exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2016-11-01

Overlayfs Privilege Escalation
Posted Nov 1, 2016
Authored by rebel, h00die | Site metasploit.com

This Metasploit module attempts to exploit two different CVEs (CVE-2015-1328 and CVE-2015-8660) related to overlayfs.

tags | exploit
advisories | CVE-2015-1328, CVE-2015-8660
SHA-256 | 051ac68d3b034444740ccd04d39c409e4a6f9b78bb6c5b472cf8e1acac90159d
KarjaSoft Sami FTP Server 2.0.2 Buffer Overflow
Posted Nov 1, 2016
Authored by n30m1nd

KarjaSoft Sami FTP server version 2.0.2 USER/PASS remote buffer overflow SEH exploit.

tags | exploit, remote, overflow
advisories | CVE-2006-0441
SHA-256 | 06ce9ca76804b0440a127ed19b7ae0cd94303737e937f7a3f96b13a929bb813c
Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free
Posted Nov 1, 2016
Authored by SkyLined

A specially crafted webpage can cause Microsoft Internet Explorer to reallocate a memory buffer in order to grow it in size. The original buffer will be copied to newly allocated memory and then freed. The code continues to use the freed copy of the buffer.

tags | advisory
advisories | CVE-2014-4141
SHA-256 | 3dcbd15f1686902d2440fd693ec5986ce00f13147b6d267999345ec3f1440334
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
Posted Nov 1, 2016
Authored by Vadodil Joel Varghese

Moodle CMS versions 3.1.2 and below suffer from cross site scripting and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload
SHA-256 | 662d1fe9fb791dc762b4fbfc2bbea2278cd8e07fe05e4b90cb09f317c959adfb
CyberSec 2017 Call For Papers
Posted Nov 1, 2016
Site sdiwc.net

The fifth internal conference on cyber security, cyber welfare, and digital forensics (CyberSec2017) has announced its call for papers. It will be held April 22nd through the 24th, 2017 at St. Mary's University, Addis Ababa, Ethiopia.

tags | paper, conference
SHA-256 | 73bd800ee9253aabe73160432aeb3cf61367159859ee4d875b5aff7d6d90d50d
dotCMS 3.x SQL Injection
Posted Nov 1, 2016
Authored by Elar Lang

dotCMS versions before 3.5, 3.3.1, and 3.3.2 suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2016-4040, CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905, CVE-2016-8906, CVE-2016-8907, CVE-2016-8908
SHA-256 | a54ada06f8d6aa3e53325d0f82db718e690aa6788d01901bab2662c50fa64311
Ubuntu Security Notice USN-3119-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3119-1 - Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-8864
SHA-256 | 3ac1d66d227d070f6e891d027b432ac51f46ad9faf3252f68da449a428acc1b7
Red Hat Security Advisory 2016-2135-01
Posted Nov 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2135-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.6 was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.6 EUS after October 31, 2016.

tags | advisory
systems | linux, redhat
SHA-256 | 8aabf1804c1e098aaaadd3172ea9d3f091fc857803d19d7872e139967e085b92
Red Hat Security Advisory 2016-2134-01
Posted Nov 1, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2134-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering was retired on October 31, 2016, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.

tags | advisory
systems | linux, redhat
SHA-256 | 6742c624d777b256beaaa004e299cadaa818865ca22a7523f299820985d91684
Ubuntu Security Notice USN-3118-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3118-1 - It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.

