exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-02-23 to 2016-02-24

Core FTP Server 1.2 Buffer Overflow
Posted Feb 23, 2016
Authored by INSECT.B

Core FTP Server version 1.2 buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | e51b115e282e22f8eb70f8926781e1be7f647f3ad859e91402bf0c87c5d703bb
Android Calling Getpidcon Gets Wrong Security Context
Posted Feb 23, 2016
Authored by Google Security Research, forshaw

The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass.

tags | advisory
systems | linux
SHA-256 | 2490431986cf0e3ac461ee3404bc3e4c47f1124ec963ad8e900b6344954fe156
Wireshark Dissect_oml_attrs Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
SHA-256 | a9c690614b625bb6e5172e86cdd465b90ff09e43557968287968a407281a00eb
Wireshark Add_ff_vht_compressed_beamforming_report Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
SHA-256 | cc44a554664cced1126d7b0eefa4b8b8ae37e321ffffa876f3e526a0ffcaef9b
Wireshark Dissect_ber_set Out-Of-Bounds Read
Posted Feb 23, 2016
Authored by Google Security Research, mjurczyk

A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
SHA-256 | c861f9e59caf134ae57436cc31633c01b724e7061729a02b6ad1d5423e02767b
Adobe Flash SimpleButton Creation Type Creation
Posted Feb 23, 2016
Authored by Google Security Research, natashenka

There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created in the Button class, and it not of type Button, type confusion can occur.

tags | exploit
systems | linux
advisories | CVE-2015-8644
SHA-256 | 7599e6513ebba54c924cb1897955fa83dea113a866068a2d1b4b039d4ac55dc5
Red Hat Security Advisory 2016-0286-01
Posted Feb 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0286-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.116, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1629
SHA-256 | 4cf4e22431bdf03448a4e3f512c5d26c9e0068809e598361c11a60b7f1028dfe
libquicktime 1.2.4 Integer Overflow
Posted Feb 23, 2016
Authored by Marco Romano

libquicktime version 1.2.4 suffers from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2016-2399
SHA-256 | a18ee42207f71292921df36339bb1b46024cc2f78247f2097c3c4680d968095c
OpenCms 9.5.2 Cross Site Scripting
Posted Feb 23, 2016
Authored by Rainer Boie | Site syss.de

OpenCms version 9.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 90836f4c2cffaaf16a53502663f30a5c82ff5d7140b8933a573d1c03a30e34a1
Ubiquiti Networks airCRM Cross Site Scripting
Posted Feb 23, 2016
Authored by Vulnerability Laboratory, Milan A Solanki | Site vulnerability-lab.com

Ubiquiti Networks airCRM suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f2b775e79d03a2cc370f6a2bf89471ee03eb635b2394f01e29521174484b003d
InstantCoder 1.0 Local File Inclusion / Directory Traversal
Posted Feb 23, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

InstantCoder version 1.0 suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 32b72fde3ade255be3337d1086e3aadf7c3b2e00de7b7ebefe855c625ae0613f
Apache Tomcat Security Manager Bypass
Posted Feb 23, 2016
Authored by Mark Thomas | Site tomcat.apache.org

ResourceLinkFactory.setGlobalContext() is a public method and was accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applications and/or read and write data owned by other web applications. Apache Tomcat versions 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 through 9.0.0.M2 are affected.

tags | advisory, web
advisories | CVE-2016-0763
SHA-256 | ac830c66f4618379f15b9c52065d4800a58e4532b36aa5e987cfc5a7dea7eb16
Prezi Cross Site Scripting
Posted Feb 23, 2016
Authored by Vulnerability Laboratory, Milan A Solanki | Site vulnerability-lab.com

Prezi suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ed4edac103084550d1c46e24e4481ef4e689b50adc09f57ba98e58bad2c1e956
Apache Tomcat Directory Disclosure
Posted Feb 23, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was therefore possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.65, and 8.0.0.RC1 through 8.0.29.

tags | advisory, web, root
advisories | CVE-2015-5345
SHA-256 | f43d6dbb774b4dfc48b17b117d3cde0c12a7d82fc18efc497696311d683c01f8
Debian Security Advisory 3486-1
Posted Feb 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3486-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627, CVE-2016-1628, CVE-2016-1629
SHA-256 | 6412bc588604122925aaa48d9159949366b995488084328d43e304f5bfee3719
HP Security Bulletin HPSBHF03544 1
Posted Feb 23, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03544 1 - Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-3143, CVE-2015-3148
SHA-256 | 85b2d81dc1b3f872228664d35268d8bbb970c56095b755f549519a9b80b7f991
Debian Security Advisory 3485-1
Posted Feb 23, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3485-1 - Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

tags | advisory
systems | linux, debian
advisories | CVE-2013-7448
SHA-256 | de7c36e76f0e614ecfa9779f41047f243f70850b23536a99e00de9a848956e1e
Ubuntu Security Notice USN-2911-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2911-1 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7550
SHA-256 | c1d1a96c7e89baed2b724784ee9c7e56babd900204217955717b0dd16b55c9f3
Ubuntu Security Notice USN-2911-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2911-2 - It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7550
SHA-256 | c9ed535541ec0c4f4515317d0d00db4bc2935771d6ef87c35aa8526850ee5943
Ubuntu Security Notice USN-2909-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
SHA-256 | 47eca111b5e14e6a83d4d3e3e108c3c0f4bb558525426c43eb0ea1c7acf76544
Ubuntu Security Notice USN-2910-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
SHA-256 | d315767d6b74fc5875e1959ee3b8350c03d865880496c94d9e5829712fcd69a4
Ubuntu Security Notice USN-2908-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
SHA-256 | 3bd3447a7566b4ddafb9950b75297f97dfae5f898ad9d051beef16b3a2597662
Ubuntu Security Notice USN-2908-3
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-3 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
SHA-256 | 8716f9dfa5387ac6e3e6ff94510d7161d98367b8036548e12a2e1d81732e1f1c
Ubuntu Security Notice USN-2908-1
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-1 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
SHA-256 | 07596e6ec12eeb907c4ab0d2cdc1c2ab789da78a8039e9d891d2a3f13f37c5f4
Ubuntu Security Notice USN-2907-2
Posted Feb 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2907-2 - halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
SHA-256 | 963e536d218f0e81e41ebb8a8147fbedb301ff6538499599412b9b5c1093f890
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close