what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-11-17

DCFM Blog 0.9.7 Cross Site Scripting
Posted Nov 17, 2016
Authored by N_A

DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7f85f345bfb9584c740071aaf0ba13726bdd4825ffb6d5f54cd2f5c8151662ba
DCFM Blog 0.9.7 Blind SQL Injection
Posted Nov 17, 2016
Authored by N_A

DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3eb2a13ad07f20d97cd79ab56f4147df3b71badb0a689fd4022b31ce5716ca45
Ubuntu Security Notice USN-3130-1
Posted Nov 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3130-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
SHA-256 | e29cc974b99c653e8595c5283afc2543bf4f25c83ab9219f573aedda2281d0cd
Red Hat Security Advisory 2016-2807-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | a747ee41bc1c78f0329cb06102ce7044196717407b83c8ba83cdc599fc05f1e6
Red Hat Security Advisory 2016-2808-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | 6aabba5392b13a85b44e0e196d13a81b259818172e29bc8bb40c46530f9dfb13
Red Hat Security Advisory 2016-2802-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-6304
SHA-256 | 725da1b5c613bcd982c7bcfe20324be7b1e25d2d226b08cabed951c85a985649
WordPress Answer My Question 1.3 SQL Injection
Posted Nov 17, 2016
Authored by Lenon Leite

WordPress Answer My Question plugin version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 55f8bf868beda04e015a3abf5f318cde9a2d7069dc4c951dd8fc0ef31f8a52a2
WordPress Sirv 1.3.1 SQL Injection
Posted Nov 17, 2016
Authored by Lenon Leite

WordPress Sirv plugin version 1.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7598c29bd332ccbf10f665c9f8d80ee342b44fd579d74abc877baca8a35a0e39
PoisonTap Backdoor Network Sniffer
Posted Nov 17, 2016
Authored by Samy | Site github.com

PoisonTap exploits locked/password protected computers over USB, drops a persistent WebSocket-based backdoor, exposes an internal router, and siphons cookies using Raspberry Pi Zero and Node.js.

tags | tool
systems | unix
SHA-256 | 5bc22f24e99b99bf272fbc910a2bc89f6ab53e64b129185daa574df9df645c7f
USBKill Anti-Forensic Kill Switch
Posted Nov 17, 2016
Authored by hephaest0s | Site github.com

USBKill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

tags | tool
systems | unix
SHA-256 | 8812ceb2e76d914a7759e2d35b7f9396cbce2e65355bb6baa92cb80c669d4f9d
Wireshark Analyzer 2.2.2
Posted Nov 17, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | f9acef5e9a9021a400b4244fafc06969f41ec594ec57fd7f0ff63bafca0055b3
OpenSCAP Libraries 1.2.12
Posted Nov 17, 2016
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | bf55395a691cf0ada9f2c6464d1966775c14884dbef5924749ea215c5e0b568f
Authenticated WMI Exec Via Powershell
Posted Nov 17, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.

tags | exploit, remote
SHA-256 | 69e871d16e65feb44748c1777776eaa7515e2ac4ea1c947a9dde02de854fdd98
Debian Security Advisory 3716-1
Posted Nov 17, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3716-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9074
SHA-256 | 656343001b31a499c024493fd7fb5830ebc134988b99415fd813e06551b04c33
Gentoo Linux Security Advisory 201611-10
Posted Nov 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-10 - A vulnerability in libuv could lead to privilege escalation. Versions less than 1.4.2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2015-0278
SHA-256 | 290eb7d239c48c0902769e4db7b1c970874d25c71930c3bc68ad020aad6736bc
Emsisoft Privilege Escalation
Posted Nov 17, 2016
Authored by Stefan Kanthak

In an attempt to address DLL hijacking issues, Emsisoft has introduced additional security issues.

tags | advisory
systems | windows
SHA-256 | 3adced441acb8daaa8e7985e221c41156766e4a6efbf1c4eb4fa72158ea75f09
Packet Fence 6.4.0
Posted Nov 17, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Bug fixes and updates to translations.
tags | tool, remote
systems | unix
SHA-256 | 3b9da175e21d117757392220781c69a266428f56c4bb155bc798c806d15ebc15
Microsoft Security Bulletin Revision Increment For November, 2016
Posted Nov 17, 2016
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
SHA-256 | 8936f937d0480cebc279d700bbabc01ca829aec407d814c762c85f98cdcd99b3
Microsoft Edge Eval Type Confusion
Posted Nov 17, 2016
Authored by Google Security Research, natashenka

In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion.

tags | exploit
advisories | CVE-2016-7240
SHA-256 | d7ea56cd00bb283459fd55c24ac87e4186f692adde4a4facfd812d4b0ca61f2b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close