exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-10-27

Red Hat Security Advisory 2016-2120-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-5195
SHA-256 | 21400fd9d46011e6214b97dde47b05d64f82b4980dfff20736f6091bc98770c2
Red Hat Security Advisory 2016-2119-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-7855
SHA-256 | 624a157feed85f8362a2172a09e51473198385362994b73ebaf3945b3e57e548
Ubuntu Security Notice USN-3111-1
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3111-1 - A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5287, CVE-2016-5288
SHA-256 | ffd6d84375daa74178a478c8635f4599291a1a43ae3643136d99af097aa90ab8
Ubuntu Security Notice USN-3114-2
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3114-2 - USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Various other issues were also addressed.

tags | advisory, remote, root
systems | linux, ubuntu
SHA-256 | 9624f67fcd74df71566bea16362a1df2c8cb51b85d3fde2eb0af649b24c90594
Red Hat Security Advisory 2016-2101-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2016-5325
SHA-256 | 0c1b4ed27f0d1db4f3edc634e7d5fccb7e419a267e21c9074481e69ff631e66b
GNU tar 1.29 Extract Pathname Bypass
Posted Oct 27, 2016
Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass
advisories | CVE-2016-6321
SHA-256 | 9872f2b8fb9c8365d6367de929e2a9d9f3744c7e6f836aad204d328392324992
CherryTree 0.36.9 Memory Corruption
Posted Oct 27, 2016
Authored by n30m1nd

CherryTree version 0.36.9 memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | a73c623309ab0c2fe47472c2cb9b1e12718303197e2fb29512afab216d172f7f
Joomla 3.6.4 Account Creation / Privilege Escalation
Posted Oct 27, 2016
Authored by Xiphos Research Ltd.

Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 495bdebaeca0fd37d95ea10730b63dd9b8aceba771e8630ecf9c56de00be0f13
HP Security Bulletin HPSBMU03653 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss
systems | linux, windows
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-3739, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4342, CVE-2016-4343, CVE-2016-4393, CVE-2016-4394, CVE-2016-4395, CVE-2016-4396, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-5385, CVE-2016-5387, CVE-2016-5388
SHA-256 | 8c670a2d763c2a2f7a69a05242741bdf9441d037d1584c704b9fdff983643e06
HP Security Bulletin HPSBHF3549 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF3549 1 - A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PCs and HP consumer notebook PCs. The vulnerability could be exploited to run arbitrary code in System Management Mode, resulting in elevation of privilege or denial of service. Revision HPSBHF3549 of this advisory.

tags | advisory, denial of service, arbitrary
SHA-256 | d316acdb625a0fdff14d3ab3269e8a51e88303d7290a4dc73315c0ce0e70bd55
uSQLite 1.0.0 Denial Of Service
Posted Oct 27, 2016
Authored by Peter Baris

uSQLite version 1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 3a89d5e80e58ee3a966ebbb0d52131de2fd37b4d4c7f7e4700fb1948d1715b14
Microsoft Wsearch Privilege Escalation
Posted Oct 27, 2016
Authored by r00t-3xp10it | Site metasploit.com

This post-exploitation Metasploit module requires a meterpreter session to be able to upload/inject our SearchIndexer.exe into WSearch (windows search) service. The WSearch service uses one executable.exe set in binary_path_name and runs it has local/system at startup, this enables local privilege_escalation/persistence_backdooring. To exploit this vulnerability a local attacker needs to inject/replace the executable file into the binary_path_name of the service. Rebooting the system or restarting the service will run the malicious executable with elevated privileges.

tags | exploit, local
systems | windows
SHA-256 | 147b40da2927d654ea96757dd433f77c12069174180fca4cf82bcd19c6113ae3
GNU GTypist 2.9.5-2 Buffer Overflow
Posted Oct 27, 2016
Authored by Juan Sacco

GNU GTypist version 2.9.5-2 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | aca27f7beb816e6d106680dbf916adb2771add6d5cbaebabc7713506fb51dc00
3dCart 7.3.0 Cross Site Scripting
Posted Oct 27, 2016
Authored by g33t

3dCart version 7.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9863430a576e2a1ba46241ec34cdbc663ce2331fee37e0510c705f41b9663683
AIEngine 1.6
Posted Oct 27, 2016
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 0434aaf6f3608acef1342519e2b0bbbb0b9ed91d7002f6724b7f2176cf77716a
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close