exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2016-01-08 to 2016-01-09

WordPress AzonPop 1.0.0 SQL Injection
Posted Jan 8, 2016
Authored by Ac!D

WordPress AzonPop plugin version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d43fdd9d6e462d91f35b4a28afb5f0cc6681694b5836544ae808fda3203b36b1
Linux/x86_64 Egghunter Shellcode
Posted Jan 8, 2016
Authored by Sathish Kumar

18 bytes small Linux/x86_64 egghunting shellcode.

tags | shellcode
systems | linux
SHA-256 | 4be4948b091b9dfa6f038690c14c3670b190b01405203192db73c45d19c48cd5
MobaXTerm Incorrect Port Forwarding Bind
Posted Jan 8, 2016
Authored by Thomas Bleier

MobaXTerm versions prior to 8.5 fail to bind forwarded SSH ports to the loopback device.

tags | advisory
SHA-256 | 5a2dd8e3090e538470c2fd7ddb6861827557340480151355fd3ca16a9e3d0ef5
o2 DSL Auto Configuration Server Credential Disclosure
Posted Jan 8, 2016
Site redteam-pentesting.de

The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.

tags | exploit, arbitrary
SHA-256 | f61935b3b37229ff1b4f27ebaef671d58dbbebb3c4c012e1603981367b17881b
GNU Transport Layer Security Library 3.3.20
Posted Jan 8, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Multiple security fixes including a memory leak and out of bounds read.
tags | protocol, library
SHA-256 | 4c903e5cde7a8f15318af9a7a6c9b7fc8348594b0a1e9ac767636ef2187399ea
Apple Security Advisory 2016-01-07-1
Posted Jan 8, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-07-1 - QuickTime 7.7.9 is now available and addresses multiple memory corruption issues.

tags | advisory
systems | apple
advisories | CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117
SHA-256 | 517e07fd6714e7e2ecd3ba64bcf60b39e9610286dabdd445685443f667059b2a
Red Hat Security Advisory 2016-0010-02
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0010-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540
SHA-256 | 89f20e4822a7bbff9cbe595e4c9b7e262ec003f61ce60cf39cc4b99cb1dc736d
Red Hat Security Advisory 2016-0011-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0011-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5252, CVE-2015-5296, CVE-2015-5299
SHA-256 | 7361a87b868abd0536a182c1d2a161d23034925d598dfdc4ced441e5d36afe5a
Red Hat Security Advisory 2016-0012-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0012-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-7575
SHA-256 | 2be9da663fc2445d96233e12550216a67075737ef62f2979035aed0899647d28
Red Hat Security Advisory 2016-0009-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0009-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.

tags | advisory, remote, denial of service, local
systems | linux, redhat
advisories | CVE-2015-3223, CVE-2015-5330
SHA-256 | 7744b8e0626a8901ae916b7e2470b53a173f787163b7b9145e30b729863d1bea
Red Hat Security Advisory 2016-0008-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0008-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-7575
SHA-256 | 52178e2035ec5d3abc8afc8f4c47472de6113e24e32fefd233c654376765669c
Ubuntu Security Notice USN-2865-1
Posted Jan 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2865-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-7575
SHA-256 | 4299b52f55c8c2830d857eaf3a6bad98b1e0a177474b6046f3f95782e39d671f
Red Hat Security Advisory 2016-0016-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0016-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330
SHA-256 | 1d8ff6e2ba56dc079e6a794292cbc443fa3729c3047b4fa27c6998e53fc0bfc1
Red Hat Security Advisory 2016-0015-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0015-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540
SHA-256 | e7476774b5f9c85270690826f5f1e544dc5c73fbe57f70b44735340d28740d81
Red Hat Security Advisory 2016-0006-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0006-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540
SHA-256 | edf0fb514d3c6ce3421118cdbbd2a073602544574ed4b012c2f36821051776c9
Red Hat Security Advisory 2016-0014-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0014-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb, would cause that application to consume an excessive amount of memory and crash. A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.

tags | advisory, remote, denial of service, local
systems | linux, redhat
advisories | CVE-2015-3223, CVE-2015-5330
SHA-256 | b68687782b26d57dd2c5e68c3efd3463fe80d9a646ae0980128e2a9152d079f3
HPE Security Bulletin HPSBUX03435 SSRT102977 1
Posted Jan 8, 2016
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03435 SSRT102977 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including: The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Apache does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-2808, CVE-2015-3183, CVE-2015-4000
SHA-256 | 918b77ebec19829d1b59175aae0a8ee89dbdd934b71e72c94b5d47c034841f94
Red Hat Security Advisory 2016-0007-01
Posted Jan 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0007-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7575
SHA-256 | 49cfd58614f0b0d586c03fd76f98b32154163b40e29b714e4486ec3f7fad0fa0
WordPress Symposium Pro Social 15.12 XSS / CSRF
Posted Jan 8, 2016
Authored by Rahul Pratap Singh

WordPress Symposium Pro Social plugin version 15.12 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | f82db69c55d75e7d641af48a0a2618294b87b297b5eaa1361b0915522fa7df05
TrueCrypt 7.1a / 7.2 DLL Hijacking
Posted Jan 8, 2016
Authored by Stefan Kanthak

TrueCrypt versions 7.1a and 7.2 suffer from a DLL hijacking vulnerability with their installers.

tags | exploit
systems | windows
SHA-256 | b187b2c7c60559be858f2e25938339fb99a96d589a36224f2df31b6207d1c3f0
Linux/x86 Egghunter Shellcode
Posted Jan 8, 2016
Authored by Dennis Herrmann

13 bytes small Linux/x86 egghunting shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 4238f72dd1d09bd20c2070130ad571b9678c15bf2b98e1f8d3fd350b49dcd746
Stanford Cross Site Scripting
Posted Jan 8, 2016
Authored by Sha4yan

Stanford's CGI subdomain suffers from a cross site scripting vulnerability.

tags | exploit, cgi, xss
SHA-256 | b828d5f3b9d6e3d8a71e219a8d7e4af37707c72dd459f17ab0df4a06df946b7d
Ubuntu Security Notice USN-2864-1
Posted Jan 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2864-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-7575
SHA-256 | d6dbb440dd90c2848a373a61e5571708dbda96879cf8b5d1e7825700e41d8227
AVM FRITZ!OS HTML Injection
Posted Jan 8, 2016
Authored by Dr. Daniel Schliebner | Site ds-develop.de

AVM FRITZ!OS versions prior to 6.30 suffer from an html injection vulnerability.

tags | exploit, xss
advisories | CVE-2015-7242
SHA-256 | bdf821aa57faacdfb6631eb130eb6e07c1218ed15142670e47b5f07230d3de6e
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close