exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-09-23

Linux SELinux W+X AIO Protection Bypass
Posted Sep 23, 2016
Authored by Jann Horn, Google Security Research

SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.

tags | exploit
MD5 | 7504ac6a9c7f0acee4894caa1c5941fd
Adobe Flash Video Decompression Memory Corruption
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a memory corruption vulnerability in video decompression.

tags | exploit
MD5 | 8665458de555ffb0989818635b1853ba
Red Hat Security Advisory 2016-1931-01
Posted Sep 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1931-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577
MD5 | 06fa76ebd1d385ea3c4e0e2ff10430cd
Ubuntu Security Notice USN-3087-2
Posted Sep 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-2 - USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. CAsar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio function. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | b3a23bcc910563fa3d39f1007c3692fc
Zortam MP3 Media Studio 21.15 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
MD5 | 7079fa82d0149cd286a76cff29e3c1d4
RealEstate CMS 3.00.50 Cross Site Scripting
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 717f015a08ee776ae3582394c50e3ce4
Kerberos Security Feature Bypass
Posted Sep 23, 2016
Authored by Nabeel Ahmed

Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2016-3237
MD5 | 7d27ef58087a564a953c155f3efd423d
Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 37edacb49e0e9b39494cfc1defb9a02d
Adobe Flash Memory Freeing Crash
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.

tags | exploit
advisories | CVE-2016-4275
MD5 | c4eed23bec9fc5065bf0828c7c4c0192
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
MD5 | c98bf881446f8ad002f5877c3b3523e7
RSA Identity Governance And Lifecycle Information Disclosure
Posted Sep 23, 2016
Site emc.com

RSA Identity Governance and Lifecycle is affected by an information disclosure vulnerability that potentially could be exploited by a malicious user to read certain details of other users in the system. RSA Identity Management and Governance versions prior to 6.8.1 P25 and 6.9.1 P15 are affected. Also affected are RSA Via Lifecycle and Governance versions prior to 7.0.0 P04.

tags | advisory, info disclosure
advisories | CVE-2016-0918
MD5 | 66346067145c17e75325ff5f59ea0e9d
3GP Player 4.7.0 DLL Hijacking
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.

tags | exploit
MD5 | 3b1691354399c5d7e0d47305fe36e024
TeemIp 2.0.2 Cross Site Scripting
Posted Sep 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2600eae4dcf39a0433b7a79dd949d711
Microsoft Windows RegLoadAppKey Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

RegLoadAppKey is documented to load keys in a location which can't be enumerated and also non-guessable. However it's possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3373
MD5 | c8ed8832e1f116600c4be3fa0cfa87d4
AnyDesk 2.5.0 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 30ce0f4ecc2df86a816e4b590b379646
Microix Timesheet Module SQL Injection
Posted Sep 23, 2016
Authored by Anthony Cole

Microix Timesheet module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 35c4b0cc5dcf01dfa2da6f65a77f4a05
Matrimonial Website Script 1.0.2 SQL Injection
Posted Sep 23, 2016
Authored by Cyber Warrior

Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4f672e231a9cf63fc69cc648322e53ab
Network Penetration Testing 101
Posted Sep 23, 2016
Authored by Ahmet Gurel

Whitepaper called Network Penetration Testing 101. Written in Turkish.

tags | paper
MD5 | 229e5d03651b539eab81b87a66b90e2e
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close