all things security
Showing 26 - 50 of 339 RSS Feed

Files Date: 2016-12-01 to 2016-12-31

Joomla! Blog Calendar SQL Injection
Posted Dec 26, 2016
Authored by X-Cisadane

Joomla! Blog Calendar versions prior to 1.2.5 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a85de579743a212eeb4a49d5fcfdb46d
Android get_user/put_user Exploit
Posted Dec 26, 2016
Authored by timwr, fi01, cubeundcube | Site metasploit.com

This Metasploit module exploits a missing check in the get_user and put_user API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commit_creds and ptmx_fops address, then uses the write primitive to execute shellcode as uid 0. The exploit was first discovered in the wild in the vroot rooting application.

tags | exploit, kernel, root, shellcode
systems | linux
advisories | CVE-2013-6282
MD5 | 6ac7470332daea5b3fb0c0b2de23f30c
Debian Security Advisory 3746-1
Posted Dec 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3746-1 - Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-8808, CVE-2016-2317, CVE-2016-2318, CVE-2016-3714, CVE-2016-3715, CVE-2016-5118, CVE-2016-5240, CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830
MD5 | e18edb4e1225c8bff78c54e2211a3f23
FTPShell Server 6.36 Denial Of Service
Posted Dec 26, 2016
Authored by sultan albalawi

FTPShell Server version 6.36 .csv local denial of service vulnerability.

tags | exploit, denial of service, local
MD5 | 5b356fbd5c4fed25460f128637fdd40f
Slackware Security Advisory - expat Updates
Posted Dec 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300
MD5 | 1870303524d6e5321fbea1b5cad1fdd2
Slackware Security Advisory - openssh Updates
Posted Dec 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
MD5 | b808cbcd3fb6f15ac5b37fa258c3bdf6
Slackware Security Advisory - httpd Updates
Posted Dec 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740, CVE-2016-8743
MD5 | ca47561858ce857f48179e38c7538ee3
XAMPP Control Panel Denial Of Service
Posted Dec 24, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XAMPP Control Panel suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 51f7cca4873cac28f767803b148c81e7
Gentoo Linux Security Advisory 201612-47
Posted Dec 24, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-47 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 4.2.11 are affected.

tags | advisory, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
MD5 | 5d0bbf9be3b6a8b8128b3fdfd0cf42f5
Gentoo Linux Security Advisory 201612-46
Posted Dec 24, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-46 - Multiple vulnerabilities have been found in Xerces-C++, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 3.1.4-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0729, CVE-2016-2099
MD5 | 2ac6a97dc43f61addcdd345a1c69f6da
Gentoo Linux Security Advisory 201612-45
Posted Dec 24, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-45 - Multiple vulnerabilities were found in Tor, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 0.2.8.9 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-8860
MD5 | 642bc67c2a1504777733c1d3bebbec01
Gentoo Linux Security Advisory 201612-44
Posted Dec 24, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-44 - A vulnerability in Roundcube could potentially lead to arbitrary code execution. Versions less than 1.2.3 are affected.

tags | advisory, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2016-9920
MD5 | 7423da9307829f0dbb00e45e271e25a7
Debian Security Advisory 3744-1
Posted Dec 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3744-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-4658, CVE-2016-5131
MD5 | 8b6903f8448540d157a8018b2b4e7d76
CIntruder 0.3 CAPTCHA Bypass
Posted Dec 24, 2016
Authored by psy | Site cintruder.03c8.net

CIntruder is an automatic pentesting tool to bypass CAPTCHA.

