Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-06

iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection
Posted Nov 6, 2017
Authored by Benjamin Bruppacher

iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.

tags | advisory
advisories | CVE-2017-9096
MD5 | b4f4f5142c0c778840b48038c076d309
Ubuntu Security Notice USN-3475-1
Posted Nov 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3475-1 - It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-3735, CVE-2017-3736
MD5 | 0c64cb5d962437f833874411911c027a
Red Hat Security Advisory 2017-3123-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3123-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
MD5 | 79ff95597fc0e471af2d140d6e91b630
Red Hat Security Advisory 2017-3124-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3124-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8 Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
MD5 | 7ac25e1d8b8d144ce37c4990aa173791
Bypassing Browser Security Policies For Fun And Profit
Posted Nov 6, 2017
Authored by Rafay Baloch

In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.

tags | paper, spoof
MD5 | ae67f5ff17aa89a494c33e64468b75e0
Ubuntu Security Notice USN-3474-1
Posted Nov 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3474-1 - Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service or potentially execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8184
MD5 | cd8e221cd75b7f22ca68e5e705eecbde
Debian Security Advisory 4019-1
Posted Nov 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4019-1 - This update fixes several vulnerabilities in imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-11446, CVE-2017-11523, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12428, CVE-2017-12431, CVE-2017-12432, CVE-2017-12434, CVE-2017-12587, CVE-2017-12640, CVE-2017-12671, CVE-2017-13139, CVE-2017-13140, CVE-2017-13141, CVE-2017-13142, CVE-2017-13143, CVE-2017-13144, CVE-2017-13145, CVE-2017-9500
MD5 | eab39265199beb50956c465c84feefa1
Debian Security Advisory 4016-1
Posted Nov 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4016-1 - Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-10965, CVE-2017-10966, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723
MD5 | 1e4b74ab8ec4549fd35323626f505af6
FreeFloat FTP Server 1.0 HOST Buffer Overflow
Posted Nov 6, 2017
Authored by 1N3

FreeFloat FTP Server version 1.0 HOST buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
MD5 | 279ef236aabe94105640f6b282f744be
CoolPlayer+ Portable 2.19.6 Stack Overflow
Posted Nov 6, 2017
Authored by 1N3

CoolPlayer+ Portable version 2.19.6 stack overflow exploit with ASLR bypass and a bind shell.

tags | exploit, overflow, shell
MD5 | 7aaf5691cd3da9557d896e0e81599b4f
WorldCIST 18 Call For Papers
Posted Nov 6, 2017
Site worldcist.org

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'18. It will be held in Naples, Italy March 27th through the 29th, 2018.

tags | paper, conference
MD5 | 2218e42d14a7e7428348484f3cf2bfb6
web2Project 3.3 Cross Site Scripting
Posted Nov 6, 2017
Authored by M.R.S.L.Y

web2Project version 3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4e8e7b7c29e31c60bed470d5f0f52883
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
Posted Nov 6, 2017
Authored by Himash N

Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d50ba80bd092d2bcf2040522c57ed047
Zoho ManageEngine Applications Manager 13 SQL Injection
Posted Nov 6, 2017
Authored by Cody Sixteen

Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-16542, CVE-2017-16543
MD5 | 8115dc4d1bf7c179bd4ceb7ff2fb80df
Linux Soft Exploit Suggester 0.6
Posted Nov 6, 2017
Authored by Belane | Site github.com

linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities.

tags | tool, kernel, vulnerability
systems | linux, unix
MD5 | b248537a3fb85ecece3d4a20f333b5d7
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close