exploit the possibilities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2017-03-23

Broadcom Stack Buffer Overflow
Posted Mar 23, 2017
Authored by Google Security Research, laginimaineb

Broadcom suffers from a buffer overflow vulnerability when parsing CCKM re-association responses.

tags | advisory, overflow
advisories | CVE-2017-6957
SHA-256 | c1de43d11bbe31e6686f56be6626ddf1603a025a1ae28eefb31e7a73be6cd66d
LastPass Domain Design Flaw
Posted Mar 23, 2017
Authored by Tavis Ormandy, Google Security Research

The LastPass domain regex does not handle data and other pseudo-url schemes.

tags | exploit
SHA-256 | c0a8fe296712f524a32da5c517945525e5ab13ee7092ff234e231f8b07fc44f8
LastPass FireFox Content Script Loading
Posted Mar 23, 2017
Authored by Tavis Ormandy, Google Security Research

LastPass had an issue with websiteConnector.js content script allows proxying internal RPC commands. The fix appears to not work on FireFox.

tags | exploit
SHA-256 | 27d63cb0f60259717435f5611911b967a0c0559c6c2c10dfabac06098d0685e1
Logsign Remote Command Injection
Posted Mar 23, 2017
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without proper validation. This Metasploit module was tested against 4.4.2 and 4.4.137 versions.

tags | exploit, arbitrary, root
SHA-256 | 514278ac234d24bce62d18b93726fb1600a3b3355c201fea7091430ea41f75e7
Apple Security Advisory 2017-03-22-1
Posted Mar 23, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | 92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509
QNAP QTS Privilege Escalation / Information Disclosure
Posted Mar 23, 2017
Authored by Pasquale Florillo, Guido Oricchio

QNAP QTS versions prior to 4.2.4 suffer from a sensitive data exposure vulnerability that allows for privilege escalation.

tags | exploit
advisories | CVE-2017-5227
SHA-256 | 3d248b7122dde92c3c6cff49c15a639517a9a2504a008042fa15212812bc6b27
Red Hat Security Advisory 2017-0834-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0834-01 - The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.5.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-9589
SHA-256 | f35c58e1997ade6507236228702d5e91a35a39a7b484a8a1e306c1ae797a1720
Red Hat Security Advisory 2017-0831-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0831-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-9589
SHA-256 | f0e2f29bcbaea03f4b5613e891719addc51657ddd3d9d7eec42ff006cef1f2a4
Red Hat Security Advisory 2017-0828-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0828-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
SHA-256 | 00467cc0e988c9452be87a440a31378395c47a524e29b18e36a39f054bd1d921
Red Hat Security Advisory 2017-0829-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0829-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.14. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
SHA-256 | 83457723b5ca7fb838a6340f8c7e212d5d0f8c129402069c03f2ad85fd11962e
Red Hat Security Advisory 2017-0826-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
SHA-256 | 73bf894fa16361823fc56e1cb8dcc287aa9eebd789142feccbe1ccaf70378f38
Red Hat Security Advisory 2017-0827-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0827-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
SHA-256 | 1074c99d39267838d38354b6fc61ef4f435aa84901aefcfa84827de37a6a65b8
Ubuntu Security Notice USN-3243-1
Posted Mar 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3243-1 - It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2014-9938
SHA-256 | 512c24325ab2297f40ceab2b5e3b6d8690efd1db5b3b6abc02b3c2420dbfaf4b
Ubuntu Security Notice USN-3242-1
Posted Mar 23, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3242-1 - Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-2619
SHA-256 | 5721a484f007e4387e61606880abd28d54a61d5e2dee1cb56fa0c469a69361d2
Debian Security Advisory 3816-1
Posted Mar 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3816-1 - Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploiting a symlink race to access areas of the server file system not exported under a share definition.

tags | advisory
systems | linux, unix, debian
advisories | CVE-2017-2619
SHA-256 | 434a20cacd3bd0934e9033297b94d7d20538dcdd16b9aa801bbe945b0951ceb5
Red Hat Security Advisory 2017-0486-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0486-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. The following packages have been upgraded to a later upstream version: glusterfs, redhat-storage-server, vdsm. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-1795
SHA-256 | 05ccadb8422bd3f3bd16a938142cda7e5d16ceec2b9a6a2f0b766b2576986aac
Red Hat Security Advisory 2017-0484-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0484-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. The following packages have been upgraded to a later upstream version: glusterfs, redhat-storage-server. Security Fix: It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package.

tags | advisory, shell, local, root
systems | linux, redhat
advisories | CVE-2015-1795
SHA-256 | f55745c1c56b6870c72ef634e35e43e73968d259386e81442eb712f07853319a
Red Hat Security Advisory 2017-0495-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0495-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2125, CVE-2016-2126
SHA-256 | 7864c10d55e50c730f89f29c7789434d18cb31b92ea7fcff0dcf7b844731ab6c
Red Hat Security Advisory 2017-0494-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0494-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2125, CVE-2016-2126
SHA-256 | de2622e03c9b880cc1223a80d277bcedde24fc6cf72820729223f772d9f067f1
Red Hat Security Advisory 2017-0838-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0838-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163, CVE-2016-9573, CVE-2016-9675
SHA-256 | d690ecf7e145b683b54a64902e65659e5699998d810089dabf020ceba9099d7c
Red Hat Security Advisory 2017-0837-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0837-01 - The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries. Security Fix: Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution.

tags | advisory, vulnerability, code execution
systems | linux, redhat, windows
advisories | CVE-2017-5208, CVE-2017-5332, CVE-2017-5333, CVE-2017-6009, CVE-2017-6010, CVE-2017-6011
SHA-256 | a64c88451c8deb41ef075e4a4408fab4195f909b66f0381533d4a4744df9d671
Red Hat Security Advisory 2017-0832-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0832-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-8656, CVE-2016-9589
SHA-256 | 8245ad9301bcd58261eba32d4c0a381fd32f1fd886dc2f27ea7813a179ebaeac
Red Hat Security Advisory 2017-0830-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0830-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-9589
SHA-256 | ca87b4a2f94a015254df031c0beb6d38e88ef008135da6a7e925cc280afaf8da
APNGDis 2.8 Buffer Overflow
Posted Mar 23, 2017
Authored by Alwin Peppels

APNGDis version 2.8 suffers from multiple overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2017-6191, CVE-2017-6192, CVE-2017-6193
SHA-256 | 5a19a1e4e31c23da558e2d90f1f4413bdf2655fa2b5f9dd5c30d65e457f6cf8a
Joomla FocalPoint 1.2.3 SQL Injection
Posted Mar 23, 2017
Authored by Mojtaba MobhaM

Joomla FocalPoint component version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 419f784ff8442434b7fa865ec9cef0df98b08ae1c02fbf2bd8df38f7db6e6502
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close