exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 452 RSS Feed

Files Date: 2016-02-01 to 2016-02-29

Libxml2 XmlParserPrintFileContextInternal Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
SHA-256 | 24fceb475313278d19f5a23db69ad822ae87dfa7f82a3ba37404f43ef5ba46e0
Libxml2 XmlDictAddString Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
SHA-256 | a0b62fab44a37693fd14db3f0e3e858745cb319b96780df04ea679a925ececb6
Libxml2 XmlParseEndTag2 Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
SHA-256 | 75e7ebd650b1e60e6dcef6ff3a77e4fabca9acf8c4b6a4677048ca098cb03520
Coppermine 1.5.40 Weak Cryptography
Posted Feb 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.

tags | exploit
SHA-256 | 953f240f9074c871c21ff81b9fda483e9b54149b0e8bf9fd3a4ae7b129905d41
Faraday 1.0.17
Posted Feb 28, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed bug in pip debian. Added support for Mint 17. Various other updates and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | 39e66690bada599a4ae01e4a8c83e8d541446b05d8b678ead86e25c098cb864b
Proxmox VE 3 / 4 XSS / Privilege Escalation / Code Execution
Posted Feb 27, 2016
Authored by Nicolas Chatelain

Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | 377a4d6e4e3f59329037f6605c912134206657cbddc009f577acf4a0c93a7e43
Ubuntu Security Notice USN-2908-5
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-5 - USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
SHA-256 | 5e10ec647672807200c174c55a66cdcc9b1b8e1775c7a5dfb35815b6935f9d01
Ubuntu Security Notice USN-2909-2
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2909-2 - USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 14.10 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
SHA-256 | 3c3d759a7baed04064d8e1a5aaf0a6c656497f00d2b9bbda49970b61d924499e
Ubuntu Security Notice USN-2910-2
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2910-2 - USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576
SHA-256 | 1c5860f7d5e5f701a0618aa045b06de9bedc1bdeb2417d42f72a17ed4039636b
Gentoo Linux Security Advisory 201602-03
Posted Feb 27, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-3 - Multiple vulnerabilities have been found in libwmf allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.2.8.4-r6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696
SHA-256 | 7fb0b176af2fec4f40b8fe3b3185e69185aa1e07347c160419d8b2bf521e8430
Ubuntu Security Notice USN-2908-4
Posted Feb 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2908-4 - USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4312, CVE-2015-8785, CVE-2016-1575, CVE-2016-1576, CVE-2016-2069
SHA-256 | 2ae3612b5f8c1f000a29250f123157f70e9d98b5ff013458912d9c9b43f07b03
Apple Security Advisory 2016-02-25-1
Posted Feb 26, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2012-6685, CVE-2014-0191, CVE-2014-3660, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3759
SHA-256 | bf6f4fe66d502f5d2cfe52364aee2616a8b6313109616db2da1627ad5a4b40a6
WordPress WP Ultimate Exporter 1.0 / 1.1 SQL Injection
Posted Feb 26, 2016
Authored by Henri Salo

WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 16a39c93c4c118309bb6382bf258c1c0fa954639322ef7c55a3a052d1c3848af
Centreon 2.5.3 Code Execution
Posted Feb 26, 2016
Authored by Nicolas Chatelain

Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 3c4451947909782cb24cf03b689934f5d565641465aa23686ec6df8df29ff586
Debian Security Advisory 3492-1
Posted Feb 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3492-1 - Daniel Gultsch discovered in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.

tags | advisory, spoof
systems | linux, debian
advisories | CVE-2015-8688
SHA-256 | 6458ae433eb2d65cf2336d02a0482c8bb4abd3984d7aca3b17a9f73a7114422b
Red Hat Security Advisory 2016-0297-01
Posted Feb 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0297-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0.

tags | advisory
systems | linux, redhat
SHA-256 | 904c22b05f19c5f99c4de16fbb194e475d9a3ddc6e10364eda2ee73976d76874
Debian Security Advisory 3493-1
Posted Feb 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-0729
SHA-256 | 65b274c933d90cefe3382f57ce846303ac98c8a5232db435954e456e7b506eac
Infor CRM 8.2.0.1136 Cross Site Scripting
Posted Feb 26, 2016
Authored by LiquidWorm | Site zeroscience.mk

Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b48e22c74e47621c31af3403d86e083a3f1abc5563fc2dfe8d627d1b581db34c
Zimbra 8.0.9 GA Cross Site Request Forgery
Posted Feb 26, 2016
Authored by Damien Cauquil, Anthony Laou-Hine Tsuei

Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0da0fe882cf7354bdf4be9e8dafb2bb44b40c75b431e52698d358584cb94db05
HP Security Bulletin HPSBGN03549 1
Posted Feb 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 5c0bafbdb117854cb467fe44692de91315ec03062242458e577de6b74ec77e61
Htcap Analysis Tool Beta 1.0
Posted Feb 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: Major code rewrite and many features were added.
tags | tool, web, javascript, sniffer, python
SHA-256 | e1b46b0ad4d6efc49d1a685645e3212963cbee25ea12b9f3f64dee6c50699a17
Cygwin DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Cygwin suffers suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 24171614c6478bf8aec76c25acdb2fc75fc734452867fb86432651acd0df8e10
D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
Posted Feb 26, 2016
Authored by Dominic Chen

Various D-Link and Netgear devices that make use of the FIRMADYNE framework suffer from command injection, buffer overflow, and authentication bypass vulnerabilities.

tags | advisory, overflow, vulnerability, info disclosure
advisories | CVE-2016-1555, CVE-2016-1557, CVE-2016-1558, CVE-2016-1559
SHA-256 | e1f65451595116919451f722284040e48ed00ae6e1c4227dd28831ce50e8f637
Google Chrome Cleanup Tool DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Google's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | e2bde11264a28f5ba73ff12c3c7437fc0631264903401454d76b59f90187c3bd
GIMP For Windows DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

GIMP for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | ac97dc5b648db74d6ed97b0c86498de3904d37cb7b8d8c613ef2aa9e05f1cefe
Page 1 of 19
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close