Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-01-26

Android pm_qos KASLR Bypass
Posted Jan 26, 2017
Authored by Google Security Research, laginimaineb

Android suffers from a KASLR bypass in pm_qos.

tags | exploit
MD5 | a8442cdf28f88af1b8133c60f4fd8b3c
Mac OS / iOS host_self_trap Use-After-Free
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS / iOS kernels suffers from a use-after-free due to a lack of locking in host_self_trap.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2360
MD5 | e6dd7511ecf6e7b1f1bde561746ef30d
Cisco WebEx 1.0.5 Command Execution
Posted Jan 26, 2017
Authored by Tavis Ormandy, Google Security Research

Cisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.

tags | exploit, arbitrary
systems | cisco
MD5 | 8933612c9e940d293efd165554d1e413
OpenSSL Toolkit 1.0.2k
Posted Jan 26, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Bug fixes for an out-of-bounds read, a carry propagating bug, and multiple other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | f965fc0bf01bf882b31314b61391ae65
HTTP_Upload 1.0.0.b3 Arbitrary File Upload
Posted Jan 26, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

HTTP_Upload version 1.0.0b3 fails to appropriately take into consideration more than file extensions when mitigating malicious file uploads, allowing for remote code execution.

tags | exploit, remote, code execution, file upload
MD5 | 55b79ce1f82703dda980c5e527b64bf2
Debian Security Advisory 3771-1
Posted Jan 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3771-1 - Multiple security issues have been found in the Mozilla Firefox web errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396
MD5 | 4dcbc42d2c5add7be89011f9dccdea34
Cisco Security Advisory 20170125-telepresence
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
systems | cisco
MD5 | 348a09172a4d9eba7d6a5abfb2e3410c
Cisco Security Advisory 20170125-expressway
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco
MD5 | 55434a5452720fa88174f8cef74a5281
Cisco Security Advisory 20170125-cas
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | e7bf287db9bafdc598710f3f6472d96f
Red Hat Security Advisory 2017-0196-01
Posted Jan 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0196-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | 363315f193aa162aafb788b12c3d5604
Red Hat Security Advisory 2017-0195-01
Posted Jan 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0195-01 - Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible. Multiple security issues have been addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-9587
MD5 | d289959ba63e28429a0b80fe097a5ada
Mac OS / iOS Kernel Memory Corruption
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS and iOS kernels suffer from a memory corruption vulnerability due to a userspace pointer being used as a length.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2370
MD5 | 38ee3a8bb57ecdf0e2a597bcb350fd9f
Android RKP Memory Corruption
Posted Jan 26, 2017
Authored by Google Security Research, laginimaineb

Android suffers from an RKP related memory corruption vulnerability in rkp_mark_adbd.

tags | advisory
MD5 | 7e81520365413a1dfd2ebd05eca4fa3c
Mac OS / iOS IOService::matchPassive Use-After-Free
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS / iOS kernels suffer from a use-after-free due to a failure to take reference in IOService::matchPassive.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2353
MD5 | e669deea1d2cdd39e0dcb1090e39f7ce
Mandos Encrypted File System Unattended Reboot Utility 1.7.14
Posted Jan 26, 2017
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 4f5c86874e3c4a497110ec582ef22c36
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close