1 - It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GDK-PixBuf library contained an integer overflow when handling certain images. If a user or automated system were tricked into opening a crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7552, CVE-2015-8875, CVE-2016-6352
MD5 | 25a27d5eef0fabbcc30813437fd489b3
Symantec Outdated RAR Decomposer
Posted Sep 21, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.

tags | exploit, remote, code execution
MD5 | 862639ce99ef36267802bfc993938c09
Microsoft Office PowerPoint 2010 Invalid Pointer Reference
Posted Sep 21, 2016
Authored by Google Security Research, scvitti

Microsoft PowerPoint 2010 suffers from an invalid pointer dereference vulnerability.

tags | exploit
advisories | CVE-2016-3357
MD5 | c4a39c9eabb2b5d4efbc15ab0f91f399
WordPress W3 Total Cache 0.9.4.1 Cross Site Scripting
Posted Sep 21, 2016
Authored by Zerial

WordPress W3 Total Cache (w3tc) plugin versions 0.9.4.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7fc55beff47951b52b0f23d0d57fc846
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close