accept no compromises
Showing 1 - 25 of 33 RSS Feed

Files Date: 2017-03-20

Microsoft Windows Uniscribe USP10!ttoGetTableData Heap Buffer Overflow
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!ttoGetTableData.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-0088
MD5 | 853d6603ce928d382c24fa055de4656d
Microsoft Windows Uniscribe USP10!MergeLigRecords Memory Corruption
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!MergeLigRecords.

tags | exploit
systems | windows
advisories | CVE-2017-0087
MD5 | deb9532bcf0ced18796373e96595d50b
Microsoft Windows Uniscribe USP10!otlCacheManager::GlyphsSubstituted Memory Corruption
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!otlCacheManager::GlyphsSubstituted.

tags | exploit
systems | windows
advisories | CVE-2017-0086
MD5 | da9dbd2d0b5840e1097a091ae4c93e6a
Microsoft Windows Uniscribe USP10!AssignGlyphTypes Out-Of-Bounds Read/Write
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing out-of-bounds read/write vulnerability in USP10!AssignGlyphTypes.

tags | exploit
systems | windows
advisories | CVE-2017-0084
MD5 | c495fdc4774f3c80991c1e20090514a7
Microsoft Windows Uniscribe USP10!otlList::insertAt Heap Buffer Overflow
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!otlList::insertAt.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-0108
MD5 | 237470c26c8c90bec3fdc2d342f9b70a
Microsoft Windows Uniscribe usp10!otlChainRuleSetTable::rule Out-Of-Bounds Read
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing out-of-bounds read in usp10!otlChainRuleSetTable::rule.

tags | exploit
systems | windows
advisories | CVE-2017-0085
MD5 | 68243d47326078970150bd4ea51c72bb
Microsoft Windows Kernel Registry Hive Loading Crashes
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0103
MD5 | 1c3771daf857a6e80934d984e8d52e3e
Google Nest Cam 5.2.1 Buffer Overflow
Posted Mar 20, 2017
Authored by Jason Doyle

Google Nest Cam version 5.2.1 suffers from buffer overflow conditions over bluetooth LE.

tags | exploit, overflow
MD5 | bd83d7721cd3f4653a15ed52d2faa93f
OpenSSH 7.5p1
Posted Mar 20, 2017
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 652fdc7d8392f112bef11cacf7e69e23
Faraday 2.4.0
Posted Mar 20, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added link to name column in Hosts list. Created a requirements_extras.txt file to handle optional packages for specific features. Fixed bug in SQLMap plugin that made the client freeze. Fixed bug when creating/updating Credentials. Various other improvements and fixes.
tags | tool, rootkit
systems | unix
MD5 | dbaa48eb7032c1312ffa469d5426d32b
dnaLIMS Admin Module Command Execution
Posted Mar 20, 2017
Authored by h00die, Nicholas von Pechmann | Site metasploit.com

This Metasploit module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.

tags | exploit
advisories | CVE-2017-6526
MD5 | a02b65ba3c121c0d5437fc57c7118e82
EMC RecoverPoint SSL Stripping
Posted Mar 20, 2017
Authored by Mike Erman, Joshua Burbrink, Jack Baker | Site emc.com

EMC RecoverPoint update contains a fix for an SSL stripping vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.0 are affected.

tags | advisory
advisories | CVE-2016-6650
MD5 | 8f7aaa2199222a5555488e866b052289
Ubuntu Security Notice USN-3238-1
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3238-1 - An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5428
MD5 | a509da2c45720d2fa747e3ed1423ee7c
Debian Security Advisory 3796-2
Posted Mar 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3796-2 - CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client.

tags | advisory, web
systems | linux, debian
MD5 | ca35fd6bcd152ceab7d1f1349190a461
HP Security Bulletin HPSBUX03596 2
Posted Mar 20, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03596 2 - A security vulnerability in Samba was addressed by HPE HP-UX running CIFS Server (Samba). The vulnerability could be exploited resulting in remote access restriction bypass and unauthorized access. Revision 2 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2015-7560
MD5 | adaa0e171e027f32444ef0567c191daa
Ubuntu Security Notice USN-3237-1
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3237-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10244
MD5 | 3918baa9af1016e9d9e2896a2a52e19d
Ubuntu Security Notice USN-3183-2
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-2 - USN-3183-1 fixedCVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334
MD5 | 8dd6cf3f82573896a95e04e77518fa09
CreateFile Shellcode
Posted Mar 20, 2017
Authored by Osanda Malith

This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.

tags | shellcode
MD5 | e53e653c870322fe99dc73d75e082b05
ExtraPuTTY 029_rc2 Denial Of Service
Posted Mar 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ExtraPuTTY version 029_RC2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-7183
MD5 | 8cecf2654a526a84af2d5c4895e81c1a
Red Hat Security Advisory 2017-0559-01
Posted Mar 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0559-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163, CVE-2016-9675
MD5 | 1a1430473745a072729959f23aa7f9e9
Gentoo Linux Security Advisory 201703-03
Posted Mar 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-3 - A buffer overflow in PuTTY might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 0.68 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2017-6542
MD5 | aaf6fd7ae762d231192297f93d08cc59
Gentoo Linux Security Advisory 201703-02
Posted Mar 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.127 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
MD5 | 0d262f87baaeb590cc0968e1ded5ed5d
FTPShell Server 6.56 ChangePassword Buffer Overflow
Posted Mar 20, 2017
Authored by Greg Priest

FTPShell Sever version 6.56 ChangePassword buffer overflow exploit.

tags | exploit, overflow
MD5 | 242e5466b517fd1bc7e86a4e8f1156a7
ClipBucket 2.8.2 Cross Site Scripting
Posted Mar 20, 2017
Authored by NoGe

ClipBucket versions 2.8.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e64a69795fa346ca0541b6bf8e9c283f
iFdate Social Dating Script 2.0 SQL Injection
Posted Mar 20, 2017
Authored by Ihsan Sencan

iFdate Social Dating Script version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1651516d67d70466a0e09144e66460a5
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close