what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-09-08 to 2016-09-09

Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Posted Sep 8, 2016
Authored by Ross Marks

Jobberbase version 2.0 suffers from code execution, open redirect, path disclosure, unrestricted file upload, and SQL injection vulnerabilities.

tags | exploit, vulnerability, code execution, xss, sql injection, info disclosure, file upload
SHA-256 | 162e2d3be6d56d24eaeeb61cc80086b8da1f49de201ee43fc427dc8fe899af9c
Zabbix 3.0.3 SQL Injection
Posted Sep 8, 2016
Authored by Zzzians

Zabbix versions 2.0 through 3.0.3 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | f77cd4a0efdd3d42737adcdbcd96a0e95d10ec5bbb8dfa0c6935115663dde1ee
LogMeIn Client 1.3.2462 (64bit) Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman, Alexander Korznikov, Viktor Minin

LogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 3e21881c146874807c984cebd32e544f21626d0eac6b98d3aac36bc0dc6ee9ac
Apple iCloud Desktop Client 5.2.1.0 Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman, Alexander Korznikov, Viktor Minin

Apple iCloud Desktop Client version 5.2.1.0 local credential memory disclosure exploit.

tags | exploit, local, info disclosure
systems | apple
SHA-256 | 0c44cf0b66aabb0dbb6c52a53759c70e0b89c7ed4ee221f04d81ac76a5721350
Dropbox Desktop Client 9.4.49 Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman

Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 0bd3a8c8f0e7d623ca6c0a93b89eafc1a6b96bf0bf1d166ca1011aeb8a251df2
Red Hat Security Advisory 2016-1841-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1841-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | d5681419a6bd02bb071fdd2545e78f0e7ac6d12b76097e714488542033b35ec4
Red Hat Security Advisory 2016-1838-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1838-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 3ace371b69c47fd489bf50fd42c891b4bb793fd02c5997d831efa3694ee002a7
Red Hat Security Advisory 2016-1840-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1840-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.2.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | 009146da6ef83ea57c9580ff5b70c9c62c89f858234db94525dd921748291cc2
Red Hat Security Advisory 2016-1839-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1839-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.1. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-0254, CVE-2016-4993, CVE-2016-5406
SHA-256 | b7ce9425d2e37013c397ddf34049c19665b0c137375f62467d70bc149db5a7fb
Red Hat Security Advisory 2016-1836-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1836-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in Kibana's logging functionality. If custom logging output was configured in Kibana, private user data could be written to the Kibana log files. A system attacker could use this data to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.

tags | advisory
systems | linux, redhat
SHA-256 | 0707fa05cbabbda32d9417ca3c7d1ad826c785569599239061545b5214dcff10
Windows x86 TCP Bind Shell Shellcode
Posted Sep 8, 2016
Authored by Roziul Hasan Khan Shifat

Microsoft Windows x86 TCP bind shell shellcode.

tags | shell, x86, tcp, shellcode
systems | windows
SHA-256 | 1d8914e0d11d5c684e8cafd0c154fe496482c07ae0339e77bbfe343834e5b835
Dashlane doOnboardingSiteStep API Cross Site Scripting
Posted Sep 8, 2016
Authored by Tavis Ormandy, Google Security Research

Dashlane suffers from a cross site scripting vulnerability in the doOnboardingSiteStep API.

tags | exploit, xss
SHA-256 | 8ae21cea6fb92d7febc9458b8ecef807dba56c0929a989b446a126174608f426
Android debuggerd Mitigation Bypass / Information Leak
Posted Sep 8, 2016
Authored by Jann Horn, Google Security Research

Android debuggerd was recently changed to drop privileges between attaching to a crashed process and dumping it to reduce its attack surface. The following issue allows that mitigation to be bypassed and also allows a privileged attacker (logcat access) to bypass userland ASLR.

tags | advisory
SHA-256 | e3b26b923b2068794d5d67acba6581a955ecd58983ca2ae7279cff6181fca069
Adobe Flash Method Calls Use-After-Free
Posted Sep 8, 2016
Authored by Google Security Research, natashenka

If a method is called on a MovieClip in Adobe Flash, and a getter is set with the name of the method, the getter will get executed during the call, and can free the MovieClip, leading to a user-after-free.

tags | exploit
advisories | CVE-2016-4231
SHA-256 | 5297ca949527a1f37c7a68df5d64c04365012ff2f457cbb7ba111a0c2dac12ee
Adobe Flash Transform.colorTranform Getter Information Leak
Posted Sep 8, 2016
Authored by Google Security Research, natashenka

There is an information leak in Adobe Flash in the Transform.colorTranform getter. If the constructor for ColorTransform is overwritten with a getter using addProperty, this getter will execute when fetching the constructor, which can then free the MovieClip containing the Tranform.

tags | exploit
advisories | CVE-2016-4232
SHA-256 | 7063d81c59980eddcec6a6549e6a9eed2656761e3a99db80b256f91f6bbbdf51
Android libutils Heap Buffer Overflow
Posted Sep 8, 2016
Authored by Google Security Research, Mark Brand

Android suffers from an inconsistency between the way that the two functions in libutils/Unicode.cpp handle invalid surrogate pairs in UTF16, resulting in a mismatch between the size calculated by utf16_to_utf8_length and the number of bytes written by utf16_to_utf8. This results in a heap buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-3861
SHA-256 | 96cc80081d5dd685082f852a3e7f67d2a383203aa882b75afb5e24b6591cb0a8
Wireshark Analyzer 2.2.0
Posted Sep 8, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | a6847e741efcba6cb9d92d464d4219917bee3ad0b8f5b0f80d4388ad2f3f1104
SugarCRM REST Unserialize PHP Code Execution
Posted Sep 8, 2016
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.

tags | exploit, arbitrary, php
SHA-256 | 9e36d98fcf465cbf54f3819f007d52be4777e317af00ae46dda8f382c44d0c0c
Red Hat Security Advisory 2016-1821-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1821-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | a1daa7d26bd9b517de4ebaef6d4ee6539c7d30d459adc3616fd1d5f50494d8cd
Red Hat Security Advisory 2016-1820-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1820-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | 1dbb7512ec7de27e0db8351cc57920e4be83a979a014fc97b97b377f755950f1
Debian Security Advisory 3661-1
Posted Sep 8, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3661-1 - It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

tags | advisory
systems | linux, debian
advisories | CVE-2016-7143
SHA-256 | a9e86f92cc14f45b8d7fcebabda47007824f43329b71e04fb31e390ae98903fc
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close