The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
5e40ba546c56ca9da70c21d13a2df23456f1a1ce6e65966fc09c8150d08386f0This archive contains all of the 234 exploits added to Packet Storm in June, 2016.
65c670ff496ef48d9ad7f1fde630d9c0a156ee29bb9a365516085aaa8f307064A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Versions 4.0.3.301 and below are affected.
6c6581b85754886f7bf71324c9215879a17f5cce30ef4b37096ab2d6b6d81ffaUbuntu Security Notice 3015-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code.
e10fd246dad11166feb241b4d648306e287802ffdbc7819c5b565dcb57d21be3Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996Joomla Smartformer component version 2.4.1 suffers from a remote shell upload vulnerability.
1b4e93b6e8307844e941b5738100e3231e02e90071e189914c94886f43387028Ktools Photostore versions 4.7.5 and below suffer from a remote blind SQL injection vulnerability.
e1c064ba516e117f8148f9926109b58abaffa30ddd6ae6668dae0ecd6362f63eThe RockLoader malware tool suffers from remote shell upload and remote SQL injection vulnerabilities.
6791a3d9faefcca7817af221317b6551aea06e2523ac2d59b9090b612529dd50Phoenix Exploit Kit suffers from a remote code execution vulnerability.
1f25ff92651bd8bb32029e3adf634acf5d0f7f6e4d481eafd322a6ba7c9eb2c9Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.
8063f2fceed2ffb108fdb433edb8aa47a61a755d3a99c08fb9ab864029de4cdfDebian Linux Security Advisory 3610-1 - Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library.
1f894b4a8b46f7ea26ba4c7e1e986dae118351e027465bbd76eee0989c28c308Ubuntu Security Notice 3022-1 - It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.
8ae390a08fb00115285a78feeee55a76b9fb90b69d2d0153911e8f6d45b6f559Debian Linux Security Advisory 3608-1 - Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.
3b3ec3f622f1f01c4413241a511b9a03e1b2a5e8126b4b15ab0699876e43f2d8Debian Linux Security Advisory 3609-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.
dc0dfa37ac8428b022149f7007f8c04701baa05b455c582b2b3162c0543ee491Red Hat Security Advisory 2016-1374-01 - JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal's web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
286af024f9c96f19f6b30409bb512c0b84c72342914a566e0e893e47f30c5dafSymantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
65b13d36661ece87ba1bdd49bd3f70a0e5b540ef29bbd7ab7cc57d9d5d95b4acWordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.
9edba755da9d970478234df675d2e2057d355945224203a45b1c7c3945f3736cCuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.
c0ec4947410116d6957300d0f302ff16f00765aa7038deb88954db8885fafbdaThis code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.
d7cc976511ad7609235445cc38467f50cb436c74822e85605a700f38f803fe60Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.
90dceeedf953cb4edb51470fa645fd788318328c628cb56e0c176a1148d50f58
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed