exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-08-25 to 2016-08-26

Apple Security Advisory 2016-08-25-1
Posted Aug 25, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
MD5 | 07f40793541dc1268d62637545c5a37b
JD Edwards 9.1 EnterpriseOne Server Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0424
MD5 | 9cbe6d324fe414e808dcf607ae6201f5
Hacking Soft Tokens - Advanced Reverse Engineering On Android
Posted Aug 25, 2016
Authored by Bernhard Mueller

Traditional hardware 2FA tokens are increasingly being replaced by "soft" tokens – software OTP generators packaged into regular smartphone apps that run on iOS or Android. This is more convenient for users but also exposes the tokens to attacks by mobile malware and manual attacks. To compensate for these risks, many software token vendor apply a combination of obfuscation, anti-tampering, and cryptography. The question is, how effective are these measures in protecting the users' data? In this paper, the author shows different kinds of attacks that can be used to reverse engineer OTP algorithms and extract the stored secrets. Techniques range from classical static and dynamic analysis to custom kernel sandboxes and full-system emulation. The author demonstrates proof-of-concept exploits for current soft tokens of major vendors, and explain methods of assessing the effectiveness of a given set of obfuscation.

tags | paper
MD5 | a9db1a7fe90c1cb8eb650f278285bd57
JD Edwards 9.1 EnterpriseOne Server Create Users
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

Unauthenticated attackers could create users in the JD Edwards 9.1 EnterpriseOne Server Manager, ultimately compromising the whole JDE landscape hence all of its information and processes.

tags | advisory
advisories | CVE-2016-0420
MD5 | 0922890e944e8216e1f60dcee586c3fb
Ubuntu Security Notice USN-3069-1
Posted Aug 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3069-1 - It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6855
MD5 | 309ddf16d63e4acb02b26de0e31b1b1b
FreePBX 13.0.35 Remote Code Execution
Posted Aug 25, 2016
Authored by Ahmed Sultan

FreePBX version 13.0.35 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | e3dbeca6f9c10ffe4f3770bc6392da82
JD Edwards 9.1 EnterpriseOne Server JDENet Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability in JDENET.

tags | advisory
advisories | CVE-2016-0422
MD5 | 69fa010562e4c831a8d9cb840938e402
JD Edwards 9.1 EnterpriseOne Server JDENET Denial Of Service
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a JDENET function denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2016-0423
MD5 | fb180e7b732cdec7848a07c238bf1e90
JD Edwards 9.1 EnterpriseOne Server Manager Shutdown
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a shutdown vulnerability.

tags | advisory
advisories | CVE-2016-0421
MD5 | 1243df18e3963e319039544a9868ae27
JD Edwards 9.1 EnterpriseOne Server Password Disclosure
Posted Aug 25, 2016
Authored by Fernando Russ, Matias Mevied | Site onapsis.com

JD Edwards 9.1 EnterpriseOne Server suffers from a password disclosure vulnerability.

tags | advisory
advisories | CVE-2016-0425
MD5 | b24fdca83977b39ea768ef46ae26593e
Micro Focus GroupWise Cross Site Scripting / Overflows
Posted Aug 25, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.

tags | exploit, overflow, vulnerability, xss
advisories | CVE-2016-5760, CVE-2016-5761, CVE-2016-5762
MD5 | 6b54a385df31372c3fbf7bd670761a24
WebKitGTK+ SOP Bypass / Information Disclosure
Posted Aug 25, 2016
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from same-origin bypass, information disclosure, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
MD5 | 1372e353266255ad9c50b04c6e5178ae
Dotclear 2.9.1 SSRF / XSPA
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 allows authenticated users to leverage the RSS import functionality to scan ports of the internal network.

tags | exploit
MD5 | ca01bf2b744a7e452d33ec9fcbe0f8db
Dotclear 2.9.1 Shell Upload
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, bypass
MD5 | 0dc55b44729f1bf8db31a659479c8849
Dotclear 2.9.1 Directory Download
Posted Aug 25, 2016
Authored by Wiswat Aswamenakul

Dotclear version 2.9.1 suffers from a directory download vulnerability.

tags | exploit
MD5 | 590710f6db16300c971def486af49043
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    3 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close