what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-11-30

PDF Shaper Buffer Overflow
Posted Nov 30, 2016
Authored by metacom | Site metasploit.com

PDF Shaper is prone to a security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, Win 10.

tags | exploit
MD5 | 79a38c033229091ffae0fd8e0611b6bd
Kernel Live Patch Security Notice LSN-0013-1
Posted Nov 30, 2016
Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
MD5 | 62cbf8e508bff43744108581efe5a4bb
e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 30, 2016
Authored by Tim Herres | Site foxmole.com

e107 version 2.1.2 suffers from cross site request forgery, static cookie, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 2560b139dc88f1dc4be1e36c21451eb2
X5 Webserver 5.0 Remote Denial Of Service
Posted Nov 30, 2016
Authored by Stefan Petrushevski | Site zeroscience.mk

X5 Webserver version 5.0 suffers from a null pointer dereference denial of service vulnerability.

tags | exploit, denial of service
MD5 | e9327f001b702ed2f450b243f4d20ba2
Ubuntu Security Notice USN-3142-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3142-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556
MD5 | 71e0dfeebb20d78d01a5de0e97b7da7e
Ubuntu Security Notice USN-3143-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3143-1 - Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5180
MD5 | 44682dac501779188190d5b4178f7806
HP Security Bulletin HPSBHF03682 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03682 1 - A security vulnerability in the Linux kernel could potentially impact HPE Comware 7 network products. The vulnerability could be exploited locally to gain privileged access. Revision 1 of this advisory.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-5195
MD5 | 7630d3a934b144d82cd08e94aa6ae34d
Red Hat Security Advisory 2016-2837-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2837-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0. After February 28, 2017, technical support through Red Hatas Global Support Services will no longer be provided.

tags | advisory
systems | linux, redhat
MD5 | 15dc5bfb68ab8743a018ce74c95d4323
Ubuntu Security Notice USN-3147-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3147-1 - Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425
MD5 | 559625083100d96654480164212d1075
Ubuntu Security Notice USN-3146-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-2 - USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 097cc04c8dec8f47a6f9e994ad83f1d2
Ubuntu Security Notice USN-3146-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-1 - It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 5db8f822195c3e9c1e40863156b060b3
Ubuntu Security Notice USN-3145-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-2 - USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
MD5 | c8d6e919541e25d8401c273c4291136e
Ubuntu Security Notice USN-3145-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
MD5 | 04869989c9266de37a76afc32ac8b6ba
Ubuntu Security Notice USN-3144-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
MD5 | f2505002de8fe09bf2791b6903e0593c
Ubuntu Security Notice USN-3144-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-2 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
MD5 | 64725aa7b2e9136958868710c45d9f6f
Red Hat Security Advisory 2016-2839-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2839-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2016-5402
MD5 | f4dd89e83fa0c97433d21bfaab95f095
HP Security Bulletin HPSBGN03677 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03677 1 - Potential security vulnerabilities in RPCServlet and Java deserialization were addressed by HPE Network Automation. The vulnerabilities could be remotely exploited to allow code execution. Revision 1 of this advisory.

tags | advisory, java, vulnerability, code execution
advisories | CVE-2016-8511
MD5 | 5dad7dfabe65ab959f86195bb5632082
ntpd 4.2.8 Stack Overflow Proof Of Concept
Posted Nov 30, 2016
Authored by N_A

Remote ntpd version 4.2.8 stack overflow proof of concept exploit.

tags | exploit, remote, overflow, proof of concept
MD5 | 736431083273dddf2edec7ebea2090c2
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close