what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2015-07-03 to 2015-07-04

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Posted Jul 3, 2015
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.

tags | exploit, overflow, root
systems | linux, windows, ubuntu
advisories | CVE-2015-3043, CVE-2015-3113
SHA-256 | df6c07c8c61e9ddc1ee258859a800c72ade8287343881e5bac8140e590346c42
Red Hat Security Advisory 2015-1207-01
Posted Jul 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1207-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743
SHA-256 | 98590f698903ca4074a96b334aca1bcb4c4cd6916a86e1c1bad01d3d45b16892
Soreco AG Xpert.Line 3.0 Authentication Bypass
Posted Jul 3, 2015
Authored by Alessandro Zala

Soreco AG Xpert.Line version 3.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2015-3442
SHA-256 | c98fbb06cb49a8e133fd3cb5a59e1e2551ec4c78f54e19c3194dc575980376f0
BlackCat CMS 1.1.1 Path Traversal
Posted Jul 3, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

BlackCat CMS version 1.1.1 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-5079
SHA-256 | eb9f1e40548399becf1773ae639850fb9aa7f0181124f0e7f395dcc0f08cb347
Snorby 2.6.2 Cross Site Scripting
Posted Jul 3, 2015
Authored by Federico Fazzi

Snorby version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 94c15120b89c9cb6d9e68b41fcad99033963277c4065ef72edc9c41bc5c24e6d
ipTIME n104r3 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 3, 2015
Authored by Pierre Kim

ipTIME n104r3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 988ca878ce6179d51150c2f47fb8f400ba022e083a41c70fc0745929e4016338
OLE Packager Embedding Issues
Posted Jul 3, 2015
Authored by Kevin Beaumont

This write up discusses the dangers around the OLE packager used to embed any file into Office documents.

tags | paper
SHA-256 | 5509a7219c971da3da4845092734860348e1252d37f58e83a5749a69db947031
WordPress easy2map 1.24 SQL Injection
Posted Jul 3, 2015
Authored by Larry W. Cashdollar

WordPress easy2map plugin version 1.24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-4614, CVE-2015-4616
SHA-256 | 48a41fd75aa960d400a8fb8ea6ba5a2adfeb0a2999b947c6d7d8e9b1c2fa7eac
Debian Security Advisory 3298-1
Posted Jul 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3298-1 - It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.

tags | advisory, web, xxe
systems | linux, debian
advisories | CVE-2015-1833
SHA-256 | d091fdea4958a8151a20ee1e53c260ff67a24262ac3e41f169fd462922e71faf
Red Hat Security Advisory 2015-1206-01
Posted Jul 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1206-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the cinder upload-to-image functionality. When processing a malicious qcow2 header cinder could be tricked into reading an arbitrary file from the cinder host.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-1851
SHA-256 | 434113d243ca518c4c62bc64eeb6317611b214e1380deb5a81660dfa91d55655
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close