what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2016-11-02 to 2016-11-03

Ubuntu Security Notice USN-3120-1
Posted Nov 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3120-1 - Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
SHA-256 | c72d8526a3a63a8705d154bfa0fc4e191132c3fa4b076a2b2890e35073672ee8
SweetRice 1.5.1 Local File Inclusion
Posted Nov 2, 2016
Authored by Ehsan Hosseini

SweetRice version 1.5.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 88b2e9b807e6b3fb469cdf98b022ad6ccc0d8005acdd320eecc5391780b6e667
Red Hat Security Advisory 2016-2141-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2141-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
SHA-256 | fcf034db5afe4b2532e037b2bbe28962811acb85b36e3ccd0f783f550b9a0335
Red Hat Security Advisory 2016-2142-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2142-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
SHA-256 | ea4b6e74a7dd32e33c0486fff0c7930316e221932fd6ec7f09662a1913b54cb1
SweetRice 1.5.1 Cross Site Request Forgery
Posted Nov 2, 2016
Authored by Ashiyane Digital Security Team

SweetRice version 1.5.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | dc3334cb55b93f8cbcc56e283ba7660aa6a9a7eaefcc039650cf93728a4a4009
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20161024
Posted Nov 2, 2016
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Tor was updated to 0.2.8.9 and the kernel was bumped to linux-4.7.9+. Gentoo's hardened-patches-4.7.9-1.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 0760907d7e52413e2ad65dcd8a848ea9a0a7a64b449040e0274577f2c2e19f0b
MySQL / MariaDB / PerconaDB Root Privilege Escalation
Posted Nov 2, 2016
Authored by Dawid Golunski

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.

tags | exploit, root
advisories | CVE-2016-6664
SHA-256 | ee10c5cd536b7cd793ebaa9a73ff8ae60ef21aeb38f837d26de4bd6c0456a67a
Citrix Receiver / Receiver Desktop Lock 4.5 Authentication Bypass
Posted Nov 2, 2016
Authored by Rithwik Jayasimha

Citrix Receiver / Receiver Desktop Lock version 4.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | b5b665b62d8bd65c8349df73d7cef8a91bd89e880eac933239beacebb88b38bd
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
SHA-256 | 15c73504476ef61ce3f78973018cb8b2513108fb8a4f815dca1ef6a0da27f672
Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8581
SHA-256 | 373697a8bc5814e72590ca5c5ffda41e105c91a84d2e74b0d4e25fb2659889b6
Alienvault OSSIM/USM 5.3.1 SQL Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-8582
SHA-256 | 30fc087a9e2c28203acf4fa8bf0c93d8dbf91426b95c05cb6c56d71080f5ecdc
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8583
SHA-256 | 67edb0c1f8dc320c504c4dc2955487eacc3b39dcbb0d2dd72fa7e4322b63bd3e
Exponent CMS 2.3.9 SQL Injection
Posted Nov 2, 2016
Authored by Obfuscator

Exponent CMS versions 2.3.9 and below suffer from multiple remote SQL injection vulnerabilities. Updates have been released to address these identified issues.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2016-7780, CVE-2016-7781, CVE-2016-7782, CVE-2016-7783, CVE-2016-7784, CVE-2016-7788, CVE-2016-7789, CVE-2016-9019, CVE-2016-9020, CVE-2016-9087
SHA-256 | 4614da0d1efe21e2944196b5c2147b709215dcc7f68b43e174b80dcd9f9987bb
Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free
Posted Nov 2, 2016
Authored by SkyLined

Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an "image context" structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next "draw". However, the code continues to use the freed context almost immediately after it is freed.

tags | exploit
SHA-256 | 7c3474c2032d42f936d3ff0e59c7c8ce6f77233bc469225fdf7ba7bf031ca859
Ubuntu Security Notice USN-3113-1
Posted Nov 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3113-1 - It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-1586, CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5192, CVE-2016-5194
SHA-256 | a37a2990cf3e52c06cf1b228e9f51c63c9a45eeea4c40de893b1180f73ffadec
Red Hat Security Advisory 2016-2137-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2137-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
SHA-256 | 27b8594bf77ecba0626ec8d2d2489ed4492089d6134c31d9bf7080f3c067a709
Red Hat Security Advisory 2016-2138-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2138-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
SHA-256 | 6e4918b269153f78278adde7b83154620fa364657008de01c477055665f727d3
Red Hat Security Advisory 2016-2136-01
Posted Nov 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2136-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597
SHA-256 | dd9434b1f9d154f26decdb8fd9a286b51eec459d030df0251f2942b0086ff1a6
Mini Notice Board 1.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by N_A

Mini Notice Board version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6957122e160064e990994cd6762ffd1560fc73ef872a0ee5113dca59d2eee010
Mini Notice Board 1.1 SQL Injection
Posted Nov 2, 2016
Authored by N_A

Mini Notice Board version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a1bf3d7008d9b0fbb3e64a012d2991efbe328a7beb16aad18b1eb41165e47865
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
Posted Nov 2, 2016
Authored by Dawid Golunski

An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').

tags | exploit, arbitrary, local
advisories | CVE-2016-6663
SHA-256 | 01f753f3d94e735ce76518cc2e604e919a99e02cf0b9361221ae6463f8e2aed2
Caph 1.1 Local Denial Of Service
Posted Nov 2, 2016
Authored by N_A

Caph version 1.1 suffers from a local buffer overflow vulnerability that can cause a denial of service.

tags | exploit, denial of service, overflow, local
SHA-256 | c2d87810cbcbd69013c820d24ff1b8f38ad42ce2cd5e927d7bbdde20223de6d6
PCMan FTP Server 2.0.7 UMASK Buffer Overflow
Posted Nov 2, 2016
Authored by Eagleblack

PCMan FTP server version 2.0.7 suffers from a UMASK command related buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 722529aeb4544b71b6b16032a5337a05020d806734bc9cfc571be326ebcc7870
FreeFloat FTP Server 1.0 RENAME Buffer Overflow
Posted Nov 2, 2016
Authored by Eagleblack

FreeFloat FTP server version 1.0 suffers from a RENAME command related buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 06d6fe0ce12ca38a4bd0c47b5855cf1baeaafddae21c072ba66d602ec0c3a525
Freefloat FTP Server 1.0 DIR Buffer Overflow
Posted Nov 2, 2016
Authored by Greg Priest

Freefloat FTP server version 1.0 suffers from a DIR command buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | fc88322bea12ba1929f4fcf9a2fc4501d83cfe860127d5dcd1c43f99fa6a940b
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close