exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2016-11-15

BlackNurse Spoofed ICMP Denial Of Service Proof Of Concept
Posted Nov 15, 2016
Authored by Todor Donev

Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls. Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth. Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second. It does not matter if you have a 1 Gbit/s Internet connection. The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. All firewalls we have seen recover when the attack stops. Various firewalls such as Cisco ASA 5515/5525/5550/5515-X, Fortigate, SonicWall, and more are affected.

tags | exploit, denial of service
systems | cisco
SHA-256 | f71da4e19171d1ad7f74a50978fc1981638a994ffd31303ede3fc3d6659fde3f
Linux Kernel Keyctl Null Pointer Dereference
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

A malicious interaction with the keyctl usermode interface allows an attacker to crash the kernel. Processing the attached certificate by the kernel leads to a kernel nullpointer dereference. This vulnerably can be triggered by any unprivileged user locally.

tags | exploit, kernel
SHA-256 | f84b2c209822d9c15501892e2c718cb3967a4db2792d9be2b18757f3378ca33c
Linux Kernel EXT4 Memory Corruption / SLAB Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Ralf Spenneberg, Sergej Schumilo

Mounting a crafted EXT4 image read-only leads to a memory corruption and SLAB out of bounds reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB device is required.

tags | advisory
SHA-256 | 76833a7057ed11a9603a2cca2127a14da53cfb98824820fa60de3d7cf3b821a6
Gentoo Linux Security Advisory 201611-08
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-8 - Multiple vulnerabilities have been found in libpng, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.6.21 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-7981, CVE-2015-8126, CVE-2015-8540
SHA-256 | af56e343ff091a131c14cea1b83ea801e986ee721dab18820a2a08392abce80f
Gentoo Linux Security Advisory 201611-07
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-7 - polkit is vulnerable to local privilege escalation. Versions less than 0.113 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2015-3255
SHA-256 | 3c004982512d4668fabdd477a79b048c32dea21a9f1d8d4bb6c55235d81a54a2
Gentoo Linux Security Advisory 201611-06
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-6 - A vulnerability in xinetd could lead to privilege escalation. Versions less than 2.3.15-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2013-4342
SHA-256 | 1ceb98758118fd5375c5611a9f829b7b2c21d5c8315cf8449754f94ce9969b26
Gentoo Linux Security Advisory 201611-05
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-5 - tnftp is vulnerable to remote code execution if output file is not specified. Versions less than 20141104 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2014-8517
SHA-256 | 3714fd619d496c5232b4708937dc2490c0a41fd3dea634635ec841f8cfbdceae
Red Hat Security Advisory 2016-2750-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2750-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included. The rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. Security Fixes in the rh-php56-php component have been added.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2013-7456, CVE-2014-9767, CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903
SHA-256 | 7a4b8b8d6b3eabdf404c0529d77c336afa623f07425290b0ef039e4d4015bb0b
Red Hat Security Advisory 2016-2749-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2749-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2016-3492, CVE-2016-5507, CVE-2016-5616, CVE-2016-5617, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-6664, CVE-2016-8283
SHA-256 | 2885c698b7f8dbeb61cdef79060e442a4d80a5dfbab9153600b85b4aee6e32ca
Gentoo Linux Security Advisory 201611-09
Posted Nov 15, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-9 - Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on the host system. Versions less than 4.6.3-r3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-6258, CVE-2016-7092, CVE-2016-7093, CVE-2016-7094, CVE-2016-7777
SHA-256 | 150b8fc9649193c656cb063bfd7db2df2856b9f70acd30052aa163a2c2782573
Windows VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely delete files leading to arbitrary file deletion which could result in elevation of privilege.

tags | exploit, arbitrary
SHA-256 | 83a9ca054e84e9cb0b4edffe665f32711fdddafa66cced5b63b30ba0907cfc2f
Windows Kernel Registry Hive Loading nt!RtlEqualSid Out-Of-Bounds Read
Posted Nov 15, 2016
Authored by Google Security Research, mjurczyk

A Windows kernel crash can occur in the nt!RtlEqualSid function invoked through nt!SeAccessCheck by nt!CmpCheckSecurityCellAccess while loading corrupted registry hive files.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2016-7216
SHA-256 | 5395350a5bb6db06990997f9489cc97555596c3fb508d3b40ddb43659f993001
Windows VHDMP Arbitrary Physical Disk Cloning Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to.