Changes: Tool now has a web user interface (GUI). Single command tool update functionality added.
tags | tool, cracker
systems | unix
MD5 | b61976ef6ef0dfd0b455174e193121dc
Apache mod_session_crypt 2.5 Padding Oracle
Posted Dec 23, 2016
Site redteam-pentesting.de

Apache mod_session_crypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability.

tags | exploit
advisories | CVE-2016-0736
MD5 | 0498842b115e690715efc7725c240fdb
ASP.NET Core 5-RC1 HTTP Header Injection
Posted Dec 23, 2016
Authored by Reto Schadler

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.

tags | exploit, web, asp
MD5 | 28fbb855c6805f6d739cc89ce38fed04
OpenSSH Local Privilege Escalation
Posted Dec 23, 2016
Authored by Jann Horn, Google Security Research

OpenSSH can forward TCP sockets and UNIX domain sockets. If privilege separation is disabled, then on the server side, the forwarding is handled by a child of sshd that has root privileges. For TCP server sockets, sshd explicitly checks whether an attempt is made to bind to a low port (below IPPORT_RESERVED) and, if so, requires the client to authenticate as root. However, for UNIX domain sockets, no such security measures are implemented. This means that, using "ssh -L", an attacker who is permitted to log in as a normal user over SSH can effectively connect to non-abstract unix domain sockets with root privileges. On systems that run systemd, this can for example be exploited by asking systemd to add an LD_PRELOAD environment variable for all following daemon launches and then asking it to restart cron or so. The attached exploit demonstrates this - if it is executed on a system with systemd where the user is allowed to ssh to his own account and where privsep is disabled, it yields a root shell.

tags | exploit, shell, root, tcp
systems | unix
advisories | CVE-2016-10010
MD5 | b93e78906a304aa126934a6c44a6999b
OpenSSH Arbitrary Library Loading
Posted Dec 23, 2016
Authored by Jann Horn, Google Security Research

The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSH_AGENTC_ADD_SMARTCARD_KEY and SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED if OpenSSH was compiled with the ENABLE_PKCS11 flag (normally enabled) and the agent isn't locked. For these commands, the client has to specify a provider name. Th e agent passes this provider name to a subprocess (via ssh-agent.c:process_add_smartcard_key -> ssh-pkcs11-client.c:pkcs11_add_provider -> ssh-pkcs11-client.c:s end_msg), and the subprocess receives it and passes it to dlopen() (via ssh-pkcs 11-helper.c:process -> ssh-pkcs11-helper.c:process_add -> ssh-pkcs11.c:pkcs11_ad d_provider -> dlopen). No checks are performed on the provider name, apart from testing whether that provider is already loaded. This means that, if a user connects to a malicious SSH server with agent forwarding enabled and the malicious server has the ability to place a file with attacker-controlled contents in the victim's filesystem, the SSH server can execute code on the user's machine.

tags | exploit
advisories | CVE-2016-10009
MD5 | ab582fb557accdc7aabfd60bc38dfed3
Nidesoft MP3 Converter 2.6.18 DLL Hijacking
Posted Dec 23, 2016
Authored by ZwX

Nidesoft MP3 Converter version 2.6.18 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 4afcabd69561fe5e376de529fd0f0a22
Red Hat Security Advisory 2016-2994-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2994-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2016-9579
MD5 | 5f9589fd048e670ef72aa363144c4d60
Red Hat Security Advisory 2016-2995-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2995-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2016-9579
MD5 | 700cf359dcf2bfd33283a64af37eeeba
Red Hat Security Advisory 2016-2998-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2998-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 will be retired as of December 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 AMC after December 31, 2017.

tags | advisory
systems | linux, redhat
MD5 | afeb1ced0663fb3522d69e58ce674818
Red Hat Security Advisory 2016-2996-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2996-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Life Cycle Support for Red Hat Enterprise Linux 4 will be retired as of March 31, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or Urgent priority bug fixes, for Red Hat Enterprise Linux 4 ELS after March 31, 2017.

tags | advisory
systems | linux, redhat
MD5 | 06c7f8c659f917f14a076f033d77c2f6
Red Hat Security Advisory 2016-2997-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2997-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11. On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content.

tags | advisory
systems | linux, redhat
MD5 | c57aeb57c1642110163a3ced0ab8d0f7
Red Hat Security Advisory 2016-2991-01
Posted Dec 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2991-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-5162
MD5 | 146dcb1a58b3f1839c27116fd6becf3f
Page 2 of 14
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close