Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-09-22

RECON Brussels 2017 Call For Papers
Posted Sep 22, 2016
Authored by RECON Brussels 2017 | Site recon.cx

RECON Brussels has announced it's call for papers. This is the first time RECON will be held in Europe. The conference will take place January 27th through the 29th, 2017 in Brussels, Belgium.

tags | paper, conference
MD5 | f443b775cf2d4e95124e9102b7d67119
Ubuntu Security Notice USN-3087-1
Posted Sep 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-1 - Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | 79c70a6c007096b178c348d2efcce741
Debian Security Advisory 3674-1
Posted Sep 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3674-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or information disclosure.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284
MD5 | e4306f23dfc987045221060661d068cc
Ubuntu Security Notice USN-3073-1
Posted Sep 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3073-1 - Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2836
MD5 | 60777d46f0c3ce6afeb9abd7c7c01893
Debian Security Advisory 3673-1
Posted Sep 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3673-1 - Several vulnerabilities were discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | 11f35f715b1013fffe39d2f812f4af9e
Ubuntu Security Notice USN-3076-1
Posted Sep 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3076-1 - Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2827, CVE-2016-5256, CVE-2016-5257, CVE-2016-5270, CVE-2016-5271, CVE-2016-5272, CVE-2016-5273, CVE-2016-5274, CVE-2016-5275, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5279, CVE-2016-5280, CVE-2016-5281, CVE-2016-5282, CVE-2016-5283, CVE-2016-5284
MD5 | 6c3b0301371ddd9cfce3ee6327af94eb
Faraday 2.1.0
Posted Sep 22, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Major refactor of the Faraday client. Updated URL shown when starting Faraday. Multiple bug fixes. Added help section.
tags | tool, rootkit
systems | unix
MD5 | 8c5f8f57fa2dbe1334e2c4569d84abf9
OpenSSL Toolkit 1.0.2i
Posted Sep 22, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A large amount of security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | 678374e63f8df456a697d3e5e5a931fb
Joomla Huge-IT Video Gallery 1.0.9 SQL Injection
Posted Sep 22, 2016
Authored by Larry W. Cashdollar

Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-1000123
MD5 | b3b9b0d43cb8d9f63e376fec65d0ffd2
Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
Posted Sep 22, 2016
Authored by Rene Freingruber, Raschin Tavakoli | Site sec-consult.com

Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
MD5 | e4fe2845c8e802b8ff1305d65df94383
Microsoft Internet Explorer 11 CORS Disrespect
Posted Sep 22, 2016
Authored by Ricardo Iramar dos Santos

Microsoft Internet Explorer 11 is not following the CORS specification for local files like Chrome and Firefox. Microsoft does not believe this to be a security issue.

tags | exploit, local
MD5 | 2e2081d334cf8d00d2b38b4e7035a3cd
Silverstripe Theme Newedge Cross Site Scripting
Posted Sep 22, 2016
Authored by ZwX

Silverstripe theme Newedge suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 55a5381043cfa943e8b676b5eb48382e
Kaltura Remote PHP Code Execution
Posted Sep 22, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8.

tags | exploit, web, arbitrary, code execution
systems | linux, centos
MD5 | 88b5feb4d8804371bd527a59fffd03f5
Metasploit Web UI Diagnostic Console Command Execution
Posted Sep 22, 2016
Authored by Justin Steven | Site metasploit.com

This Metasploit module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via the web interface. An authenticated user can then use the console to execute shell commands. NOTE: Valid credentials are required for this module. Tested against: Metasploit Community 4.1.0, Metasploit Community 4.8.2, Metasploit Community 4.12.0

tags | exploit, web, shell
MD5 | f55eac7067e3f61f0a0d73859d65082b
BT Wifi Extenders 300 / 600 / 1200 Cross Site Scripting
Posted Sep 22, 2016
Authored by Jamie Riden

BT Wifi Extenders models 300, 600, and 1200 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4c6955e9c900218747492c06b978ccf4
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close