tags | exploit, info disclosure
advisories | CVE-2016-7224
SHA-256 | ece66dd4e9a21d845f73e76160ee3d7d4ddb8db78f87bb255a2a71718d6d508c
Windows VHDMP Incorrect Impersonation Handling Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not correctly handle impersonation levels leading to the possibility of impersonating a privileged token when performing certain actions such as creating/modifying a VHD leading to elevation of privilege.

tags | advisory
advisories | CVE-2016-7223
SHA-256 | 2dd3df095b5f804e247c897db2ccee0b7686f6aba635737c00ff269c7dd3eef9
Windows VHDMP Arbitrary File Creation Privilege Escalation
Posted Nov 15, 2016
Authored by Google Security Research, forshaw

The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.

tags | exploit, arbitrary
advisories | CVE-2016-7226
SHA-256 | 47779f4011b5478d641f7b65e43f21241798700a262c616442aaa6c5144cb4a7
Microsoft Edge CAttrArray::Destroy Use-After-Free
Posted Nov 15, 2016
Authored by SkyLined

A specially crafted web-page can cause Microsoft Edge to free memory used for a CAttrArray object. The code continues to use the data in freed memory block immediately after freeing it. It does not appear that there is enough time between the free and reuse to exploit this issue.

tags | advisory, web
SHA-256 | 7b085c40b0b5c32560e511980a285156cb74ab99f30b0b11136ee56130ebcd24
WinaXe 7.7 FTP Client Remote Buffer Overflow
Posted Nov 15, 2016
Authored by hyp3rlinx, Chris Higgins | Site metasploit.com

This Metasploit module exploits a buffer overflow in the WinaXe 7.7 FTP client. This issue is triggered when a client connects to the server and is expecting the Server Ready response.

tags | exploit, overflow
SHA-256 | 85d7535ae65c59c347e6f08373d814850760c27acc6b296cd04efd4c9b986b81
Trend Micro Smart Protection Server Exec Remote Code Injection
Posted Nov 15, 2016
Authored by Quentin Kaiser | Site metasploit.com

This Metasploit module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.

tags | exploit
SHA-256 | c0669d4763a8b0f7006a57298e45c4f523d05ca9e7d1a8c304ef6ed3cde57c5f
Red Hat Security Advisory 2016-2718-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2718-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 54.0.2840.100. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202
SHA-256 | 05b2ed146c3ff682639e67872348b4088b751bc112d944ed2b0afb65e94474cd
Red Hat Security Advisory 2016-2706-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2706-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8817, CVE-2015-8818
SHA-256 | 34ebf6833be3f8e06b1450c8d4b0768a9ee4ddf47d72a2dc7c01e2f31352f4a8
HP Security Bulletin HPSBUX03665 2
Posted Nov 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03665 2 - Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and URL Redirection. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-3092, CVE-2016-5388
SHA-256 | 8a33a45462fb5af32efafe6f3107b91eb71ecf3236ac6ed9fb1332835889de91
HP Security Bulletin HPSBGN03669 1
Posted Nov 15, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03669 1 - Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, local, vulnerability, code execution, csrf
advisories | CVE-2013-6429, CVE-2014-0050, CVE-2014-0107, CVE-2014-0114, CVE-2015-3253, CVE-2015-5652, CVE-2016-0763
SHA-256 | ac957c536f14c0a27badb6f04185ed0c67d4cacfcf48129853672a6a8767ef2f
Red Hat Security Advisory 2016-2705-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2705-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8817, CVE-2015-8818
SHA-256 | 588ecdc7db1b9535e0fadaa19780440e5e7c00ae836c3d30d91b4d780cd3605d
Red Hat Security Advisory 2016-2704-01
Posted Nov 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2704-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8817, CVE-2015-8818
SHA-256 | 4b59304042b5184a421ccdac24e9a3a137fd12ff1ce2a39859c76c926a881514
Cybercrime Report Template
Posted Nov 15, 2016
Authored by Bart Blaze

This document is meant to be a general purpose cybercrime report template for victims.

tags | paper
SHA-256 | d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close