Exploit the possiblities
Showing 76 - 100 of 339 RSS Feed

Files Date: 2016-12-01 to 2016-12-31

SIMATIC Manager Step7 5.5 SP1 DLL Hijacking
Posted Dec 21, 2016
Authored by Amir.ght

SIMATIC Manager Step7 version 5.5 SP1 suffers a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d93f820e446af7c8348f7f2f16a1deb8
Microsoft Internet Explorer 11 MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free
Posted Dec 21, 2016
Authored by SkyLined

Microsoft Internet Explorer 11 suffers from an MSHTML CSpliceTreeEngine::RemoveSplice use-after-free vulnerability.

tags | advisory
advisories | CVE-2014-1785
MD5 | 97e23e152aae9a63ce2a248e6efb463c
Red Hat Security Advisory 2016-2972-01
Posted Dec 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2972-01 - Vim is an updated and improved version of the vi editor. Security Fix: A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1248
MD5 | 08061c830ea120ea72b79028e4ddc7ba
Ubuntu Security Notice USN-3162-2
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3162-2 - CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-6213, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-9313, CVE-2016-9555
MD5 | a6a9494e971e706dbcde15b767dfb25a
Ubuntu Security Notice USN-3162-1
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3162-1 - CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service. It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer. An attacker in a guest virtual machine could use this to cause a denial of service in the KVM host. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-6213, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-9313, CVE-2016-9555
MD5 | 57d289ea1f6069da6a8aaa750fcfa8d5
Ubuntu Security Notice USN-3160-2
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3160-2 - USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-6213, CVE-2016-7916
MD5 | d353a5bd4769246802740ca6af13228d
Debian Security Advisory 3743-1
Posted Dec 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3743-1 - It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

tags | advisory, web, python
systems | linux, debian
advisories | CVE-2016-9964
MD5 | 23024fd9edf9fc5dddba4e7698685361
Ubuntu Security Notice USN-3160-1
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3160-1 - CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-6213, CVE-2016-7916
MD5 | 8eccdf5f504884cbe87131539552dc2b
Ubuntu Security Notice USN-3159-2
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3159-2 - It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7916
MD5 | 1b6c1d0198c0af71be3efefb0c4258ab
Ubuntu Security Notice USN-3159-1
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3159-1 - It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7916
MD5 | e7c8098765e9d84d6ea61ba0371d50ee
VMware Security Advisory 2016-0023
Posted Dec 20, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0023 - VMware ESXi updates address a cross-site scripting issue. 2. Relevant Releases VMware vSphere Hypervisor (ESXi) 3. Problem Description a. Host Client stored cross-site scripting issue The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting (XSS). The issue can be introduced by an attacker that has permission to manage virtual machines through ESXi Host Client or by tricking the vSphere administrator to import a specially crafted VM. The issue may be triggered on the system from where ESXi Host Client is used to manage the specially crafted VM.

tags | advisory, xss
advisories | CVE-2016-7463
MD5 | 6a9db0c674d184c690eb159339fcb5e8
Red Hat Security Advisory 2016-2963-01
Posted Dec 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2963-01 - Xen is a virtual machine monitor Security Fix: An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9637
MD5 | 0e07c32186636eaa671332824b81ab5f
Red Hat Security Advisory 2016-2962-01
Posted Dec 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | 5a13b7effce8dc0b1b1c2e0a9951924b
Ubuntu Security Notice USN-3161-4
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-4 - Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-8658, CVE-2016-9555, CVE-2016-9644
MD5 | 6e14161cd73c168795efc26ed7993e4a
Ubuntu Security Notice USN-3161-3
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-3 - Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-8658, CVE-2016-9178, CVE-2016-9555
MD5 | 92c03c76e3e3979d62d79b96ba3d7866
Ubuntu Security Notice USN-3161-2
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-2 - USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-9555
MD5 | a697a392e6f577c06c48638a9a7d98db
Ubuntu Security Notice USN-3161-1
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-1 - Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-9555
MD5 | 2512fbb6d503506880993f509d18ae31
RSSMON / BEAM (Red Star OS 3.0) Shellshock
Posted Dec 19, 2016
Authored by Hacker Fantastic

This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 3.0 SERVER edition.

tags | exploit
MD5 | 68d1ad9c812e9367897504e9ea2dc799
TOR Virtual Network Tunneling Tool 0.2.9.8
Posted Dec 19, 2016
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series. The Tor 0.2.9 series makes mandatory a number of security features that were formerly optional. It includes support for a new shared-randomness protocol that will form the basis for next generation hidden services, includes a single-hop hidden service mode for optimizing .onion services that don't actually want to be hidden, tries harder not to overload the directory authorities with excessive downloads, and supports a better protocol versioning scheme for improved compatibility with other implementations of the Tor protocol. And of course, there are numerous other bugfixes and improvements.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 1fb879608c5237294cb7e682e486b073
Naenara Browser 3.5 (Red Star OS 3.0) Code Execution
Posted Dec 19, 2016
Authored by Hacker Fantastic

Naenara Browser version 3.5 exploit (JACKRABBIT) that uses a known Firefox bug to obtain code execution on Red Star OS 3.0 desktop.

tags | exploit, code execution
MD5 | 8969aa3f4aaee897311aed61b1e1bf01
Ubuntu Security Notice USN-3158-1
Posted Dec 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3158-1 - Frederic Besler and others discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. Simo Sorce discovered that that Samba clients always requested a forwardable ticket when using Kerberos authentication. An attacker could use this to impersonate an authenticated user or service. Various other issues were also addressed.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2016-2123, CVE-2016-2125, CVE-2016-2126
MD5 | 04bd2a1ef4061f0e2202d8ad60f422bf
OpenSSH 7.4p1
Posted Dec 19, 2016
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | b2db2a83caf66a208bb78d6d287cdaa3
Microsoft Security Bulletin Revision Increment For December, 2016
Posted Dec 19, 2016
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
MD5 | fbb41ba2d1973503630747661b5e728a
Apport 2.x Local Code Execution
Posted Dec 19, 2016
Authored by Donncha OCearbhaill

Apport version 2.x on Ubuntu Desktop versions 12.10 up to 16.04 local code execution exploit.

tags | exploit, local, code execution
systems | linux, ubuntu
advisories | CVE-2016-9949, CVE-2016-9950, CVE-2016-9951
MD5 | e48281a4119f3d84cebddbf9176b0b2a
Chrome HTTP 1xx Out Of Bounds Read
Posted Dec 19, 2016
Authored by SkyLined

Chrome suffers from an HTTP 1xx base::String-Tokenizer-T<...>::Quick-Get-Next out of bounds read vulnerability.

tags | exploit, web
advisories | CVE-2013-6627
MD5 | 4f0cd70ae3101d4d079c98a08f6fda12
Page 4 of 14
Back23456Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close