Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2016-12-06

Sony IPELA ENGINE IP Cameras Backdoor Accounts
Posted Dec 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.

tags | exploit, remote, shell, root
systems | linux
MD5 | 4de5c510fc38fb6a30c60e297e892ce3
Microsoft Internet Explorer 9 jscript9 JavaScriptStackWalker Memory Corruption
Posted Dec 6, 2016
Authored by SkyLined

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results in a stack-based analog to a heap use-after-free vulnerability. The stack memory where the data was stored can be modified by an attacker before it is used, allowing remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2015-1730
MD5 | 0aa2f3d2f611da728678cde2d9094c20
AbanteCart 1.2.7 Cross Site Scripting
Posted Dec 6, 2016
Authored by Kacper Szurek

AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 73a8698aed600c14ecdb8be6392b460c
Microsoft PowerShell XXE Injection
Posted Dec 6, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit
MD5 | 06fe56f18d81ef806aed4773f1517228
Red Hat Security Advisory 2016-2872-01
Posted Dec 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2872-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges.

tags | advisory, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2016-7032, CVE-2016-7076
MD5 | 8281c131c11d2eb89473e9264c862e54
Red Hat Security Advisory 2016-2871-01
Posted Dec 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2871-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
MD5 | 18cfb11c290761b7df8a0409ea18e8c5
Gentoo Linux Security Advisory 201612-15
Posted Dec 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-15 - Multiple vulnerabilities have been found in ARJ, the worst of which may allow attackers to execute arbitrary code. Versions less than 3.10.22-r5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0556, CVE-2015-0557, CVE-2015-2782
MD5 | 0ce6c49bb019babe1e5138a0affd2ea3
Gentoo Linux Security Advisory 201612-14
Posted Dec 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-14 - A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.26 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-9114
MD5 | b9437b7e798e751a5d4334ea0745c054
Linux/x86 Netcat Reverse Shell Shellcode
Posted Dec 6, 2016
Authored by Filippo Bersani

180 bytes small Linux/x86 Netcat with -e option disabled reverse shell shellcode.

tags | shell, x86, shellcode
systems | linux
MD5 | 183eb0f5b928208a679bd53df527d086
Microsoft Edge CBase-Scriptable::Private-Query-Interface Memory Corruption
Posted Dec 6, 2016
Authored by SkyLined

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.

tags | advisory, web
advisories | CVE-2016-3222
MD5 | c94a964e66df138e19d07b9a6b3d3b89
WordPress Single Personal Message 1.0.3 SQL Injection
Posted Dec 6, 2016
Authored by Lenon Leite

WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2dd2e24038bd06ac2809569dbebb009f
Dup Scout Enterprise 9.1.14 Buffer Overflow
Posted Dec 6, 2016
Authored by vportal

Dup Scout Enterprise version 9.1.14 buffer overflow SEH exploit.

tags | exploit, overflow
MD5 | 307bc456e86648fa0313951bad19186e
31c0n Call For Papers
Posted Dec 6, 2016
Authored by 31c0n

31c0n has announced its call for papers. It will take place February 23rd through the 24th, 2017 in Auckland, New Zealand.

tags | paper, conference
MD5 | 3d5a4bd82124073d666de32126909794
Qualcomm Assisted-GPS Data Insecure Transmission
Posted Dec 6, 2016
Site wwws.nightwatchcybersecurity.com

Assisted GPS/GNSS data provided by Qualcomm for compatible receivers is often being served over HTTP without SSL. Additionally many of these files do not provide a digital signature to ensure that data was not tampered in transit. This can allow a network-level attacker to mount a MITM attack and modify the data while in transit. While HTTPS and digitally-signed files are both available, they are newer and not widely used yet.

tags | advisory, web
advisories | CVE-2016-5341
MD5 | 98b82d4165ffabe1b7e9b0064330aca1
Ubuntu Security Notice USN-3151-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 6952e7bfa7c349924edf0c43c0eab1af
Ubuntu Security Notice USN-3150-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 02590e8e99bb50da06f1db132834771c
Ubuntu Security Notice USN-3149-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | c741cdb933937a559b270aa3cec57dc9
Ubuntu Security Notice USN-3149-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 0b2ba1755fc8faaf9eb5fc2729f7dcbb
Ubuntu Security Notice USN-3152-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 5d7a89c84198b455259ae8d929e122ac
Ubuntu Security Notice USN-3151-4
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 5380e5349d80703917a947052c924396
Ubuntu Security Notice USN-3150-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 21055700355a4e876e305296ef95e0a4
Ubuntu Security Notice USN-3151-3
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | d244eb00346ae1ba47f269b80afa86e0
Ubuntu Security Notice USN-3152-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 97dcc7f65cb4debc28f8acd7a4d2202a
Ubuntu Security Notice USN-3151-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
MD5 | 02cd4fd00e8b22eec136e4b41f9f67ce
DiskBoss Enterprise 7.4.28 Buffer Overflow
Posted Dec 6, 2016
Authored by vportal

DiskBoss Enterprise version 7.4.28 GET buffer overflow exploit.

tags | exploit, overflow
MD5 | dc25a646250bdc8467dc8882b0946dab
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close