what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-09-23

Linux SELinux W+X AIO Protection Bypass
Posted Sep 23, 2016
Authored by Jann Horn, Google Security Research

SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.

tags | exploit
MD5 | 7504ac6a9c7f0acee4894caa1c5941fd
Adobe Flash Video Decompression Memory Corruption
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a memory corruption vulnerability in video decompression.

tags | exploit
MD5 | 8665458de555ffb0989818635b1853ba
Red Hat Security Advisory 2016-1931-01
Posted Sep 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1931-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577
MD5 | 06fa76ebd1d385ea3c4e0e2ff10430cd
Ubuntu Security Notice USN-3087-2
Posted Sep 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-2 - USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. CAsar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio function. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | b3a23bcc910563fa3d39f1007c3692fc
Zortam MP3 Media Studio 21.15 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
MD5 | 7079fa82d0149cd286a76cff29e3c1d4
RealEstate CMS 3.00.50 Cross Site Scripting
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 717f015a08ee776ae3582394c50e3ce4
Kerberos Security Feature Bypass
Posted Sep 23, 2016
Authored by Nabeel Ahmed

Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2016-3237
MD5 | 7d27ef58087a564a953c155f3efd423d
Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 37edacb49e0e9b39494cfc1defb9a02d
Adobe Flash Memory Freeing Crash
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.

tags | exploit
advisories | CVE-2016-4275
MD5 | c4eed23bec9fc5065bf0828c7c4c0192
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
MD5 | c98bf881446f8ad002f5877c3b3523e7
RSA Identity Governance And Lifecycle Information Disclosure
Posted Sep 23, 2016
Site emc.com

RSA Identity Governance and Lifecycle is affected by an information disclosure vulnerability that potentially could be exploited by a malicious user to read certain details of other users in the system. RSA Identity Management and Governance versions prior to 6.8.1 P25 and 6.9.1 P15 are affected. Also affected are RSA Via Lifecycle and Governance versions prior to 7.0.0 P04.

tags | advisory, info disclosure
advisories | CVE-2016-0918
MD5 | 66346067145c17e75325ff5f59ea0e9d
3GP Player 4.7.0 DLL Hijacking
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.

tags | exploit
MD5 | 3b1691354399c5d7e0d47305fe36e024
TeemIp 2.0.2 Cross Site Scripting
Posted Sep 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2600eae4dcf39a0433b7a79dd949d711
Microsoft Windows RegLoadAppKey Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

RegLoadAppKey is documented to load keys in a location which can't be enumerated and also non-guessable. However it's possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3373
MD5 | c8ed8832e1f116600c4be3fa0cfa87d4
AnyDesk 2.5.0 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 30ce0f4ecc2df86a816e4b590b379646
Microix Timesheet Module SQL Injection
Posted Sep 23, 2016
Authored by Anthony Cole

Microix Timesheet module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 35c4b0cc5dcf01dfa2da6f65a77f4a05
Matrimonial Website Script 1.0.2 SQL Injection
Posted Sep 23, 2016
Authored by Cyber Warrior

Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4f672e231a9cf63fc69cc648322e53ab
Network Penetration Testing 101
Posted Sep 23, 2016
Authored by Ahmet Gurel

Whitepaper called Network Penetration Testing 101. Written in Turkish.

tags | paper
MD5 | 229e5d03651b539eab81b87a66b90e2e
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close