exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-11-03 to 2015-11-04

Redis Remote Command Execution
Posted Nov 3, 2015
Authored by Antirez | Site antirez.com

Redis has eloquently explained how it can be used for remote command execution if not securely configured to mitigate arbitrary access.

tags | exploit, remote, arbitrary, code execution
SHA-256 | 242d350f9f4267b8b7b3333e976644b434273c28d37e0fe9d940bc79a5df6408
HP Security Bulletin HPSBGN03426 1
Posted Nov 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03426 1 - A potential security vulnerability has been identified with HP Mobility Software (MSM). This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-0235
SHA-256 | 6091783b2289bfdb9b8675dbc360b5d56c867a5f613e76dfc179aa4453a06de0
Debian Security Advisory 3355-2
Posted Nov 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3355-2 - The previous update for libvdpau, DSA-3355-1, introduced a regression in the stable distribution (jessie) causing a segmentation fault when the DRI_PRIME environment variable is set.

tags | advisory
systems | linux, debian
SHA-256 | 5f6b60436fc44f548f0d7c2880baff541361567e433078e4d272b04b1e2cc027
HP Security Bulletin HPSBMU03518 1
Posted Nov 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03518 1 - A potential security vulnerability has been identified with HP Vertica. The vulnerability could be exploited remotely resulting in code execution. Revision 1 of this advisory.

tags | advisory, code execution
advisories | CVE-2015-6867
SHA-256 | 7f553141ec25ec06e07344ba7f76cf8c1897c2485ca17ca6109adefc7b0112c1
Debian Security Advisory 3390-1
Posted Nov 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3390-1 - It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping.

tags | advisory
systems | linux, debian
advisories | CVE-2015-7835
SHA-256 | 8119581ed5cb3f63cfdf7d6b22d5d0dd0d8e6a293859d5eec789049da8ed88bd
Gentoo Linux Security Advisory 201511-01
Posted Nov 3, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201511-1 - An attacker who already had access to the environment could so append values to parameters passed through programs. Versions less than 50c are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 209f309202d6754f30941951ee194eb7a30cb024c847b5ff228ec176307e9d64
Alcatel-Lucent Home Device Manager Spoofing
Posted Nov 3, 2015
Authored by Dr. Ulrich Fiedler | Site swisscom.ch

A vulnerability has been discovered in the TR069 protocol that can potentially affect all Automatic Configuration Servers (ACS). The issue has been fixed in the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing filter. HDM allows service providers to remotely manage CPEs, such as residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise a home networking environment. The vulnerability allows an attacker to perform impersonation attacks by spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized access to third-party SIP Credentials for the spoofed device and perform illegal activities (phone fraud). The vulnerability has been tested and confirmed. Versions prior to 4.1.10 may be affected.

tags | advisory, spoof, protocol
advisories | CVE-2015-6498
SHA-256 | bb13ec0be93a31f8e2c934935c308ea9e341daec05a508fc4772379dd2f84795
Chyrp CMS 2.5.2 Cross Site Scripting
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

Chyrp CMS version 2.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83bca201d29ab70c1bde980fbed88a3c5b010df44c4f99ec14e273e3548fa878
SQL Buddy 1.3.3 Cross Site Scripting
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

SQL Buddy version 1.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 095875585ce631e64d373c32b8720f8e6015352923ad899af5491bf668b70e5d
SQL Buddy 1.3.3 Cross Site Request Forgery
Posted Nov 3, 2015
Authored by Tim Coen | Site curesec.com

SQL Buddy version 1.3.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a94ff71a7a5790907a132bd1bfa4a5e909b013012819550128d21c9daaaeb079
DAVOSET 1.2.6
Posted Nov 3, 2015
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added support of comments in the lists. Various other updates.
tags | tool, denial of service
SHA-256 | dbe801c6151945adda945e3a365ce75db328fcdd175a89c336887de3dc328e47
Linksys X2000 Command Execution
Posted Nov 3, 2015
Authored by Lorenzo Pistone

The Linksys X2000 suffers from a remote, unauthenticated command execution vulnerability that scores root privileges.

tags | exploit, remote, root
SHA-256 | 780ce5cf269501946fe350376b8f4c285c696d279123637112d467d5e14f3e90
Samsung Galaxy S6 Android.media.process Face Recognition Memory Corruption
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung Galaxy S6 Android.media.process face recognition memory corruption proof of concept exploit.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-7897
SHA-256 | a5e7dfca54ad57cd87ac2d393d7a5abcda17cd922cada6c71474e80ae98e77e0
Samsung LibQjpeg Image Decoding Memory Corruption
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung LibQjpeg suffers from a memory corruption vulnerability in the DCMProvider service when decoding an image.

tags | exploit
systems | linux
advisories | CVE-2015-7894
SHA-256 | 5ac160d206c75cc91f847a1d4b2392558060e7cff39dcd58682c6c240637d514
Samsung Galaxy S6 LibQjpeg DoIntegralUpsample Crash
Posted Nov 3, 2015
Authored by Google Security Research, natashenka

Samsung Galaxy S6 LibQjpeg memory corruption proof of concept exploit.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-7896
SHA-256 | 00a3e0053aaaff6e526e5ce32b3ddb9478f66295e94d52e198a75a61fc3556ed
TeleGraph.co.uk Cross Site Scripting
Posted Nov 3, 2015
Authored by Jing Wang

TeleGraph.co.uk suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8efa1ce3a3f77847ba55dfb66b1466c5f995d547154ef4f75cf573237dcbef4f
Daily Mail Unvalidated Redirect / Cross Site Scripting
Posted Nov 3, 2015
Authored by Jing Wang

Various Daily Mail sites suffered from unvalidated redirect and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d676633b8b03fec3c166bca2036fd061d900f00156a3124c15ae666a2933efe0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close