exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-06

iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection
Posted Nov 6, 2017
Authored by Benjamin Bruppacher

iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.

tags | advisory, xxe
advisories | CVE-2017-9096
SHA-256 | 28a8b1badebadad07e326e2363388a39384fcbcb1f223722393aafea4bef3345
Ubuntu Security Notice USN-3475-1
Posted Nov 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3475-1 - It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2017-3735, CVE-2017-3736
SHA-256 | dc6c25451009be5ce9782f82197c75fdc4e6f83d2f796ae27a71f4e114494fe0
Red Hat Security Advisory 2017-3123-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3123-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 28fdc5b7d9943c9fd521934c6ffa5073ede4a33357d89422643958c1f872c617
Red Hat Security Advisory 2017-3124-01
Posted Nov 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3124-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for lucene package in Red Hat JBoss Enterprise Application Platform 7.0.8 Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2017-12629
SHA-256 | 0cff01a99fabae33b338c54b5f3b0607af75e396e5993e5a2faccdc5fa1e216e
Bypassing Browser Security Policies For Fun And Profit
Posted Nov 6, 2017
Authored by Rafay Baloch

In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.

tags | paper, spoof
SHA-256 | 5a69b239b2474e58b1ae71b86cf3b0aeb2d70db3a14e35ae2083a8a6439e312b
Ubuntu Security Notice USN-3474-1
Posted Nov 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3474-1 - Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service or potentially execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8184
SHA-256 | 868f63ea0d6695535f657289f1be16c26bb01476391f0140fecd677a0758202a
Debian Security Advisory 4019-1
Posted Nov 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4019-1 - This update fixes several vulnerabilities in imagemagick. Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed image files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-11446, CVE-2017-11523, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12428, CVE-2017-12431, CVE-2017-12432, CVE-2017-12434, CVE-2017-12587, CVE-2017-12640, CVE-2017-12671, CVE-2017-13139, CVE-2017-13140, CVE-2017-13141, CVE-2017-13142, CVE-2017-13143, CVE-2017-13144, CVE-2017-13145, CVE-2017-9500
SHA-256 | 8995848032a0fd3e8b1f811f8f39121c2d26512b03f369b89055048f6863e6cb
Debian Security Advisory 4016-1
Posted Nov 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4016-1 - Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-10965, CVE-2017-10966, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723
SHA-256 | bf7f13f9b71832a153658aab9864211075d6645bba401c3c5a80c7d3dc77aea1
FreeFloat FTP Server 1.0 HOST Buffer Overflow
Posted Nov 6, 2017
Authored by 1N3

FreeFloat FTP Server version 1.0 HOST buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
SHA-256 | 87bd79a5a3aaf3db3a9c08a2705273f1b0d9a1babc34e142e265648150d6db47
CoolPlayer+ Portable 2.19.6 Stack Overflow
Posted Nov 6, 2017
Authored by 1N3

CoolPlayer+ Portable version 2.19.6 stack overflow exploit with ASLR bypass and a bind shell.

tags | exploit, overflow, shell
SHA-256 | 2770a7c3c1fa06a4d9f54ade807802dca163b3df6f2cbc67ab49bc588a33dc2a
WorldCIST 18 Call For Papers
Posted Nov 6, 2017
Site worldcist.org

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'18. It will be held in Naples, Italy March 27th through the 29th, 2018.

tags | paper, conference
SHA-256 | 541556e137603510e7991490227598d63cb6214d7d5bf9e3510e7d36d60e1ed2
web2Project 3.3 Cross Site Scripting
Posted Nov 6, 2017
Authored by M.R.S.L.Y

web2Project version 3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4e6061f7049db3f6ee28110d571a346a4c51cc5a2b74c0aa52213cf848a52f78
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
Posted Nov 6, 2017
Authored by Himash N

Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 3f8c59e33b8267ad740a31fd21ae62122d786275ce1e9fcfc12668bdf7cb0e5f
Zoho ManageEngine Applications Manager 13 SQL Injection
Posted Nov 6, 2017
Authored by Cody Sixteen

Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-16542, CVE-2017-16543
SHA-256 | e79e67b62c5a3db8d9973fd1eb18a3c66ece70790cdf160b8cd6d21bd4354906
Linux Soft Exploit Suggester 0.6
Posted Nov 6, 2017
Authored by Belane | Site github.com

linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities.

tags | tool, kernel, vulnerability
systems | linux, unix
SHA-256 | 20009748ba9fa57679b1b68af63dfc63603cba2ab5a3b7c8ce30d9ad5da18322
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close