what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Adobe Photoshop CC 16.1.1 / Bridge CC 6.1.1 Memory Corruption
Posted Feb 12, 2016
Authored by Francis Provencher

Adobe Photoshop CC versions 16.1.1 (2015.1.1) and below and Bridge CC versions 6.1.1 and below suffer from multiple memory corruption vulnerabilities. Proof of concept files included.

tags | exploit, vulnerability, proof of concept
systems | linux
advisories | CVE-2016-0951, CVE-2016-0952, CVE-2016-0953
SHA-256 | c47fea6ad11b93329fb19de9eea9fb407d4dffd7dd33d618f48d7e6208f37393

Related Files

Zero Day Initiative Advisory 12-141
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2012-1855
SHA-256 | 8a9c280b793fd5689ee6d1eab372451da1a6ddfa522f51fffe5b3eeaf469a90f
Microsoft Windows Remote Desktop Code Execution
Posted Aug 17, 2012
Authored by Edward Torkington | Site ngssoftware.com

The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.

tags | advisory, remote, code execution
systems | windows
SHA-256 | 0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5ef
Internet Explorer Script Interjection Code Execution
Posted Aug 17, 2012
Authored by Derek Soeder

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

tags | advisory, web, arbitrary, code execution, protocol
systems | windows
SHA-256 | 96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357b
Zero Day Initiative Advisory 12-137
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm. The library defines an allocation routine as having an argument type uint32. The implemented methods in the cdsa_plugin accept parameter having type size_t, this value is truncated from 64 bits to 32 bits when being passed to the library routine. This can lead to an underallocated memory region and ultimately a write out of bounds. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0651
SHA-256 | 46ab23dd80c0f29f56b1529836ab00f816dadca849f9f53aba67524769c8cb32
ICS-CERT Advisory - Tridium Niagara Issues
Posted Aug 17, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4027, CVE-2012-4028, CVE-2012-3025, CVE-2012-3024
SHA-256 | a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649b
GNU Transport Layer Security Library 3.1.0
Posted Aug 17, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for using and storing cryptographic keys in the system's TPM module and several other improvements.
tags | protocol, library
SHA-256 | 4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8cc
Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
SHA-256 | ce6d03f8afb8da5e9fab7773161352eac8d3bfb7b25bc19d2aa5c97279ad7812
Mandriva Linux Security Advisory 2012-133
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0065
SHA-256 | 3ae2eaf49a9bfc802e659cf70f95a8ee4095350027b507c59c3be723c46cae97
Debian Security Advisory 2530-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2012-3478
SHA-256 | 0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450
HP Security Bulletin HPSBUX02805 SSRT100919
Posted Aug 15, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02805 SSRT100919 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
SHA-256 | 849562f0237617b7508b5218fea45645aedcf54cee94899fb36a71e7fbb6f633
Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85
Ubuntu Security Notice USN-1538-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1538-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2372, CVE-2012-2390, CVE-2012-2136, CVE-2012-2372, CVE-2012-2390
SHA-256 | b1621261e387c4866383d13410d8707d10ed518cc87e960bb61a013fc5ba3fed
Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32
Ubuntu Security Notice USN-1535-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1535-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2390, CVE-2012-2136, CVE-2012-2390
SHA-256 | 45a19fe276e735d415cd1a01153d8aaa18717189a56c96cfbb4d88c50dcddecc
Ubuntu Security Notice USN-1534-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1534-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. An error was discovered in the Linux kernel's memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2390, CVE-2012-2136, CVE-2012-2390
SHA-256 | 5ac3c3a851b0545ddc164371fc5ad555f111ce1cb5d2b35278736b9365d66c52
Ubuntu Security Notice USN-1533-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935
Ubuntu Security Notice USN-1532-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356
Ubuntu Security Notice USN-1531-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1531-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2372, CVE-2012-2390, CVE-2012-2136, CVE-2012-2372, CVE-2012-2390
SHA-256 | 02e8241e6bf305aa37396622b58304e85b75430ea8d557a9abfcab876e316fe7
Ubuntu Security Notice USN-1529-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1529-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400, CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400
SHA-256 | e952789bbefd461e15d40316c4fbdd6eac86480773556aab5265687085c3d735
Ubuntu Security Notice USN-1514-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1514-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400, CVE-2012-2119, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373, CVE-2012-3364, CVE-2012-3375, CVE-2012-3400
SHA-256 | e1c10bba69a8a49308a988c308242a9abe24b1f355d1cf1a0609f14097f65f5c
Drupal Mime Mail 6.x Access Bypass
Posted Aug 9, 2012
Authored by Greg Knaddison, Gabor Seljan | Site drupal.org

Drupal Mime Mail third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b0a039f3f8e50612edc18654e3f08fa0768e7cce033393312917b22dddb2ce6f
Drupal Shibboleth Authentication 6.x Access Bypass
Posted Aug 9, 2012
Authored by Brian Swaney | Site drupal.org

Drupal Shibboleth Authentication third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | e56e802811cdc559b6dff8457f24a6cff5246f7478e4aea1adf2290a3508efec
Iomega StorCenter/EMC Lifeline Remote Access
Posted Aug 9, 2012
Site emc.com

A vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.

tags | advisory, remote
advisories | CVE-2012-2283
SHA-256 | 1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7
PBBoard 2.1.4 SQL Injection / Improper Authentication / Broken Access Control
Posted Aug 9, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

PBBoard version 2.1.4 suffers from improper authentication, improper access control, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
advisories | CVE-2012-4034, CVE-2012-4035, CVE-2012-4036
SHA-256 | 98c660124db3dfdff27f3497939655798807cd19db3c0489fbf39341a0590cb1
Red Hat Security Advisory 2012-1151-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1151-01 - OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2668
SHA-256 | b5e58ac02a262a4dec401a753af836111759f4a329334fb8c3c1a2a0b7b62159
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close