what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-11-30 to 2016-11-30

PDF Shaper Buffer Overflow
Posted Nov 30, 2016
Authored by metacom | Site metasploit.com

PDF Shaper is prone to a security vulnerability when processing PDF files. The vulnerability appear when we use Convert PDF to Image and use a specially crafted PDF file. This Metasploit module has been tested successfully on Win Xp, Win 7, Win 8, Win 10.

tags | exploit
SHA-256 | 532694bd13e7b2f1c5f5de642204ad78bd9869bdcf6309f2f674565cf0afddfb
Kernel Live Patch Security Notice LSN-0013-1
Posted Nov 30, 2016
Authored by Luis Henriques

Ondrej Kozina discovered that the keyring interface in the Linux kernel contained a buffer overflow when displaying timeout events via the /proc/keys interface. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered a use-after-free vulnerability during error processing in the recvmmsg(2) implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other kernel vulnerabilities were also discovered and addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-7042, CVE-2016-7117, CVE-2016-7425, CVE-2016-8658
SHA-256 | 5eae3cc7ae9949b636e16234a44d66f6ecfbbb7d410b77b7636cc74cb28cfc31
e107 2.1.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 30, 2016
Authored by Tim Herres | Site foxmole.com

e107 version 2.1.2 suffers from cross site request forgery, static cookie, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b32c05086a213fca01edfc373b8530f3528091ef5a8ba0807216cf309f76cb44
X5 Webserver 5.0 Remote Denial Of Service
Posted Nov 30, 2016
Authored by Stefan Petrushevski | Site zeroscience.mk

X5 Webserver version 5.0 suffers from a null pointer dereference denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 20e86a4799ce0f3a93471b800f54e6319f7f2f9543076dd201a6ac354599f983
Ubuntu Security Notice USN-3142-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3142-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556
SHA-256 | 9fd88cf3758a9382f580962fbc9dc3eed2c9e6ab3625d2bfab08579dea19cc5d
Ubuntu Security Notice USN-3143-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3143-1 - Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5180
SHA-256 | fd4c712ebea3609f12d8d0e74b0732444f1f40626f07b8895e89025af4f6bdb3
HP Security Bulletin HPSBHF03682 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03682 1 - A security vulnerability in the Linux kernel could potentially impact HPE Comware 7 network products. The vulnerability could be exploited locally to gain privileged access. Revision 1 of this advisory.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-5195
SHA-256 | 5ace745e7feeb86db5d7075ad2a92195f1a6aacff28d5f99cf61129d804628cd
Red Hat Security Advisory 2016-2837-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2837-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0. After February 28, 2017, technical support through Red Hatas Global Support Services will no longer be provided.

tags | advisory
systems | linux, redhat
SHA-256 | bc6585a3c5618b7a47efd451a541b6c98520e320333b203998a827f62175823a
Ubuntu Security Notice USN-3147-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3147-1 - Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425
SHA-256 | 24c2633893f05bc0f748cbbe00340693c9d2ef8d8ccaae283c9f5eb4d49199e9
Ubuntu Security Notice USN-3146-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-2 - USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
SHA-256 | f19373773609e5f45ffaa3056bccfff36fc9074e721afb3c23140514cba33613
Ubuntu Security Notice USN-3146-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-1 - It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
SHA-256 | 866d7bda3219cca441808b8427f774eec5e84f72709d3a29611f6b9bc47b4ee1
Ubuntu Security Notice USN-3145-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-2 - USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
SHA-256 | 2d4e1867096ccba98da932b775e03c4b91aee4f7258ab10f399832c6c0bcc5e2
Ubuntu Security Notice USN-3145-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3145-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges. Daxing Guo discovered a stack-based buffer overflow in the Broadcom IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425, CVE-2016-8658
SHA-256 | e9d32953ccbbf124bab9efb2bc7409afdac81d72acd4c30be579d590fcba2667
Ubuntu Security Notice USN-3144-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-1 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
SHA-256 | 476ef8a28c6c02f72f961436a2b3a5da7959fc2c2ee0e02adb1a04c3acaa5438
Ubuntu Security Notice USN-3144-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3144-2 - Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service or possibly gain privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7425
SHA-256 | 57f22d8aae31f684b79828e929a4b5dc7a2522b4c17d2a7d6a082b4bafe09a7c
Red Hat Security Advisory 2016-2839-01
Posted Nov 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2839-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2016-5402
SHA-256 | d9718f61734342769a0127149f824e770233555d6fa898c9d7302f5fe72a836d
HP Security Bulletin HPSBGN03677 1
Posted Nov 30, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03677 1 - Potential security vulnerabilities in RPCServlet and Java deserialization were addressed by HPE Network Automation. The vulnerabilities could be remotely exploited to allow code execution. Revision 1 of this advisory.

tags | advisory, java, vulnerability, code execution
advisories | CVE-2016-8511
SHA-256 | 3defcc454c7e4050b2e9b10207b13b98ca9f6f8e907b1fbd4d176da15c39317c
ntpd 4.2.8 Stack Overflow Proof Of Concept
Posted Nov 30, 2016
Authored by N_A

Remote ntpd version 4.2.8 stack overflow proof of concept exploit.

tags | exploit, remote, overflow, proof of concept
SHA-256 | d236563023f74672a9096c635e4f48e9f46e8f7d2d35e973eaa6881d3a7148eb
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close