what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-11-10

Office OLE DLL Hijacking
Posted Nov 10, 2016
Authored by Yorick Koster | Site metasploit.com

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | exploit, arbitrary, vulnerability
systems | windows
advisories | CVE-2015-6128, CVE-2015-6132, CVE-2015-6133, CVE-2016-0041, CVE-2016-0100, CVE-2016-3235
MD5 | c734500622c23c1e5aa6ef03bf99c10b
Apache Tika 1.13 Code Execution
Posted Nov 10, 2016
Authored by Pierre Ernst

Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.

tags | advisory, java, arbitrary
advisories | CVE-2016-6809
MD5 | 0e55b4f2c2ebaa5d4d0df84d0ad7cdc4
Microsoft Windows OTF Parsing Table Encoding Record Offset
Posted Nov 10, 2016
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.

tags | advisory, denial of service, overflow, kernel
systems | windows
advisories | CVE-2016-7210
MD5 | 4ce511799c6758a5bcf73a6815cb1fbe
MyBB 1.8.6 Cross Site Scripting
Posted Nov 10, 2016
Authored by Tim Coen | Site curesec.com

MyBB version 1.8.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9c8cdcca233c799bbd6aa08faadc7815
Oracle Outside In GetTxObj() Use-After-Free
Posted Nov 10, 2016
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the "GetTxObj()" function (vsflw.dll), which can be exploited to corrupt memory via a specially crafted PRZ file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.

tags | advisory, arbitrary
advisories | CVE-2016-5574
MD5 | 9b2d23aadbd2e0afd88243f2c07ec4df
Oracle Outside In VwStreamRead() Buffer Overflow
Posted Nov 10, 2016
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "VwStreamRead()" function (vssdw.dll), which can be exploited to cause a heap-based buffer overflow via a specially crafted SDW file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2016-5558
MD5 | d20bc51ce99b5a57b7aff742a2d07179
WININET CHttpHeaderParser::ParseStatusLine Out-Of-Bounds Read
Posted Nov 10, 2016
Authored by SkyLined

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.

tags | exploit, web
advisories | CVE-2016-3325
MD5 | ac728f9928049dcc722e02aee62438f2
4images 1.7.13 SQL Injection
Posted Nov 10, 2016
Authored by Ahmed Sultan

4images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 61f3df8a62eccda32b86a9179d49b0b7
Exponent CMS 2.4.0 Blind SQL Injection
Posted Nov 10, 2016
Authored by Nicky

Exponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3602b56e151cfc89c34c9aa2656f5bee
CA Unified Infrastructure Management Bypass / Traversal / Disclosure
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.

tags | advisory, remote, vulnerability, info disclosure
advisories | CVE-2016-5803, CVE-2016-9164, CVE-2016-9165
MD5 | 829d71aec833a22d3ecee12345fd5fe6
CA Service Desk Manaager 12.9 / 14.1 Code Execution
Posted Nov 10, 2016
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.

tags | advisory, remote, web, arbitrary, xss
advisories | CVE-2016-9148
MD5 | b19dab558799222fe5896e758ea4ad6a
HP Security Bulletin HPSBGN03670 1
Posted Nov 10, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03670 1 - A vulnerability in the Apache Commons Collections library for handling Java object deserialization was addressed by HPE Business Service Management (BSM). The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
advisories | CVE-2016-4405
MD5 | d8df2a02b5a6bd3aab59b484a2a4df44
Red Hat Security Advisory 2016-2695-01
Posted Nov 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2016-3841
MD5 | d00f0caaeaeb970ee375c2922f33a7b6
Red Hat Security Advisory 2016-2694-01
Posted Nov 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2694-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7795
MD5 | 210689965ae30ab7212b42623cf0a055
Ubuntu Security Notice USN-3125-1
Posted Nov 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3125-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-5403, CVE-2016-6833, CVE-2016-6834, CVE-2016-6835, CVE-2016-6836, CVE-2016-6888, CVE-2016-7116, CVE-2016-7155, CVE-2016-7156, CVE-2016-7157, CVE-2016-7161, CVE-2016-7170, CVE-2016-7421, CVE-2016-7422, CVE-2016-7423, CVE-2016-7466, CVE-2016-7908, CVE-2016-7909, CVE-2016-7994, CVE-2016-7995, CVE-2016-8576, CVE-2016-8577, CVE-2016-8578, CVE-2016-8668, CVE-2016-8909, CVE-2016-8910, CVE-2016-9101, CVE-2016-9102
MD5 | 0e3f135948d58b0990e5b24c0d0e1428
Debian Security Advisory 3709-1
Posted Nov 10, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3709-1 - Nick Wellnhofer discovered that the xsltFormatNumberConversion function in libxslt, an XSLT processing runtime library, does not properly check for a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds the pattern string.

tags | advisory
systems | linux, debian
advisories | CVE-2016-4738
MD5 | 1c76275e9711740df6886faaaad81a81
Red Hat Security Advisory 2016-2676-01
Posted Nov 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2676-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.644. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
MD5 | 7dbee835cb60239c15f4c2068019c827
Vlany Linux LD_PRELOAD Rootkit
Posted Nov 10, 2016
Authored by mempodippy

Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.

tags | tool, rootkit
systems | linux, unix
MD5 | cd4fa7039c8e3ab3e72c763b21cd0804
Microsoft Internet Explorer 9 / 10 / 11 PROPERTYDESC::HandleStyleComponentProperty Out-Of-Bounds
Posted Nov 10, 2016
Authored by SkyLined

Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.

tags | exploit
advisories | CVE-2016-3324
MD5 | 1c77ffae61514bca6e6cb22cef429473
Nero 7.10.1.0 Privilege Escalation
Posted Nov 10, 2016
Authored by Boumediene Kaddour

Nero version 7.10.1.0 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | f3d6d080ca9fe17ad9006313628eb51d
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close