tags | advisory, remote, web, csrf
systems | linux, ubuntu
advisories | CVE-2016-6893, CVE-2016-7123
SHA-256 | 86d40e7046763552f68f7f4ae496da340a76291e0d1557f6f720fe8ac4909166
Ubuntu Security Notice USN-3116-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3116-1 - It was discovered that DBus incorrectly validated the source of ActivationFailure signals. A local attacker could use this issue to cause a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that DBus incorrectly handled certain format strings. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue is only exposed to unprivileged users when the fix for CVE-2015-0245 is not applied, hence this issue is only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated as a preventative measure in the event that a new attack vector for this issue is discovered. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-0245
SHA-256 | 67101c4e6507897aa7f48d3358d4f1aa0de30612b876d3ed686adc70d4abfbe2
Ubuntu Security Notice USN-3115-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3115-1 - Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9013, CVE-2016-9014
SHA-256 | 5c1c9d1d1e38a457538fe86e55cd49a207d781efdf2c75c50ac71022097da8d7
Ubuntu Security Notice USN-3117-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3117-1 - Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service. Ke Liu discovered that the GD library incorrectly handled certain integers when processing WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6911, CVE-2016-7568, CVE-2016-8670
SHA-256 | 36e583c160832db3a4221ebf8d72c02ad396a5f1f28cd42e11a199e883783275
Freefloat FTP Server 1.0 ABOR Buffer Overflow
Posted Nov 1, 2016
Authored by Ger

Freefloat FTP server version 1.0 ABOR command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 48c6ed89fb8dc559cf6d3291717e23ae718ef6db6b49460499c04a0e0db25422
Freefloat FTP Server 1.0 RMD Buffer Overflow
Posted Nov 1, 2016
Authored by Karri93

Freefloat FTP server version 1.0 RMD command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 37de51e9985c33bdae2ffcaa78076d254ce24c6f1eceb18d35d68b8e0240a6db
Freefloat FTP Server 1.0 HOST Buffer Overflow
Posted Nov 1, 2016
Authored by cybernetic

Freefloat FTP server version 1.0 HOST command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | f3fe1473914d09edce88d1f31a06d226e83ceb97a6bf6db957302ec0c144b034
PCMAN FTP Server 2.0.7 DELETE Buffer Overflow
Posted Nov 1, 2016
Authored by Greg Priest

PCMAN FTP server version 2.0.7 DELETE command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | fea5685929f405c5b19e46232f7cdde7a186d60d7bd7e618a62ff01b1a1b7556
My Little Forum 2.3.7 File Disclosure
Posted Nov 1, 2016
Authored by Ashiyane Digital Security Team

My Little Forum version 2.3.7 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | c18a6203a9e4bb5eeebc96801127f2d75d2c82759b99576601ec24b90ef855dd
My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 1, 2016
Authored by Ashiyane Digital Security Team

My Little Forum version 2.3.7 suffers from backup disclosure, cross site request forgery, and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | a59ee3903fda11c485d0df52fb168d32bef192bfabf5d14bf386c76c4cb86a02
Suricata IDPE 3.1.3
Posted Nov 1, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174
Linux Kernel EXT4 Error Handling Denial Of Service
Posted Nov 1, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required.

tags | exploit, denial of service, kernel
SHA-256 | 011b753ceacca2ffb6904932ea2a749ae06dce8d32cca4a615dce413d005e946
Hack In The Box 2017 AMS Call For Papers
Posted Nov 1, 2016
Site cfp.hackinthebox.org

The Hack In The Box 2017 AMS Call For Papers is now open. The conference will be held at the NH Grand Krasnapolsky in Amsterdam from the 10th till the 14th of April.

tags | paper, conference
SHA-256 | 43d29aea51be8516f249247179e78053bcaeda6c26946509691bdc2f4ab79d2e
Slackware Security Advisory - php Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
SHA-256 | a2454cab6bc2da100e2ddc5b02ac8b8001b701b62fe5ce589884aaff9478fd69
Slackware Security Advisory - mariadb Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3492, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6663, CVE-2016-7440, CVE-2016-8283
SHA-256 | ef93f6a939a6068bbeaf1303f22af5dfc3a18cc982d6a9887ba77453a429439f
Slackware Security Advisory - x11 Updates
Posted Nov 1, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953
SHA-256 | f8fcc22375b6604ef5e4a963a7b595a0d29db47e446fdba9f545ace0f1e0f696
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close