what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2016-12-06

Sony IPELA ENGINE IP Cameras Backdoor Accounts
Posted Dec 6, 2016
Authored by Stefan Viehboeck | Site sec-consult.com

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.

tags | exploit, remote, shell, root
systems | linux
SHA-256 | 22e3af92e387283941072a466bbafa59aa472e2642354166a328c50464384720
Microsoft Internet Explorer 9 jscript9 JavaScriptStackWalker Memory Corruption
Posted Dec 6, 2016
Authored by SkyLined

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. A pointer set up to point to certain data on the stack can be used after that data has been removed from the stack. This results in a stack-based analog to a heap use-after-free vulnerability. The stack memory where the data was stored can be modified by an attacker before it is used, allowing remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2015-1730
SHA-256 | 2181d9fec4fc8ff576c68d4466f163e14f8053fbd37a0a6039c5e12080b6e94c
AbanteCart 1.2.7 Cross Site Scripting
Posted Dec 6, 2016
Authored by Kacper Szurek

AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cd2c80f0f2e023291ed5e53db6d2e1c91a7f1528bc8a646f1cb9183d97851883
Microsoft PowerShell XXE Injection
Posted Dec 6, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
SHA-256 | 3d523c5581a434f432187c46da013e29973b0e1e3675d1744c96600fe6349d80
Red Hat Security Advisory 2016-2872-01
Posted Dec 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2872-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges.

tags | advisory, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2016-7032, CVE-2016-7076
SHA-256 | 8e41cabe0b6906610a2b234cb672a2d7cfec3592a3b6f1a8c617eab6e4f006fa
Red Hat Security Advisory 2016-2871-01
Posted Dec 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2871-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
SHA-256 | fa6473273e61b60cd7193e68e5c5b0bd7ef710cda977793d7b048a71383b1cd1
Gentoo Linux Security Advisory 201612-15
Posted Dec 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-15 - Multiple vulnerabilities have been found in ARJ, the worst of which may allow attackers to execute arbitrary code. Versions less than 3.10.22-r5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0556, CVE-2015-0557, CVE-2015-2782
SHA-256 | 93ed680b4b8f65b624060451139142724745ff36774c1addc0f775b16cc6ee38
Gentoo Linux Security Advisory 201612-14
Posted Dec 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-14 - A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.26 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-9114
SHA-256 | d3385716f80151ebb4a86fe44909384782335a2b981d22392f199815a3ab9af2
Linux/x86 Netcat Reverse Shell Shellcode
Posted Dec 6, 2016
Authored by Filippo Bersani

180 bytes small Linux/x86 Netcat with -e option disabled reverse shell shellcode.

tags | shell, x86, shellcode
systems | linux
SHA-256 | 26296736b0ffca25f81746da4feef3a90d0468e331a8f918be4135b5b0f5f212
Microsoft Edge CBase-Scriptable::Private-Query-Interface Memory Corruption
Posted Dec 6, 2016
Authored by SkyLined

A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.

tags | advisory, web
advisories | CVE-2016-3222
SHA-256 | dbee67cc4774436af0a97fc95c4282934e4d90645ab6bff130f5ae660df69677
WordPress Single Personal Message 1.0.3 SQL Injection
Posted Dec 6, 2016
Authored by Lenon Leite

WordPress Single Personal Message plugin version 1.0.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 469150d5e57c22c3a1a7f76ddb2fbd3f08717c9951bfc87535172e7159a56433
Dup Scout Enterprise 9.1.14 Buffer Overflow
Posted Dec 6, 2016
Authored by Victor Portal Gonzalez

Dup Scout Enterprise version 9.1.14 buffer overflow SEH exploit.

tags | exploit, overflow
SHA-256 | 09f037c972288c527580a43c0779237fb87818b52be4fda12e9de4612a86a66c
31c0n Call For Papers
Posted Dec 6, 2016
Authored by 31c0n

31c0n has announced its call for papers. It will take place February 23rd through the 24th, 2017 in Auckland, New Zealand.

tags | paper, conference
SHA-256 | 7f985c756a8b5be3da50e0096babb554bd4fe234ddcb8b58d1a8674aa0cf0c04
Qualcomm Assisted-GPS Data Insecure Transmission
Posted Dec 6, 2016
Site wwws.nightwatchcybersecurity.com

Assisted GPS/GNSS data provided by Qualcomm for compatible receivers is often being served over HTTP without SSL. Additionally many of these files do not provide a digital signature to ensure that data was not tampered in transit. This can allow a network-level attacker to mount a MITM attack and modify the data while in transit. While HTTPS and digitally-signed files are both available, they are newer and not widely used yet.

tags | advisory, web
advisories | CVE-2016-5341
SHA-256 | 2a18e13d34c037e28a3cfc8bbbe4a5b490d1f0516e9c8f7a3662df12c3658de3
Ubuntu Security Notice USN-3151-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 366ea99803b45007b28975fba950ee825bcae8c517bc90500e532dac943f504e
Ubuntu Security Notice USN-3150-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 01114ec8168ca06ef876602f632596b5ac0058fb4b42a72b0b74d82c64e9f60d
Ubuntu Security Notice USN-3149-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 9731ac046103f9c340d873b560f2afaaa0ca3c84506deef542342b131629c0e3
Ubuntu Security Notice USN-3149-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 47b1b3821d04bf4ee88ff830c4355b2043041b0a774d187a6a18134e753cad2f
Ubuntu Security Notice USN-3152-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 6a40f0ee04b23e2fabfc56131ab430587cf990f38c7a6483b09550b5949ad6ee
Ubuntu Security Notice USN-3151-4
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | d2fab5298c22b5a5a949676daea4e21714110552ff25f80853e30f529249f2bf
Ubuntu Security Notice USN-3150-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | e27b7f3da4c744e96fa266bd5562b86cb4562b856349a55c52cd669f78d9bafb
Ubuntu Security Notice USN-3151-3
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 9db0f9cd682d4172f274216dae7fda69a6d76e1c289494ea22b16c4e3962bfd5
Ubuntu Security Notice USN-3152-1
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | 2fc1600c5a1b891c887eccc1ab9690b55958aad6e3ae9df58df425149b8c8df8
Ubuntu Security Notice USN-3151-2
Posted Dec 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-8655
SHA-256 | cac405c82a1b4cf4918d416971f4626ddaf020310ddbee3aac884eb9ea77af02
DiskBoss Enterprise 7.4.28 Buffer Overflow
Posted Dec 6, 2016
Authored by Victor Portal Gonzalez

DiskBoss Enterprise version 7.4.28 GET buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 14e13aa97f4a215295ab0b996def24ed7ffe4046ca60bd8503154967f3b9d915
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close