exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-10-29 to 2015-10-30

Libstagefright Saio Tag Integer Overflow / Heap Corruption
Posted Oct 29, 2015
Authored by Chris Evans, Google Security Research

Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3868
SHA-256 | de3c115352c90fa8f2310b17c7ea48cfcb49051855371160b2525f16b5d92a47
Libstagefright Integer Overflow Check Bypass
Posted Oct 29, 2015
Authored by Google Security Research, natashenka

Libstagefright integer overflow checks can be bypassed with extended chunk lengths.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-1538
SHA-256 | 15eceaf95482d14e738ec82c591c2ef6f10dc84faa2b08d52245a8476148b162
Microsoft Security Bulletin Revision Increment For October, 2015
Posted Oct 29, 2015
Site microsoft.com

This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.

tags | advisory
SHA-256 | dfc6d50a5439219f0823d7272a2dbf8ec52bc5fafadfa2b49a9b018b28c91002
Red Hat Security Advisory 2015-1955-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
SHA-256 | 8c856795a9fce1c3f213548d0b1010a365f10422954849fe64eeb01346c587da
Red Hat Security Advisory 2015-1956-01
Posted Oct 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
SHA-256 | 5a3aea5683b1410bf7fb04eacf5b411ad506169e7c8712846e042615e9be734b
Ubuntu Security Notice USN-2788-1
Posted Oct 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7696, CVE-2015-7697
SHA-256 | de45b1383c5e5a7528aa33c19008c2e1509e1607e528e06b77d3ad12186a6ab1
The TrustedSec Attack Platform (TAP)
Posted Oct 29, 2015
Authored by David Kennedy | Site github.com

TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.

tags | tool, remote, rootkit
systems | linux, unix
SHA-256 | a42c3f31a3a76e5688666de6f602e9c95f4c10fab29266ee874d7f2dae3b3851
Intel x86 Considered Harmful
Posted Oct 29, 2015
Authored by Joanna Rutkowska

This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.

tags | paper, x86
SHA-256 | 21aff52a293ba0e23ed85f93772ac4823589aaf5b93e76d95c0c62d46c9ba78d
Oxwall 1.7.4 Cross Site Request Forgery
Posted Oct 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-5534
SHA-256 | 88ada6ac426249e6a52b83bd212e37b27d3c0891970c6b58a7203e704fd03a16
AMD fglrx-driver 14.4.2 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.

tags | advisory
advisories | CVE-2015-7723
SHA-256 | 4e6dcfe5ce3f850f7a06aad8a578e3e8da7469c5142c18444505b01a35ff813c
AMD fglrx-driver 15.7 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 15.7.

tags | advisory
advisories | CVE-2015-7724
SHA-256 | 16d49a42c76981e04c0c6c2f6da6ae7568dd75790a6bcb587a7e5d388da2e479
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/oramipp_lpr servlet.

tags | advisory, xxe
advisories | CVE-2015-4851
SHA-256 | de8ff071f7c958b91bd1cfd996007fd7b0ecb3dec217f9ae5e66e3d96ad27826
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/IspPunchInServlet servlet.

tags | advisory, xxe
advisories | CVE-2015-4849
SHA-256 | 6fb7e76643fd36ba0f6358346bf6ca64dbdedb6d5bcb98f6fd505aead1f86292
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.

tags | advisory, xxe
advisories | CVE-2015-4886
SHA-256 | 64f773023ff0e889e6870ab0b5f1dc0367b44615f3ae94952e1f839c93009706
Debian Security Advisory 3382-1
Posted Oct 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3382-1 - Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902, CVE-2015-3903, CVE-2015-6830, CVE-2015-7873
SHA-256 | a93f6314c208ca69323c9cf6014b4a03fe8867726f8c572dd496581e32bcf7e7
Ubuntu Security Notice USN-2787-1
Posted Oct 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2787-1 - Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7747
SHA-256 | 76ca345d81163d656979d7736b524cd596a7ffa4f485eeeeb2abd67abab765cc
Joomla JNews SQL Injection
Posted Oct 29, 2015
Authored by Omer Ramic

The Joomla JNews component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8287b68a05ca05664203c4326611ce19b973e1b007488fd368ffc02614c741c3
Mozilla SETUP.EXE DLL Injection
Posted Oct 29, 2015
Authored by Stefan Kanthak

Mozilla's SETUP.exe suffers from a classic DLL injection vulnerability.

tags | exploit
SHA-256 | f0f3561003f9aad503eddd10d186760a70b521b4ca5d80ae51ab265713117c58
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close