the original cloud security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-10-06 to 2015-10-07

Truecrypt 7 Privilege Escalation
Posted Oct 6, 2015
Authored by Google Security Research, forshaw

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token which allow a user to inspect and potentially manipulate other users mounted encrypted volumes on the same machine.

tags | exploit, local
systems | linux, windows
advisories | CVE-2015-7359
MD5 | d4c1059c95e584bc27cd63a4c99e5071
OpenSCAP Libraries 1.2.6
Posted Oct 6, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | tool, protocol, library
systems | unix
MD5 | 9c40ec65fec2649cd98ae5025abfd5f6
OpenDNSSEC 1.4.8.2
Posted Oct 6, 2015
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Support for RFC5011 style KSK rollovers. New repository option AllowExtraction in Enforcer allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.
tags | tool
systems | unix
MD5 | d7a45659318667d612208066f94d43b2
Distro Checker 1.0.1
Posted Oct 6, 2015
Authored by Francisco Amato | Site blog.infobytesec.com

Distro Checker is a tool written for doing cross distribution exploit testing.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 44e08a1cda1f9ad4b05323158d9ef167
Faraday 1.0.15
Posted Oct 6, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Hosts and Services views now have pagination and search. Continuous Scanning Tool cscan added to ./scripts/cscan. Added sections of Commercial versions. Various other updates and additions.
tags | tool, rootkit
systems | unix
MD5 | 8c994485c5e2ed6e4a2e5bf6a70b29a3
PHP-Fusion 7.02.07 Blind SQL Injection
Posted Oct 6, 2015
Authored by Manuel Garcia Cardenas

PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.

tags | exploit, remote, php, sql injection
MD5 | 568b43589df7c6e13bfcb811b922933a
LanSpy 2.0.0.155 Buffer Overflow
Posted Oct 6, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c50f5946a8cdcba7053adfb7978e02fd
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2015-7669
MD5 | 38c3abb6ba1cded02e5318c4963366d8
WordPress Easy2Map 1.2.9 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7668
MD5 | 0801896ac3ebff3271d6856a7b208db1
WordPress ResAds 1.0.1 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7667
MD5 | f7be5d3747f5f988dd39ce94e7843e27
Ubuntu Security Notice USN-2753-3
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2753-3 - USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the problem. Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
MD5 | 74cc1906ceb5622deec8ace92c0a41fd
Ubuntu Security Notice USN-2765-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2765-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
MD5 | edb4dd3646e86639f8d4151bf158a472
Ubuntu Security Notice USN-2764-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2764-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
MD5 | 90ae14e30dc9bc649f8ec6c32b63b433
Ubuntu Security Notice USN-2763-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2763-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
MD5 | 6cd9945d6746a03d10a3a663a6361a41
Ubuntu Security Notice USN-2762-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2762-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
MD5 | de20a485f6120af3d7395d8c285fd2ec
Ubuntu Security Notice USN-2761-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2761-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
MD5 | a1f11450835570bc7161177cd96e22b0
WordPress Payment Form For PayPal Pro 1.0.1 XSS
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7666
MD5 | 09bcaa1d6620bf662de0a134bec4ce00
Liferay Portal 6.2 EE SP13 Cross Site Scripting
Posted Oct 6, 2015
Authored by Tim Schughart

Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.

tags | exploit, xss
MD5 | 95d13b73746e2bfceb87b5564e23bb27
SourceBans 1.4.11 Cross Site Scripting
Posted Oct 6, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-8349
MD5 | a0a1bd04a803569dabb2411f7e9e49bf
ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal
Posted Oct 6, 2015
Authored by xistence

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | dacb14eb812464766d3272d40a123e3c
Cisco AnyConnect Secure Mobility Client 3.1.08009 Privilege Elevation
Posted Oct 6, 2015
Authored by Google Security Research, forshaw

Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command.

tags | exploit, local
systems | cisco, linux
advisories | CVE-2015-6305
MD5 | 2287bf46457bb87b38593e1abc50a6bb
ZTE ZXHN H108N 3.3.0_MU CWMP Configuration Disclosure
Posted Oct 6, 2015
Authored by Todor Donev

ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.

tags | exploit
MD5 | b09f65f37b970208101d65dc6b4e483e
Callisto 821+R3 Cross Site Request Forgery
Posted Oct 6, 2015
Authored by MustLive

Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 1886110bc62f6fcfdcd0de0e2a09ce52
WordPress U-Design Theme 2.7.9 Cross Site Scripting
Posted Oct 6, 2015
Authored by K3n4ng

WordPress U-Design theme versions 2.3.0 through 2.7.9 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-7357
MD5 | 8a001d1ef92e6a1e84da68420f7da791
Shell Shock Auto Exploitation Script
Posted Oct 6, 2015
Authored by Rafay Baloch

This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.

tags | exploit, tool, python
MD5 | 46a727bfeb409d8d5ff59e33fd541e66
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close