Exploit the possiblities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2016-11-01

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
MD5 | 062fc5f2b168ffa209bea59c96f17d8d
KarjaSoft Sami FTP Server 2.0.2 Buffer Overflow
Posted Nov 1, 2016
Authored by n30m1nd

KarjaSoft Sami FTP server version 2.0.2 USER/PASS remote buffer overflow SEH exploit.

tags | exploit, remote, overflow
advisories | CVE-2006-0441
MD5 | 25e3c2f1cf777d65e0543183ef50d35d
Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free
Posted Nov 1, 2016
Authored by SkyLined

A specially crafted webpage can cause Microsoft Internet Explorer to reallocate a memory buffer in order to grow it in size. The original buffer will be copied to newly allocated memory and then freed. The code continues to use the freed copy of the buffer.

tags | advisory
advisories | CVE-2014-4141
MD5 | 09b2495023bdc7060e75bfd244f53410
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
Posted Nov 1, 2016
Authored by Vadodil Joel Varghese

Moodle CMS versions 3.1.2 and below suffer from cross site scripting and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | fb0b95632547a001049bdae7e3d18171
CyberSec 2017 Call For Papers
Posted Nov 1, 2016
Site sdiwc.net

The fifth internal conference on cyber security, cyber welfare, and digital forensics (CyberSec2017) has announced its call for papers. It will be held April 22nd through the 24th, 2017 at St. Mary's University, Addis Ababa, Ethiopia.

tags | paper, conference
MD5 | 6fbff572a978b62d0f0ef0a11419c322
dotCMS 3.x SQL Injection
Posted Nov 1, 2016
Authored by Elar Lang

dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2016-4040, CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905, CVE-2016-8906, CVE-2016-8907, CVE-2016-8908
MD5 | d7fb58e7e7192766245d6f06b4f422a1
Ubuntu Security Notice USN-3119-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3119-1 - Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-8864
MD5 | cd6b6e8678174b23c9b66624620fb340
Red Hat Security Advisory 2016-2135-01
Posted Nov 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2135-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.6 was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.6 EUS after October 31, 2016.

tags | advisory
systems | linux, redhat
MD5 | b045307a8e670971b0e1ed3b42215450
Red Hat Security Advisory 2016-2134-01
Posted Nov 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2134-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.

tags | advisory
systems | linux, redhat
MD5 | 85e3f982ff097f7f5aea19a98e9e4fc1
Ubuntu Security Notice USN-3118-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3118-1 - It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.

tags | advisory, remote, web, csrf
systems | linux, ubuntu
advisories | CVE-2016-6893, CVE-2016-7123
MD5 | ea3d8b7bb526fb23bbfa1e6b67f3b813
Ubuntu Security Notice USN-3116-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3116-1 - It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-0245
MD5 | 66e3bf548ba86804f347be55cf484ca6
Ubuntu Security Notice USN-3115-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3115-1 - Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9013, CVE-2016-9014
MD5 | e031055beb801aa6e6bb9f3a7014c6fe
Ubuntu Security Notice USN-3117-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3117-1 - Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6911, CVE-2016-7568, CVE-2016-8670
MD5 | 28a1a21e2c768176384dadcd76071a86
Freefloat FTP Server 1.0 ABOR Buffer Overflow
Posted Nov 1, 2016
Authored by Ger

Freefloat FTP server version 1.0 ABOR command buffer overflow exploit.

tags | exploit, overflow
MD5 | d7684f058d3b4d46a489bc5bd5c17641
Freefloat FTP Server 1.0 RMD Buffer Overflow
Posted Nov 1, 2016
Authored by Karri93

Freefloat FTP server version 1.0 RMD command buffer overflow exploit.

tags | exploit, overflow
MD5 | 9596ca96da7788607cf0649718691746
Freefloat FTP Server 1.0 HOST Buffer Overflow
Posted Nov 1, 2016
Authored by cybernetic

Freefloat FTP server version 1.0 HOST command buffer overflow exploit.

tags | exploit, overflow
MD5 | 3de4b9fd1576c2cf61cb860e6f6e4fd9
PCMAN FTP Server 2.0.7 DELETE Buffer Overflow
Posted Nov 1, 2016
Authored by Greg Priest

PCMAN FTP server version 2.0.7 DELETE command buffer overflow exploit.

tags | exploit, overflow
MD5 | 172f522b37899eabd5d50bdc5982b6c7
My Little Forum 2.3.7 File Disclosure
Posted Nov 1, 2016
Authored by Ashiyane Digital Security Team

My Little Forum version 2.3.7 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | ea26a19ef403d1e86227daac2ed66b30
My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 1, 2016
Authored by Ashiyane Digital Security Team

My Little Forum version 2.3.7 suffers from backup disclosure, cross site request forgery, and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c94deab5ea459b0a780504c664905f3c
Suricata IDPE 3.1.3
Posted Nov 1, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | 7242f9b2cb96d27d5e9f8ff085c5029e
Linux Kernel EXT4 Error Handling Denial Of Service
Posted Nov 1, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required.

tags | exploit, denial of service, kernel
MD5 | c3fca2dc05f006c669b346c9b4f69fa0
Hack In The Box 2017 AMS Call For Papers
Posted Nov 1, 2016
Site cfp.hackinthebox.org

The Hack In The Box 2017 AMS Call For Papers is now open. The conference will be held at the NH Grand Krasnapolsky in Amsterdam from the 10th till the 14th of April.

tags | paper, conference
MD5 | 1d65cbe378fd25241f2eb98e275c2e26
Slackware Security Advisory - php Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 4085332efd2588b982fe398b3b1efd69
Slackware Security Advisory - mariadb Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3492, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6663, CVE-2016-7440, CVE-2016-8283
MD5 | 374b41121278fcdeb0abc46a90949b1a
Slackware Security Advisory - x11 Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953
MD5 | 6b86136d9d04adffe842aebcb630761f
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close