Exploit the possiblities
Showing 51 - 75 of 506 RSS Feed

Files Date: 2016-11-01 to 2016-11-30

Debian Security Advisory 3723-1
Posted Nov 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3723-1 - Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-9634, CVE-2016-9635, CVE-2016-9636
MD5 | 41b2db800799c9e0b3ed07575dd8bda8
Debian Security Advisory 3724-1
Posted Nov 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3724-1 - Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-9634, CVE-2016-9635, CVE-2016-9636
MD5 | 7ed822789560e98d9da03a45c84ff9a9
WordPress Image Gallery 1.9.65 Cross Site Scripting
Posted Nov 24, 2016
Authored by Securify B.V., Sipke Mellema

WordPress Image Gallery plugin version 1.9.65 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0348155d964562c5432c19dd743820e2
Ubuntu Security Notice USN-3137-1
Posted Nov 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3137-1 - It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-7146, CVE-2016-7148, CVE-2016-9119
MD5 | 39e0c8b5e9eb6b9021551128abbbd9c6
Ubuntu Security Notice USN-3136-1
Posted Nov 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3136-1 - Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-8649
MD5 | 1a876aed0a9b212ff6c0b1214c2a8d42
Docker 1.11.2 Forged VXLAN Packet Service Detection
Posted Nov 24, 2016
Authored by Francesco Tornieri

Docker versions 1.11.2 and below suffer from an issue where a forged VXLAN packet can be leveraged to scan services that are not exposed.

tags | exploit
MD5 | 3edaf1d6e16dbbc9e2f5a098e54e62bd
GNU Wget Access List Bypass / Race Condition
Posted Nov 24, 2016
Authored by Dawid Golunski

GNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution, etc.

tags | exploit, remote, vulnerability, code execution, bypass
advisories | CVE-2016-7098
MD5 | 3a7f82b9aec2e988d5b1a8143090c82b
HP Security Bulletin HPSBHF03673 1
Posted Nov 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, spoof, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
MD5 | 274750d1408fd79a1bcf6394e3ad6046
Red Hat JBoss EAP 5.2.x Untrusted Data Deserialization
Posted Nov 24, 2016
Authored by Maurizio Agazzini, Federico Dotta

JBoss EAP's JMX Invoker Servlet is exposed by default on port 8080/TCP. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects without checking the object type. This behavior can be exploited to cause a denial of service and potentially execute arbitrary code.

tags | exploit, java, web, denial of service, arbitrary, tcp
advisories | CVE-2016-7065
MD5 | eaea199662dd8fa71b42b12d170d351d
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
Posted Nov 24, 2016
Authored by Gerhard Klostermeier

SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.

tags | advisory
MD5 | 1e8305e16302deb63edb52838d0c7462
Blaupunkt Smart GSM Alarm SA 2500 Kit 1.0 Replay Attacks
Posted Nov 24, 2016
Authored by Matthias Deeg

Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.

tags | advisory
MD5 | eed744c98c76ab47d78d565ccfbc9dce
M2B GSM Wireless Alarm System Replay Attacks
Posted Nov 24, 2016
Authored by Gerhard Klostermeier

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.

tags | advisory
MD5 | a3a3c861fb87e50b2b55f27ad648bf87
M2B GSM Wireless Alarm System Brute Force Issue
Posted Nov 24, 2016
Authored by Gerhard Klostermeier

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.

tags | advisory
MD5 | 986c6dfe8cf2a30966c91003e6ec3f37
VMware Security Advisory 2016-0022
Posted Nov 24, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0022 - VMware vCenter Server, vSphere Client, and vRealize Automation updates address information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-7458, CVE-2016-7459, CVE-2016-7460
MD5 | 476130603dba190123ac984ecc43f84c
UCanCode Remote Code Execution / Denial Of Service
Posted Nov 24, 2016
Authored by shinnai

UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.

tags | exploit, remote, denial of service, vulnerability, code execution, activex
MD5 | a65bb98b56e177de39cb68a5ca7eaebb
VMware Security Advisory 2016-0021
Posted Nov 24, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0021 - VMware product updates address partial information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-5334
MD5 | 2bc5a26c205bfce3254bf00a5eca524b
Blue Team Training Toolkit (BT3) 2.1
Posted Nov 23, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New Mocksum module added, improved Maligno HTTP method support, minor adjustments.
tags | tool, python
systems | unix
MD5 | 4e79eb042eb823afaf5a229f2344c8fe
FireHOL 3.0.2
Posted Nov 23, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Fixed transparent_proxy IPV6 output. Added manual page for cthelper. Added connlimit to blacklist and iptrap. Added stateful option to blacklist. Various other updates and improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 1f24ed2af728ba73cdf9e51337f2d43b
Linux Kernel 4.6.3 Netfilter Privilege Escalation
Posted Nov 23, 2016
Authored by h00die, vnik | Site metasploit.com

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2016-4997
MD5 | 3749f597d7dba9ade2186bcc9aef3668
Linux Kernel 2.6.x pipe.c Privilege Escalation
Posted Nov 23, 2016
Authored by Spender

Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2009-3547
MD5 | 7cd715daa187357bd1edf4c0cb587cbc
Linux Kernel 2.6.32-rc1 x86_64 Register Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.

tags | exploit, kernel, proof of concept
systems | linux
MD5 | d243180fe92ea99f0ca63f222c678db2
Linux Kernel 2.6.18 move_pages() Information Leak
Posted Nov 23, 2016
Authored by Spender

Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.

tags | exploit, kernel, info disclosure
systems | linux
advisories | CVE-2010-0415
MD5 | 78ca6c1797fc7d2f33407cc5cf28ac5b
Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
MD5 | aef9f3339073a9ee80368ab5ac42e3e2
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
MD5 | f93defe9672b26e5f08c198f16c16202
Chrome Blink SpeechRecognitionController Use-After-Free
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2015-1251
MD5 | 58cecd42033cec65bf344dd36af29db5
Page 3 of 21
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close