Exploit the possiblities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2017-01-18

EMC Isilon OneFS LDAP Injection
Posted Jan 18, 2017
Site emc.com

EMC Isilon OneFS is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. Versions 8.0.0.0, 7.2.1.0 through 7.2.1.2, 7.2.0.x, 7.1.1.0 through 7.1.1.10, and 7.1.0.x are affected.

tags | advisory
advisories | CVE-2016-9870
MD5 | 1061027ce425b5f991911fafcfc4ca94
EMC Documentum Webtop Cross Site Scripting
Posted Jan 18, 2017
Authored by Imran Khan | Site emc.com

EMC Documentum Webtop and its client products contain a stored cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Various products and versions are affected.

tags | advisory, xss
advisories | CVE-2016-8213
MD5 | d885b3fb017d595a5d97c15694871d8d
SentryHD 02.01.12e Privilege Escalation
Posted Jan 18, 2017
Authored by Kacper Szurek

SentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 85e02391e5639b13c5e60eed556d48a7
MailZu 0.8RC3 Cross Site Scripting
Posted Jan 18, 2017
Authored by Nassim Asrir

MailZu version 0.8RC3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | be901a120d0971cdc9f43af90df6bfb9
Red Hat Security Advisory 2017-0127-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0127-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2016-9962
MD5 | 1ea70ec5e3f7619d7b4ac267d001d5fa
Red Hat Security Advisory 2017-0123-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0123-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, and self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker-latest. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2016-9962
MD5 | a0d2e3dca84efdc23243571b3cb434f2
Red Hat Security Advisory 2017-0116-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0116-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2016-9962
MD5 | ecf797385bf59e4b40139ca438a73b42
Keypatch 2.1
Posted Jan 18, 2017
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.

Changes: Added a new function to search for assembly instructions, so it is easy to grep for ROP gadgets in the binary. This will be helpful for exploitation writers. Removed the "Assembler" function, which is redundant since now you can also do that with the "Search" function above. Better documentation for Linux and Windows installs.
tags | tool
systems | unix
MD5 | 4c3a68c8a6a66658835a0d890291a561
OpenExpert 0.5.17 Cross Site Scripting
Posted Jan 18, 2017
Authored by Nassim Asrir

OpenExpert version 0.5.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | feb560e3a21264290b4e94f70d0fb2b5
OpenExpert 0.5.17 SQL Injection
Posted Jan 18, 2017
Authored by Nassim Asrir

OpenExpert version 0.5.17 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | df531f6edef549757d4ca17e24bc5d46
Android fps sysfs Entry Buffer Overflow
Posted Jan 18, 2017
Authored by Google Security Research, laginimaineb

Android suffers from a buffer overflow vulnerability in the fps sysfs entry.

tags | advisory, overflow
MD5 | cb0a3c0e8c2148d58531b94c7801c213
Android sec_ts Touchscreen Race Condition
Posted Jan 18, 2017
Authored by Google Security Research, laginimaineb

Android suffers from a race condition in the sec_ts touchscreen sysfs interface.

tags | advisory
MD5 | af434b2abbbeb03cf6c5cc9326d53976
Android TSP sysfs cmd_store Overflows
Posted Jan 18, 2017
Authored by Google Security Research, laginimaineb

Android suffers from multiple overflows in TSP sysfs "cmd_store".

tags | exploit, overflow
MD5 | 88ba859b50db5b3ea71b611f7a4981ef
iTechScripts Payment Gateway Script 8.46 SQL Injection
Posted Jan 18, 2017
Authored by Hasan Emre Ozer

iTechScripts Payment Gateway Script version 8.46 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | dcd3d2cd5da2caf853290c953094a0b3
iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection
Posted Jan 18, 2017
Authored by Hasan Emre Ozer

iTechScripts Video Sharing Script version 4.93 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | ed68eb0aef6e43d3e2f9f1bfee001d55
Linux/x86_x64 mkdir("ajit", 755) Shellcode
Posted Jan 18, 2017
Authored by Ajith KP

25 bytes small Linux/x86_x64 mkdir("ajit", 755) shellcode.

tags | shellcode
systems | linux
MD5 | e15ec77840b07a76fe87f78e07a1f508
Red Hat Security Advisory 2017-0086-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0086-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-6828, CVE-2016-7117, CVE-2016-9555
MD5 | a096929f42a8c4e74fbc3e99b64fa5fa
Red Hat Security Advisory 2017-0113-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0113-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-6828, CVE-2016-7117, CVE-2016-9555
MD5 | 622db60831615c346425285529258fed
Red Hat Security Advisory 2017-0091-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0091-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-6828, CVE-2016-7117, CVE-2016-9555
MD5 | 974c06c18892317acac54b7d057404da
Red Hat Security Advisory 2017-0083-01
Posted Jan 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0083-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process.

tags | advisory, kernel, udp, tcp
systems | linux, redhat
advisories | CVE-2016-2857
MD5 | d1a919a428bdfe7e98f8acfb538b52ca
Ubuntu Security Notice USN-3173-1
Posted Jan 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3173-1 - It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-8826
MD5 | f983257f290275fab694f327cc623f2d
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close