Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-10-27

Red Hat Security Advisory 2016-2120-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-5195
MD5 | 81fa87cf714f78bd02f4b7b24c5f2e82
Red Hat Security Advisory 2016-2119-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix: This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-7855
MD5 | b8173b311e76e17de8a64f59ca99ca8c
Ubuntu Security Notice USN-3111-1
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3111-1 - A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. It was discovered that web content could access information in the HTTP cache in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5287, CVE-2016-5288
MD5 | 9bea6b9b1fc1b4b2a39b0c8eda87ab4c
Ubuntu Security Notice USN-3114-2
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3114-2 - USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Various other issues were also addressed.

tags | advisory, remote, root
systems | linux, ubuntu
MD5 | 1c6d037cf5e608a6ff3b81e9f8a2c714
Red Hat Security Advisory 2016-2101-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2016-5325
MD5 | 8627988deda3df96d960796befeb04fb
GNU tar 1.29 Extract Pathname Bypass
Posted Oct 27, 2016
Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass
advisories | CVE-2016-6321
MD5 | d3225fb0115eb0e014c2558c2c124a7d
CherryTree 0.36.9 Memory Corruption
Posted Oct 27, 2016
Authored by n30m1nd

CherryTree version 0.36.9 memory corruption proof of concept exploit.

tags | exploit, proof of concept
MD5 | 398fad4cb2fa52540527dc4eb4bcd30e
Joomla 3.6.4 Account Creation / Privilege Escalation
Posted Oct 27, 2016
Authored by Xiphos Research Ltd.

Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 3fe6c7b3a01877242c6866ee23c71c2f
HP Security Bulletin HPSBMU03653 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss
systems | linux, windows
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-3739, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4342, CVE-2016-4343, CVE-2016-4393, CVE-2016-4394, CVE-2016-4395, CVE-2016-4396, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-5385, CVE-2016-5387, CVE-2016-5388
MD5 | b0a00ddd465b7222f8adb6967f5ebc81
HP Security Bulletin HPSBHF3549 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF3549 1 - A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PCs and HP consumer notebook PCs. The vulnerability could be exploited to run arbitrary code in System Management Mode, resulting in elevation of privilege or denial of service. Revision HPSBHF3549 of this advisory.

tags | advisory, denial of service, arbitrary
MD5 | 7752358273ab72a83a76b275628ccef9
uSQLite 1.0.0 Denial Of Service
Posted Oct 27, 2016
Authored by Peter Baris

uSQLite version 1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 42f1c98c73cc211fbccdfca4fcd88dfb
Microsoft Wsearch Privilege Escalation
Posted Oct 27, 2016
Authored by r00t-3xp10it | Site metasploit.com

This post-exploitation Metasploit module requires a meterpreter session to be able to upload/inject our SearchIndexer.exe into WSearch (windows search) service. The WSearch service uses one executable.exe set in binary_path_name and runs it has local/system at startup, this enables local privilege_escalation/persistence_backdooring. To exploit this vulnerability a local attacker needs to inject/replace the executable file into the binary_path_name of the service. Rebooting the system or restarting the service will run the malicious executable with elevated privileges.

tags | exploit, local
systems | windows
MD5 | a65c14277120170f43d085605996c152
GNU GTypist 2.9.5-2 Buffer Overflow
Posted Oct 27, 2016
Authored by Juan Sacco

GNU GTypist version 2.9.5-2 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 8d5e69c246a52b38beafd0b81d21b63b
3dCart 7.3.0 Cross Site Scripting
Posted Oct 27, 2016
Authored by g33t

3dCart version 7.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4b8e8677adade0cb28586f4b412337d7
AIEngine 1.6
Posted Oct 27, 2016
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 2fe9db7c9d12f4e49f980e7c5bb73683
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close