Exploit the possiblities
Showing 51 - 75 of 495 RSS Feed

Files Date: 2017-01-01 to 2017-01-31

Polycom VVX Web Interface Privilege Escalation
Posted Jan 27, 2017
Authored by Mike Brown

The Polycom VVX web interface allows a user to change an admin's password.

tags | exploit, web
MD5 | 1563d8da06bd82f3cb24ff0bd68ad038
Autodesk Backburner Manager 3 Denial Of Service
Posted Jan 27, 2017
Authored by b0nd

Autodesk Backburner Manager 3 versions prior to 2016.0.0.2150 suffers from a null dereference denial of service vulnerability.

tags | exploit, denial of service
MD5 | 87367d7db3cd32fea6e1f81d7f47ce02
Haraka Remote Command Execution
Posted Jan 27, 2017
Authored by xychix

Haraka versions prior to 2.8.9 suffer from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 0b8d743e059272b760c695eb60a0671b
Red Hat Security Advisory 2017-0206-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 56.0.2924.76. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026
MD5 | 9363fc2d95ffd380e38213dbb9c86db6
Red Hat Security Advisory 2017-0200-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0200-01 - puppet-swift is the Puppet module used by Red Hat OpenStack Platform director to install OpenStack Object Storage. Security Fix: An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9590
MD5 | efd046fec0691c95b50a5d62bae51ef5
Red Hat Security Advisory 2017-0205-01
Posted Jan 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0205-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product.

tags | advisory
systems | linux, redhat
MD5 | 0a11342797528e938c5bddefffc4ed8f
Geutebrueck GCore 1.3.8.42 / 1.4.2.37 Code Execution
Posted Jan 27, 2017
Authored by Luca Cappiello, Maurice Popp | Site metasploit.com

This Metasploit module affects Geutebrueck GCore versions 1.3.8.42 and 1.4.2.37, which suffer from a remote code execution vulnerability.

tags | exploit, remote, overflow, code execution
MD5 | 9da545e7be740441754d88ed617b1256
GNU Screen 4.5.0 Privilege Escalation
Posted Jan 27, 2017
Authored by Donald Buczek

GNU Screen version 4.5.0 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 4fc9b8f080e2bbdd7bf791df28880966
Man-db 2.6.7.1 Privilege Escalation
Posted Jan 27, 2017
Authored by halfdog

Man-db version 2.6.7.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2015-1336
MD5 | 23f5fea9cfaaa2a928d8b54c7cb5fc5d
PHPback Cross Site Scripting / SQL Injection
Posted Jan 27, 2017
Authored by Manish Tanwar

PHPback versions prior to 1.3.1 suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 36d2f17833b22d7574f32b307bd40ad4
Web Based TimeSheet Script SQL Injection
Posted Jan 27, 2017
Authored by Ihsan Sencan

Web Based TimeSheet Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | 93153b827ecdfb381ea98f053de5b6c7
Linux/x86_64 execve /bin/sh Shellcode
Posted Jan 27, 2017
Authored by Robert L. Taylor

22 bytes small Linux/x86_64 execve /bin/sh shellcode.

tags | shellcode
systems | linux
MD5 | 15f4dcabbeb1a190cfb366917b58685d
DigitalSec 2017 Call For Papers
Posted Jan 27, 2017
Site sdiwc.net

The DigitalSec 2017 Call For Papers has been announced. It will take place in Kuala Lumpur, Malaysia, on July 11th through the 13th, 2017.

tags | paper, conference
MD5 | 709e9c8bedaf229a0ced89f465ea3278
Android pm_qos KASLR Bypass
Posted Jan 26, 2017
Authored by Google Security Research, laginimaineb

Android suffers from a KASLR bypass in pm_qos.

tags | exploit
MD5 | a8442cdf28f88af1b8133c60f4fd8b3c
Mac OS / iOS host_self_trap Use-After-Free
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS / iOS kernels suffers from a use-after-free due to a lack of locking in host_self_trap.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2360
MD5 | e6dd7511ecf6e7b1f1bde561746ef30d
Cisco WebEx 1.0.5 Command Execution
Posted Jan 26, 2017
Authored by Tavis Ormandy, Google Security Research

Cisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.

tags | exploit, arbitrary
systems | cisco
MD5 | 8933612c9e940d293efd165554d1e413
OpenSSL Toolkit 1.0.2k
Posted Jan 26, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Bug fixes for an out-of-bounds read, a carry propagating bug, and multiple other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | f965fc0bf01bf882b31314b61391ae65
HTTP_Upload 1.0.0.b3 Arbitrary File Upload
Posted Jan 26, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

HTTP_Upload version 1.0.0b3 fails to appropriately take into consideration more than file extensions when mitigating malicious file uploads, allowing for remote code execution.

tags | exploit, remote, code execution, file upload
MD5 | 55b79ce1f82703dda980c5e527b64bf2
Debian Security Advisory 3771-1
Posted Jan 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3771-1 - Multiple security issues have been found in the Mozilla Firefox web errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396
MD5 | 4dcbc42d2c5add7be89011f9dccdea34
Cisco Security Advisory 20170125-telepresence
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
systems | cisco
MD5 | 348a09172a4d9eba7d6a5abfb2e3410c
Cisco Security Advisory 20170125-expressway
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco
MD5 | 55434a5452720fa88174f8cef74a5281
Cisco Security Advisory 20170125-cas
Posted Jan 26, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | e7bf287db9bafdc598710f3f6472d96f
Red Hat Security Advisory 2017-0196-01
Posted Jan 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0196-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | 363315f193aa162aafb788b12c3d5604
Red Hat Security Advisory 2017-0195-01
Posted Jan 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0195-01 - Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible. Multiple security issues have been addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-9587
MD5 | d289959ba63e28429a0b80fe097a5ada
Mac OS / iOS Kernel Memory Corruption
Posted Jan 26, 2017
Authored by Google Security Research, ianbeer

Mac OS and iOS kernels suffer from a memory corruption vulnerability due to a userspace pointer being used as a length.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2370
MD5 | 38ee3a8bb57ecdf0e2a597bcb350fd9f
Page 3 of 20
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close