Red Hat Security Advisory 2016-2824-01 - Expat is a C library for parsing XML documents. Security Fix: An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
754a9be94b6674126e6bd29781af1cbaUbuntu Security Notice 3138-1 - Markus Doering discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key.
7af8fd9033167a619d1f40c7d195fbcbUbuntu Security Notice 3135-2 - USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The original security fix was incomplete. This update fixes the problem. Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
8efb30ba821a826eea7c446f7a0ea77aDebian Linux Security Advisory 3725-1 - Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.
999ff3a6c8613cc49e208b4bf2335876Tenda, D-Link, and TP-Link routers suffer from a DHCP-related cross site scripting vulnerability.
35203611e6c87286765993d433525561Schoolhos CMS version 2.29 suffers from a remote SQL injection vulnerability.
9322838288cec4efea647f3760bc4e8eA specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause code to be executed with a stack layout it does not expect, or have code attempt to execute a method of an object using a vftable, when that object does not have a vftable. Successful exploitation can lead to arbitrary code execution.
a39c2c649d0580dbcfd87e206179520aSync Breeze Enterprise version 9.1.16 suffers from a buffer overflow vulnerability.
d41f9c50741d4e3cbaac5d784239a86bDisk Savvy Enterprise version 9.1.14 suffers from a buffer overflow vulnerability.
897df75e132522be3c66f4a32662acf1This exploit uses the pokemon exploit as a base and automatically generates a new passwd line. The original /etc/passwd is then backed up to /tmp/passwd.bak and overwritten with the new line. The user will be prompted for the new password when the binary is run. After running the exploit you should be able to login with the newly created user.
2d84b48a3c7259bdcfc8b09a0c2ed0c2Disk Sorter Enterprise version 9.1.12 suffers from a buffer overflow vulnerability.
bc108454ec29731f734c2bbb84dc3b6aDup Scout Enterprise version 9.1.14 suffers from a buffer overflow vulnerability.
60ab738e6533598fb59995c92077a7c3VX Search Enterprise version 9.1.12 suffers from a buffer overflow vulnerability.
3ea51412ddc3f221b25e6182852d5a69Disk Pulse Enterprise version 9.1.16 suffers from a buffer overflow vulnerability.
33e796078156a7d3b2b85c19d9843d06Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr privilege escalation proof of concept exploit. Leverages the issue as noted in MS16-135.
22e9d6e6eea9e3931c0a3320e5216f50
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed