ignore security and it'll go away
Showing 1 - 21 of 21 RSS Feed

Files Date: 2017-02-15

QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
Posted Feb 15, 2017
Authored by Harry Sintonen

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.

tags | exploit, remote, arbitrary, vulnerability, xss, info disclosure
MD5 | d2f40263a5f38946b87e4bdeba0dabc9
dotCMS 3.6.1 Blind Boolean SQL Injection
Posted Feb 15, 2017
Authored by Ben Nott

dotCMS versions 3.6.1 and below suffer from a remote blind boolean SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-5344
MD5 | 321653aee224bce72af509d2db425d7b
ytnef 1.9 Heap Overflow / Out-Of-Bounds Read / Write
Posted Feb 15, 2017
Authored by Eric Sesterhenn

Multiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.

tags | advisory, overflow
MD5 | 7a7e8dafe9e87edfdd1761c438b8aa25
Coppermine Gallery 1.5.44 Directory Traversal
Posted Feb 15, 2017
Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | ea866f35dc4615d7d9332fbdb8551ec7
OpenText Documentum D2 4.x Remote Code Execution
Posted Feb 15, 2017
Authored by Andrey B. Panfilov

OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2017-5586
MD5 | 9020d53ba090038ddb344bcc3dfcf946
Cisco Security Response 20170214-smi
Posted Feb 15, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Response - Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an unauthenticated, remote attacker to change the startup-config file and force a reload of the device, upgrade the IOS image on the device, and execute high-privilege CLI commands on switches running Cisco IOS and IOS XE Software. Cisco does not consider this a vulnerability in Cisco IOS, IOS XE, or the Smart Install feature itself but a misuse of the Smart Install protocol that by design does not require authentication.

tags | advisory, remote, protocol
systems | cisco, osx, ios
MD5 | c96bbaa757e47e6830e465936de741d3
HP Security Bulletin HPESBHF03703 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03703 1 - Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-3197, CVE-2016-0701
MD5 | be10524a2e4727bd058f212b600721e9
HP Security Bulletin HPESBGN03697 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
MD5 | 0776d1fdb3879268af764d0682391bed
Red Hat Security Advisory 2017-0275-01
Posted Feb 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0275-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
MD5 | b276c3b6d7250381999f353f1cbb1a92
Red Hat Security Advisory 2017-0270-01
Posted Feb 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0270-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | b111553f4c43b33b2942a6314931298b
CVE-2017-3241 Proof Of Concept
Posted Feb 15, 2017
Authored by Xiejingwei Fei

This paper documents deeper dive details of the security implications noted in CVE-2017-3241. Coupled with the JtaTransactionManager flaw from 2016, it demonstrates being able to achieve remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2017-3241
MD5 | 86efbdb4528c9cdfa6f52081047fb384
Komodo Edit 9.2 / 9.3 Buffer Overflow
Posted Feb 15, 2017
Authored by sultan albalawi

Komodo Edit versions 9.2 and 9.3 preview browser buffer overflow crash exploit.

tags | exploit, overflow
MD5 | f929df821871c9f204a011d692746aef
Oracle VM VirtualBox 5.1.10 Denial Of Service
Posted Feb 15, 2017
Authored by sultan albalawi

Oracle VM VirtualBox version 5.1.10 local export mode crash proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
MD5 | 0b0cc9224e0a5f2250eb012ca48c0b4c
Mozilla Firefox WebGL Proof Of Concept
Posted Feb 15, 2017
Authored by Bikash Dash

Proof of concept code demonstrating a WebGL integer overflow from 2012 in Mozilla Firefox versions prior to 17 and ESR 10.x versions before 10.0.11.

tags | exploit, overflow, proof of concept
advisories | CVE-2012-5835
MD5 | ed7e400f7ce8dcc1757df75b4c06bd6d
NVIDIA Command Buffer Submission Buffer Overflow
Posted Feb 15, 2017
Authored by Google Security Research, ochang

NVIDIA suffers from a buffer overflow vulnerability in the command buffer submission.

tags | exploit, overflow
MD5 | bb83a88f444bb9f0d9f59285df75f684
Microsoft Windows gdi32.dll Heap-Based Out-Of-Bounds Read
Posted Feb 15, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows gdi32.dll suffers from a heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records.

tags | exploit
systems | windows
MD5 | c2fa4aa58e309f531ce6774fbb750d79
NVIDIA Out-Of-Bounds Read / Write
Posted Feb 15, 2017
Authored by Google Security Research, ochang

NVIDIA suffers from an out-of-bounds read / write vulnerability in escape 0x100008b.

tags | exploit
MD5 | 50aa0176e49e83cba3efdfa84c8b7d11
Red Hat Security Advisory 2017-0272-01
Posted Feb 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0272-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. This release of Red Hat JBoss Data Virtualization 6.3 Update 4 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-2175, CVE-2016-4434, CVE-2016-6814
MD5 | 307e4ce5d7473b317be49344dd78044f
Ubuntu Security Notice USN-3196-1
Posted Feb 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3196-1 - It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-9912, CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-7478, CVE-2016-7479, CVE-2016-9137, CVE-2016-9934, CVE-2016-9935
MD5 | 69a7b30a12903bddf2a081c55b9ac6e7
HP Security Bulletin HPSBMU03691 1
Posted Feb 15, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03691 1 - Several potential security vulnerabilities have been identified in HPE Insight Control. The vulnerabilities could be exploited remotely resulting in remote denial of Service (DoS), cross-site request forgery (CSRF), remote execution of arbitrary commands, disclosure of sensitive information, cross-site scripting (XSS), bypass access restriction or unauthorized modification. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, xss, csrf
advisories | CVE-2009-5028, CVE-2011-4345, CVE-2014-0050, CVE-2014-4877, CVE-2015-5125, CVE-2015-5127, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556
MD5 | ea6d3df75f4b76bd603566f79e5b4d20
Itech B2B 4.2.9 Cross Site Scripting / SQL Injection
Posted Feb 15, 2017
Authored by Marc Castejon

Itech B2B script version 4.29 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 14cd2d47054ecedb54aa1d6a91a31be4
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close