what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 375 RSS Feed

Files Date: 2016-07-01 to 2016-07-31

OpenSSHD 7.2p2 User Enumeration
Posted Jul 21, 2016
Authored by 0_o

OpenSSHD versions 7.2p2 and below remote username enumeration exploit.

tags | exploit, remote
SHA-256 | 2f182c8354b3885f9f53dee4dfd49de6b64a388306dc36b6cf716adfc0ef8ac9
Gentoo Linux Security Advisory 201607-14
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-14 - A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2016-3096
SHA-256 | 5abe34fb3432373e7e24b84ec2f041264edc4100c25d4e25c505f3aa830b83cf
Gentoo Linux Security Advisory 201607-13
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-13 - A buffer overflow in libbsd might allow remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-2090
SHA-256 | f356293130cc41f6c5d8ce93ce7fc682a43dcb6604dc3e0f868c6dca3d2c0fc3
Gentoo Linux Security Advisory 201607-12
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2014-2972
SHA-256 | 22534b373f0d93237acf41108fb6a56ff906ad77fd8c5a9ae003dd2dc9682857
Gentoo Linux Security Advisory 201607-11
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8630
SHA-256 | 80a0902267c16233710208037b188bcd90eb15791d34baf0375c867b48579f49
Gentoo Linux Security Advisory 201607-10
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-10 - Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. Versions less than 3.0.7 are affected.

tags | advisory, remote, web, overflow
systems | linux, gentoo
advisories | CVE-2015-8852
SHA-256 | c34e7c2fcf5bec193bd0105cdbf6caa9e33b041e525c3094834b3e35b5bdb77a
Gentoo Linux Security Advisory 201607-09
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0114
SHA-256 | e796b79d0cecceb30859bf6409dd12a908bf0b6687463fd62c86692038a1b122
Gentoo Linux Security Advisory 201607-08
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-8 - A vulnerability has been found in Dropbear, which allows remote authenticated users to bypass intended shell-command restrictions. Versions less than 2016.73 are affected.

tags | advisory, remote, shell
systems | linux, gentoo
advisories | CVE-2016-3116
SHA-256 | 37c6e42ccd2e3205e832bfa112c6fd71bfd4a0029363d1e168539226fbb72a83
Red Hat Security Advisory 2016-1439-01
Posted Jul 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 317cf16ea3dbb6853842f5156d6f798a461a36ad069b855b978b49ca6e73153c
Debian Security Advisory 3623-1
Posted Jul 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3623-1 - Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, debian
advisories | CVE-2016-5387
SHA-256 | 3f0f077fa580f9c70a712a8e940ea126c15ee5ca79bb2cc5ae3afdb0dbc13ec9
Oracle Patches 27 Vulnerabilities
Posted Jul 20, 2016
Authored by David Litchfield

A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.

tags | exploit, vulnerability, xss, sql injection, xxe
advisories | CVE-2016-3448, CVE-2016-3467
SHA-256 | 1653be97a06d0c2cfb3b03919f6fc2b0e26ba7129144b78467d3acbf64b1587a
Wowza Streaming Engine 4.5.0 Cross Site Scripting
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6
Wowza Streaming Engine 4.5.0 Cleartext Sensitive Information Storage
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which is readable by local users.

tags | exploit, local
SHA-256 | 6aeb40c49c98f54885a81500ea883a8c18636e37e6a4106edc674c11c35d726c
Wowza Streaming Engine 4.5.0 Cross Site Request Forgery
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 62f01e79af598b0742b989b77d2439edfb0e0bc768e7e6c6f6a1d2e4736744c2
Wowza Streaming Engine 4.5.0 Remote Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights. Version 4.5.0 build 18676 is affected.

tags | exploit
SHA-256 | 6dff3829d868f5291d523f9273d16a035430766d14c73adc9a0bea44fd2a9c99
Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.

tags | exploit
systems | windows
SHA-256 | d540e3f2fcd68f2e6da510dff4fc2e5afbf1649659c608d2f1f24e39cb9e934c
Nmap Port Scanner 7.25BETA1
Posted Jul 19, 2016
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Nmap now ships with and uses Npcap, our new packet sniffing library for Windows. It's based on WinPcap (unmaintained for years), but uses modern Windows APIs for better performance. It also includes security improvements and many bug fixes.6 NSE scripts have been added. 98 fingerprints have been added.
tags | tool, remote, udp, scanner, tcp, protocol
systems | linux, unix
SHA-256 | 8b1eab8536e0255a2e225617dce831c3b6bf520fd5ddfc2f04a2f7663be2cb6a
WordPress Video Player 1.5.16 SQL Injection
Posted Jul 19, 2016
Authored by David Vaartjes, Yorick Koster, Securify B.V.

WordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | e466846931ce435c89ed6a17e672eaf0b4818880fd543e1016bd3f3bc4de6f26
WordPress Ninja Forms 2.9.51 Cross Site Scripting
Posted Jul 19, 2016
Authored by Han Sahin

WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7736356de45c70b551bfad1e9d2f465f4af57ee30034f6cbddf58e14110df94c
Apple Security Advisory 2016-07-18-6
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-6 - iTunes 12.4.2 for Windows is now available and addresses multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619
SHA-256 | 633c434706d646cb88f9b2500c243323908adca066d93650b3de1179c1021483
Apple Security Advisory 2016-07-18-5
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-5 - Safari 9.1.2 is now available and addresses information disclosure, spoofing, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
SHA-256 | c9e88a9ceedaa41e7c53dede660e559e035f39a544a712c1ee2fa29d95684de7
Apple Security Advisory 2016-07-18-4
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-4 - tvOS 9.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2016-1684, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4591, CVE-2016-4592, CVE-2016-4594, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4622
SHA-256 | 4a9bc32a7d4706ab17452ff64199e021359d694515d28902f836d1e4f0ed5d85
Objective Systems Inc. ASN1C For C/C++ Heap Memory Corruption
Posted Jul 19, 2016
Authored by Lucas Molas

A heap memory corruption vulnerability exists in the ASN.1 parsing code generated by Objective Systems Inc. ASN1C compiler for C/C++.

tags | advisory
advisories | CVE-2016-5080
SHA-256 | 7b43a417029a6660a52e541cea51ce69f3ace470ef73b37b87d6e6718bb3e958
WordPress Icegram 1.9.18 Cross Site Request Forgery
Posted Jul 19, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Icegram plugin version 1.9.18 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 34497fd583aa9c4a2d176e260fdb464996bceb614b526b50b668962c1bc2887a
Apple Security Advisory 2016-07-18-3
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-3 - watchOS 2.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4626, CVE-2016-4627, CVE-2016-4628, CVE-2016-4631, CVE-2016-4632, CVE-2016-4637
SHA-256 | a5e03cf377eb22ba61d0ea650f262c33428093e57329215b0a10d4bd3248e047
Page 6 of 15
Back45678Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close