what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-09-23

Linux SELinux W+X AIO Protection Bypass
Posted Sep 23, 2016
Authored by Jann Horn, Google Security Research

SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.

tags | exploit
SHA-256 | d26907f58e891ec5eb0984325531067ebfcfec48499313b6f58bfd76d6484a2b
Adobe Flash Video Decompression Memory Corruption
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a memory corruption vulnerability in video decompression.

tags | exploit
SHA-256 | 6ab77f9cdd155daa4dc1957698507e9e4e763903c61c47078ea8d064042796a5
Red Hat Security Advisory 2016-1931-01
Posted Sep 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1931-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577
SHA-256 | fd5e3a849695260634b82551793a5b29c0d596a986582618a1f28c666fb8998f
Ubuntu Security Notice USN-3087-2
Posted Sep 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-2 - USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. CAsar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio function. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
SHA-256 | 866a666b9c95f3a131d4f84a0275b8f76cab02d1c331b6dda84b16932f9b0d80
Zortam MP3 Media Studio 21.15 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
SHA-256 | 89618de9d7c006b9d723db98c264efbaca9fd48244720eb80aa9314a4da750b4
RealEstate CMS 3.00.50 Cross Site Scripting
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e8120930436e9c5c5f11e43a93debcf5d4c9505276ec32924b862cf1ca97a94b
Kerberos Security Feature Bypass
Posted Sep 23, 2016
Authored by Nabeel Ahmed

Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2016-3237
SHA-256 | 5ed55cfd547222a50eb5c366ea69653cf9d3890f0d64f8ea97af4f06b1d3167c
Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | ca77baa00797001a47e00b898909c3f175cfe93eda9298934ef62bb33f3afd29
Adobe Flash Memory Freeing Crash
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.

tags | exploit
advisories | CVE-2016-4275
SHA-256 | 06f1eb077ee1f466f06c46622473b0779c4d14ab7e40da39791e487f6e4b64d7
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
SHA-256 | 8d30ef721f9061806e06019063b62bba9b734dca044a593c1486cd66752e5a4c
RSA Identity Governance And Lifecycle Information Disclosure
Posted Sep 23, 2016
Site emc.com

RSA Identity Governance and Lifecycle is affected by an information disclosure vulnerability that potentially could be exploited by a malicious user to read certain details of other users in the system. RSA Identity Management and Governance versions prior to 6.8.1 P25 and 6.9.1 P15 are affected. Also affected are RSA Via Lifecycle and Governance versions prior to 7.0.0 P04.

tags | advisory, info disclosure
advisories | CVE-2016-0918
SHA-256 | 7cf0c3486eb45037b00eadc838879d4bc68e11a5fc4076fdef52906f452fb576
3GP Player 4.7.0 DLL Hijacking
Posted Sep 23, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.

tags | exploit
SHA-256 | cd1e5b25c4b560a8aa1e6f52c36a9d7966d409e46b740534aaed94d96856a7bd
TeemIp 2.0.2 Cross Site Scripting
Posted Sep 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e9651cc9a994c941160fe4eff7d441d0d4b078f225fe55d5bb574d51f3d043a7
Microsoft Windows RegLoadAppKey Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

RegLoadAppKey is documented to load keys in a location which can't be enumerated and also non-guessable. However it's possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3373
SHA-256 | 50c93d6edf7373f14720ed5465ad2648ccee020f4b5cd9cc0c2668913eeff08c
AnyDesk 2.5.0 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 92ad5e6b35cf13236db03284b2ac821f2900ea60be7fe80dc8fd0506ae549709
Microix Timesheet Module SQL Injection
Posted Sep 23, 2016
Authored by Anthony Cole

Microix Timesheet module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e9681cf5b3fb25defe0b1327e394183a1e9c20555cedb572657238be031bb98d
Matrimonial Website Script 1.0.2 SQL Injection
Posted Sep 23, 2016
Authored by Cyber Warrior

Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bed563ed172429e088c80895a58e2ac102e7a092b19a36090a306aba262750bc
Network Penetration Testing 101
Posted Sep 23, 2016
Authored by Ahmet Gurel

Whitepaper called Network Penetration Testing 101. Written in Turkish.

tags | paper
SHA-256 | 6b8491cf23bbd49aeaae6749dbf9ef780a29cb894e06cceca6f5aeabe998412b
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close