Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2016-11-02

Ubuntu Security Notice USN-3120-1
Posted Nov 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3120-1 - Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
MD5 | 641f91e5ecce225c1ce6705f5ac73ede
SweetRice 1.5.1 Local File Inclusion
Posted Nov 2, 2016
Authored by Ehsan Hosseini

SweetRice version 1.5.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | fd1b8a05213a6ee380797b66fa596fb7
Red Hat Security Advisory 2016-2141-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2141-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
MD5 | bf2cbf181a34610803ebcfea27aed8cc
Red Hat Security Advisory 2016-2142-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2142-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
MD5 | f5122a767ce6c4b9f48d7e6723e751b8
SweetRice 1.5.1 Cross Site Request Forgery
Posted Nov 2, 2016
Authored by Ashiyane Digital Security Team

SweetRice version 1.5.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 5878c85b3ca9df3ace6be4adf1989d07
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20161024
Posted Nov 2, 2016
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Tor was updated to 0.2.8.9 and the kernel was bumped to linux-4.7.9+. Gentoo's hardened-patches-4.7.9-1.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 7601ac38898baab609740978938d1abc
MySQL / MariaDB / PerconaDB Root Privilege Escalation
Posted Nov 2, 2016
Authored by Dawid Golunski

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.

tags | exploit, root
advisories | CVE-2016-6664
MD5 | 73b41ab8c5b59bd8889f73c2538d4f62
Citrix Receiver / Receiver Desktop Lock 4.5 Authentication Bypass
Posted Nov 2, 2016
Authored by Rithwik Jayasimha

Citrix Receiver / Receiver Desktop Lock version 4.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 69f1c763c70ec616c69b0cf5028835ca
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
MD5 | 7a66ece0e3bc3a94254de8614fc0971a
Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8581
MD5 | 2a00eb0ce24a7ecf6bca9965be4ae666
Alienvault OSSIM/USM 5.3.1 SQL Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-8582
MD5 | 42bd18cecc00b69762f03ef776abc3a4
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8583
MD5 | 8b92c689b73f90fd9c7c8d094983d02f
Exponent CMS 2.3.9 SQL Injection
Posted Nov 2, 2016
Authored by Obfuscator

Exponent CMS versions 2.3.9 and below suffer from multiple remote SQL injection vulnerabilities. Updates have been released to address these identified issues.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2016-7780, CVE-2016-7781, CVE-2016-7782, CVE-2016-7783, CVE-2016-7784, CVE-2016-7788, CVE-2016-7789, CVE-2016-9019, CVE-2016-9020, CVE-2016-9087
MD5 | 04b607123ac334b6cd488d8eade06348
Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free
Posted Nov 2, 2016
Authored by SkyLined

Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an "image context" structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next "draw". However, the code continues to use the freed context almost immediately after it is freed.

tags | exploit
MD5 | eb33c8483f52d98aeee44ec0790e038c
Ubuntu Security Notice USN-3113-1
Posted Nov 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3113-1 - It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-1586, CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5192, CVE-2016-5194
MD5 | 87537c10b8d7489a0b8a1bdd430d4dfb
Red Hat Security Advisory 2016-2137-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2137-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
MD5 | facbdc4bd33254f7da214eff5ecdb9b6
Red Hat Security Advisory 2016-2138-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2138-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
MD5 | 50249d9496df5e81445effe3cfc92bf7
Red Hat Security Advisory 2016-2136-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2136-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
MD5 | b842e77d2079834539b2c6c1fc88f36f
Mini Notice Board 1.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by N_A

Mini Notice Board version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6ee76a3c4eda8e01447836c10147a2de
Mini Notice Board 1.1 SQL Injection
Posted Nov 2, 2016
Authored by N_A

Mini Notice Board version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cdac62ebefaa50e91857e292bf26768d
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
Posted Nov 2, 2016
Authored by Dawid Golunski

An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').

tags | exploit, arbitrary, local
advisories | CVE-2016-6663
MD5 | 9b5a5ffe51fb38b8ff3c447e246e7c03
Caph 1.1 Local Denial Of Service
Posted Nov 2, 2016
Authored by N_A

Caph version 1.1 suffers from a local buffer overflow vulnerability that can cause a denial of service.

tags | exploit, denial of service, overflow, local
MD5 | db048330ab8d107c29de0879adfec0fb
PCMan FTP Server 2.0.7 UMASK Buffer Overflow
Posted Nov 2, 2016
Authored by Eagleblack

PCMan FTP server version 2.0.7 suffers from a UMASK command related buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c1ca33d56aca92de50a101918b0bcf58
FreeFloat FTP Server 1.0 RENAME Buffer Overflow
Posted Nov 2, 2016
Authored by Eagleblack

FreeFloat FTP server version 1.0 suffers from a RENAME command related buffer overflow vulnerability.

tags | exploit, overflow
MD5 | d67aa72119d67ae70f5ef63f23889040
Freefloat FTP Server 1.0 DIR Buffer Overflow
Posted Nov 2, 2016
Authored by Greg Priest

Freefloat FTP server version 1.0 suffers from a DIR command buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c2a86a92e721f4ad530c324d22d31cf8
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close