what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2017-03-14

IBM WebSphere Remote Code Execution Java Deserialization
Posted Mar 14, 2017
Authored by Liatsis Fotios | Site metasploit.com

This Metasploit module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.

tags | exploit, java, remote, arbitrary, code execution
advisories | CVE-2015-7450
MD5 | 08d8879a89fd3efd87e28c199e8028f1
Apache Struts Jakarta Multipart Parser OGNL Injection
Posted Mar 14, 2017
Authored by egypt, Nixawk, Nike.Zheng, Jeffrey Martin, Chorder | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, web, code execution
advisories | CVE-2017-5638
MD5 | 8637e8ffc6de9189c657a3e087a50331
Microsoft Windows COM Session Moniker Privilege Escalation
Posted Mar 14, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0100
MD5 | 874f8adf85cf59c05d6c51147b5640ff
Adobe Flash AVC Header Slicing Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in AVC header slicing.

tags | exploit, overflow
advisories | CVE-2017-2935
MD5 | 6e0772f2ad166508433f152cc8a3e74f
Adobe Flash ATF Planar Decompression Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in ATF Planar Decompression.

tags | exploit, overflow
advisories | CVE-2017-2934
MD5 | 9e59d0e9c9b76169e531408b8070a489
Adobe Flash ATF Thumbnailing Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in ATF thumbnailing.

tags | exploit, overflow
advisories | CVE-2017-2933
MD5 | b0a131645e48112277bd7808c2b825d9
Adobe Flash MovieClip Use-After-Free
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free in MovieClip attach init object.

tags | exploit
advisories | CVE-2017-2932
MD5 | d60764aac618d8aef4c7d988d8635774
Adobe Flash Metadata Out-Of-Bounds Read
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read in metadata parsing.

tags | exploit
advisories | CVE-2017-2931
MD5 | 66ea1f8bc8e1797863bd9c37010b3ad7
Red Hat Security Advisory 2017-0517-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0517-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | 90203953fdbd31f2a4cdc2b3df6e92f3
Ubuntu Security Notice USN-3232-1
Posted Mar 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3232-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-6498, CVE-2017-6499, CVE-2017-6500
MD5 | 66782956a3f636667f5921d450a7c926
Microsoft Security Bulletin Summary For March, 2017
Posted Mar 14, 2017
Site microsoft.com

This bulletin summary lists eighteen released Microsoft security bulletins for March, 2017.

tags | advisory
MD5 | abba8a52e158adc049a0820bd46d219c
Red Hat Security Advisory 2017-0515-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0515-01 - The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ceph-installer, ansible, python-passlib, ceph-ansible.

tags | advisory, remote, python
systems | linux, redhat
advisories | CVE-2016-9587
MD5 | 406ba4d5193b8c629c1eb8b01606e6f8
Red Hat Security Advisory 2017-0501-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0501-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
MD5 | cb083dcff4b074f226afea3be3978478
b2evolution 6.8.8 Shell Upload
Posted Mar 14, 2017
Authored by yokoacc, rungga_reksya, dvnrcy

b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | ed29437b5e18c77941e9ba2458dfd0a1
Debian Security Advisory 3808-1
Posted Mar 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3808-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-6498, CVE-2017-6499, CVE-2017-6500
MD5 | 1fb7876bf3e53545d1d4181d56a853c7
Ubuntu Security Notice USN-3231-1
Posted Mar 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3231-1 - Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-2640
MD5 | 66d0a42faae3588eaa1c97654db1c2a2
Red Hat Security Advisory 2017-0498-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0498-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
MD5 | ede19658070a8efeb0d316cbf70ca397
Red Hat Security Advisory 2017-0499-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0499-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 57.0.2987.98. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5038, CVE-2017-5039, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046
MD5 | fd5e8f4460fc732892a98081e29bd1e9
Microsoft Edge Fetch API Arbitrary Header Setting
Posted Mar 14, 2017
Authored by Securify B.V.

It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).

tags | exploit, web, arbitrary
advisories | CVE-2017-0140
MD5 | c5887ca20f54ac55ae19e8611c88c6f7
Joomla Advertisement Board 3.0.4 SQL Injection
Posted Mar 14, 2017
Authored by Ihsan Sencan

Joomla Advertisement Board component version 3.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 91b71aeccc949cff9e566f4cc022fe5a
Joomla Simple Membership 3.3.3 SQL Injection
Posted Mar 14, 2017
Authored by Ihsan Sencan

Joomla Simple Membership component version 3.3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 774d267fa12c08c63ed878c1f5ad2576
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close