what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2017-03-14

IBM WebSphere Remote Code Execution Java Deserialization
Posted Mar 14, 2017
Authored by Liatsis Fotios | Site metasploit.com

This Metasploit module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.

tags | exploit, java, remote, arbitrary, code execution
advisories | CVE-2015-7450
SHA-256 | 245814ff081bcdcd9c6bfc1eb1dd4c50629fdf8a524c0efc427cb3e3fb0028f9
Apache Struts Jakarta Multipart Parser OGNL Injection
Posted Mar 14, 2017
Authored by egypt, Nixawk, Nike.Zheng, Jeffrey Martin, Chorder | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, web, code execution
advisories | CVE-2017-5638
SHA-256 | 0d1583b3fe45147f90ce781625616136ad2241ae276309d87b001d39d32dddbc
Microsoft Windows COM Session Moniker Privilege Escalation
Posted Mar 14, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-0100
SHA-256 | dd8361b04b08bf0bdeff67321f010c8cc76f0542fe2db8f9df10c34ea03bfa2a
Adobe Flash AVC Header Slicing Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in AVC header slicing.

tags | exploit, overflow
advisories | CVE-2017-2935
SHA-256 | fbef41a0db49fefaee13e0da46006ecb460efa8c48004beb4d978126e1febaff
Adobe Flash ATF Planar Decompression Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in ATF Planar Decompression.

tags | exploit, overflow
advisories | CVE-2017-2934
SHA-256 | 1f3f4804170f55e0594564e62f7f8b2127c2acfc75e1949445ca48090e930764
Adobe Flash ATF Thumbnailing Heap Overflow
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap overflow vulnerability in ATF thumbnailing.

tags | exploit, overflow
advisories | CVE-2017-2933
SHA-256 | c7fb3ad920b9843a00f95e3df1c7cb4d4d12bb712ee93c03c756181ff79a6081
Adobe Flash MovieClip Use-After-Free
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a use-after-free in MovieClip attach init object.

tags | exploit
advisories | CVE-2017-2932
SHA-256 | 288bf2654c07f8a5762dbf1c27ee8dd3db7b77c46a21c4e6c32e26490a40cf2e
Adobe Flash Metadata Out-Of-Bounds Read
Posted Mar 14, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read in metadata parsing.

tags | exploit
advisories | CVE-2017-2931
SHA-256 | f2d169c3f1506cdaaae621fd8675063bc4928c96e812355f017f5911c322d44e
Red Hat Security Advisory 2017-0517-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0517-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
SHA-256 | 918673f3184d19ca65432b4dd2a898daa11845ad3972723706ee8c318b509fcb
Ubuntu Security Notice USN-3232-1
Posted Mar 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3232-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-6498, CVE-2017-6499, CVE-2017-6500
SHA-256 | e3cb43396edf3481d45c1af4b3fbe1c60e71adcbf7078c61f82a1858d1103946
Microsoft Security Bulletin Summary For March, 2017
Posted Mar 14, 2017
Site microsoft.com

This bulletin summary lists eighteen released Microsoft security bulletins for March, 2017.

tags | advisory
SHA-256 | f71695685090000b284307b25f303c43e7d48a99be46022e430920017cace887
Red Hat Security Advisory 2017-0515-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0515-01 - The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ceph-installer, ansible, python-passlib, ceph-ansible.

tags | advisory, remote, python
systems | linux, redhat
advisories | CVE-2016-9587
SHA-256 | 78f243ebadb2587f53a012c34b7ae7de20e0eef82952e18f4fa40930d5aede23
Red Hat Security Advisory 2017-0501-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0501-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | bb30ef2371423d1dbb404edf12f77c42cec1872dcbcfc2a17f6ca8d526e4cc12
b2evolution 6.8.8 Shell Upload
Posted Mar 14, 2017
Authored by yokoacc, rungga_reksya, dvnrcy

b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | bcba360e0afaf99a5a9d677e78872714b24473535a78eadf42daf7685e541faf
Debian Security Advisory 3808-1
Posted Mar 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3808-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-6498, CVE-2017-6499, CVE-2017-6500
SHA-256 | c390b4d5147723f415f7632ea0bbecb4341b30316b8fae0bd7f8fb9fe6e5f63c
Ubuntu Security Notice USN-3231-1
Posted Mar 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3231-1 - Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-2640
SHA-256 | 3430ac97a55a07d89fc7b0c1fef7489e061ec02f763ebc35af16e51616b1cb22
Red Hat Security Advisory 2017-0498-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0498-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
SHA-256 | 9fdc73c32407a525ce893acb9e0fb80a337aef04c089e87ad448ee14d8c689c6
Red Hat Security Advisory 2017-0499-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0499-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 57.0.2987.98. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5038, CVE-2017-5039, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046
SHA-256 | eb4e094164c8a35a4a94ce5d764b3c961f89e49689786250227d63aca7bc7ee0
Microsoft Edge Fetch API Arbitrary Header Setting
Posted Mar 14, 2017
Authored by Securify B.V.

It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).

tags | exploit, web, arbitrary
advisories | CVE-2017-0140
SHA-256 | 7ea35a8a06080eee5024f0b3b4e9bbcc165e5e2914c82abb99135ab97e6e12f7
Joomla Advertisement Board 3.0.4 SQL Injection
Posted Mar 14, 2017
Authored by Ihsan Sencan

Joomla Advertisement Board component version 3.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 372afe7a62de8e916cd7d4d57fd10a6358ba005a9a93f9dea2092ed2b92ba7f8
Joomla Simple Membership 3.3.3 SQL Injection
Posted Mar 14, 2017
Authored by Ihsan Sencan

Joomla Simple Membership component version 3.3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bca94a6f30a1b029c12aa84f64151cad58a232a13c15fd546948f06bb6979320
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close