exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 375 RSS Feed

Files Date: 2016-07-01 to 2016-07-31

Red Hat Security Advisory 2016-1489-01
Posted Jul 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1489-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-4565
SHA-256 | 92f448af05fa64277d3b3307da793e54460efff59bc1c9ba1edd08af9ef18f34
Silurus Classifieds 2.0 Cross Site Scripting
Posted Jul 27, 2016
Authored by zhiwei_jiang

Silurus Classifieds version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3fd2dd44592a87fcbb159e569f3987f00637646955585331a581070ae8b20876
Huawei ISM Professional Cross Site Scripting
Posted Jul 27, 2016
Authored by zhiwei_jiang

Huawei ISM Professional suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 46902e937f7c2a0957308e0d1d356d671660c726f3aba4c8df628f882b039e67
Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (2)
Posted Jul 26, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.007 and Load Balancer Firmware <= v5.4.0.004 by exploiting a two vulnerabilities in the web administration interface. The first bug leverages a Arbitrary File Upload vulnerability to create a malicious file containing shell commands before using a second bug meant to clean up left-over core files on the device to execute them. By sending a specially crafted requests it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, arbitrary, shell, root, vulnerability, file upload
SHA-256 | c5cbb5353489330f723faa90c0811bb577e0e6462b9b934b977a12a22fc05e6e
Debian Security Advisory 3629-1
Posted Jul 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3629-1 - Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518
SHA-256 | 928596a20913fd01d3f58cfb75578feb56c3ebee5c0640ed9f639ec7fd418fa2
Bamboo Deserialization Issue
Posted Jul 26, 2016
Authored by David Black, Moritz Bechler

This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2016-5229
SHA-256 | dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4
Red Hat Security Advisory 2016-1487-01
Posted Jul 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1487-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2119
SHA-256 | 5e149d7d0af0e12329b4e2d54c27f621fef270d560e4bea0d0871820b9af36c1
Red Hat Security Advisory 2016-1486-01
Posted Jul 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1486-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2119
SHA-256 | e4d411131b152ada7bd72521ea7818502f22e7501a4ad8fa7818025ec57a02bd
Red Hat Security Advisory 2016-1485-01
Posted Jul 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1485-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 52.0.2743.82. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1705, CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137
SHA-256 | 79a0151a046d4d5d83278b6451a43ce51c7e4a3ae2044801f1685824657092b8
Red Hat Security Advisory 2016-1484-01
Posted Jul 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1484-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A stored cross-site scripting flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data.

tags | advisory, remote, web, javascript, xss
systems | linux, redhat
advisories | CVE-2016-3080, CVE-2016-3097
SHA-256 | fca385e1adee4c3355af668685e712abb94dffc828ffdb015bcc0eb5969e0c41
Red Hat Security Advisory 2016-1494-01
Posted Jul 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1494-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-2119
SHA-256 | ae73f277b2b57b9d044f50b51c1a5f666f6be797d89161738790ac2e2a367b22
Dropbox 6.4.14 DLL Hijacking
Posted Jul 26, 2016
Authored by Himanshu Mehta

Dropbox version 6.4.14 has an installer that suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | bfc55686208a6af0facb4041226b4d6d0ad4997fe3955ce1a49bfd0385b724bb
Mobius Forensic Toolkit 0.5.25
Posted Jul 26, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Many updates to the C++ and python APIs. Various other improvements.
tags | tool, python, forensics
SHA-256 | 8ea6f97365251b45ba9c6309e8b51366f74ef9536f1dad257d2ef65b930d88fa
HP Security Bulletin HPSBGN03630 1
Posted Jul 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03630 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
systems | linux, unix, solaris
advisories | CVE-2016-4373
SHA-256 | 745cf5e5dfc7c05cec2a0a06dcce95a6bd55552bd1be8b60cef63528b32d5890
Reprise License Manager "akey" Buffer Overflow
Posted Jul 26, 2016
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research have discovered a vulnerability in Reprise License Manager (RLM), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling the "akey" POST parameter related to /goform/activate_doit, which can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request. Successful exploitation of the vulnerability may allow execution of arbitrary code. Affected include Reprise License Manager versions 12.0BL2, 12.1BL2, and 12.1BL3.

tags | advisory, web, overflow, arbitrary
SHA-256 | 7a44242e9092cfe02efcb8529b1f73b1e9b385b7c89ec38c3ff1c23127ffddbb
Reprise License Manager "actserver" Buffer Overflow
Posted Jul 26, 2016
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research have discovered a vulnerability in Reprise License Manager (RLM), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling the "actserver" POST parameter related to /goform/activate_doit, which can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request. Successful exploitation of the vulnerability may allow execution of arbitrary code. Affected includes Reprise License Manager version 12.0BL2.

tags | advisory, web, overflow, arbitrary
SHA-256 | b433828c96e1b1a9650594e28bf347b845408926a31f2dc471d4d2c8904dabf6
PHP gettext 1.0.12 Code Execution
Posted Jul 26, 2016
Authored by kmkz

PHP gettext.php versions 1.0.12 and below suffer from an unauthenticated code execution vulnerability.

tags | exploit, php, code execution
SHA-256 | 43700cf546cef6f888e70c5f15da849a59dd385eb6bf40696caaa8ca6d9a4a78
Drupal CODER Module Remote Command Execution
Posted Jul 26, 2016
Authored by Mehmet Ince, Nicky Bloor | Site metasploit.com

This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php
systems | linux, ubuntu
SHA-256 | c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0
FreeBSD Security Advisory - FreeBSD-SA-16:25.bspatch
Posted Jul 25, 2016
Site security.freebsd.org

FreeBSD Security Advisory - The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.

tags | advisory, arbitrary, root
systems | freebsd
advisories | CVE-2014-9862
SHA-256 | 94be495aa94159d16c19228b849a936b7ff41d00262b82639c5ca19b61e52752
Debian Security Advisory 3628-1
Posted Jul 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3628-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.

tags | advisory, perl, vulnerability
systems | linux, debian
advisories | CVE-2016-1238, CVE-2016-6185
SHA-256 | c4d42728c93a6c069a9075ac463c45771991119363de3f80dbbd028a2e5b8945
Red Hat Security Advisory 2016-1481-01
Posted Jul 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1481-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644
SHA-256 | 45de905a4b33214eb15ef8e29ef0cb228582cc6a35bbdc52e6237786fb243718
Red Hat Security Advisory 2016-1480-01
Posted Jul 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1480-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648
SHA-256 | af590c1ca38f804e3f347f28557c1dfd19b5e1606fd497d2c76fb7c2cd5542e7
MediaCoder 0.8.43.5852 SEH Overflow
Posted Jul 25, 2016
Authored by Karn Ganeshen

MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
SHA-256 | 507cda410d7506c0efc4bf9f074328227a1db84046b8e2f802f444e4082a3f89
CoolPlayer+ Portable 2.19.6 Stack Overflow
Posted Jul 25, 2016
Authored by Karn Ganeshen

CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.

tags | exploit, overflow, shellcode
SHA-256 | 5a8e68f70a6bdf520588f514a7b7dbd81ae47a8b5523f6e4d2a654e471361eee
CodoForum 3.2.1 SQL Injection
Posted Jul 25, 2016
Authored by Yakir Wizman

CodoForum version 3.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 29e42205f5a7006437937ea15d9724892274bd3b43b9219c9606bcd2841fbcc1
Page 3 of 15
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close