what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-03-16

Adobe Flash op_pushwith Incorrect Jit Optimization
Posted Mar 16, 2016
Authored by Google Security Research, Ian Beer

The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.

tags | exploit, code execution
systems | linux
advisories | CVE-2014-0586
SHA-256 | 15e844ae6193dee99a1f13d80853248247c00f3baaac1706b37ffdc2478eb54a
Microsoft Internet Explorer Read AV In MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout
Posted Mar 16, 2016
Authored by Google Security Research, mbarbella

Microsoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.

tags | exploit
systems | linux
advisories | CVE-2016-0108
SHA-256 | b53f8e4c4ebe84b15587cf2408a4e03b8bba9fce031e88a6b70310b5cab23a39
HP Security Bulletin HPSBGN03558 1
Posted Mar 16, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03558 1 - A potential security vulnerability has been identified with ArcSight ESM and ESM Express. The vulnerability could be remotely exploited to allow disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-1992
SHA-256 | 28d0bc2f388a200af3b1537d9e5168c41fd4215d9f8a4f0c1be046c2a7f360b7
Ubuntu Security Notice USN-2935-1
Posted Mar 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2935-1 - It was discovered that the PAM pam_userdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possibly use this issue to make brute force attacks easier. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly performed filtering. A local attacker could use this issue to create arbitrary files, or possibly bypass authentication. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-7041, CVE-2014-2583, CVE-2015-3238
SHA-256 | d110bf2dafaa23143df1fbb2f1b980d26ab199a82f114251a10d01f4de388c86
Ubuntu Security Notice USN-2930-3
Posted Mar 16, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2930-3 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7566, CVE-2015-8767, CVE-2016-0723, CVE-2016-2384, CVE-2016-2782, CVE-2016-3134, CVE-2016-3135
SHA-256 | 707b4c115844dc4faebd1fec2fb66e92b60bc56880df0b10e6b9c05bdd62934a
Debian Security Advisory 3518-1
Posted Mar 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3518-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in code injection.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3153, CVE-2016-3154
SHA-256 | dc72260fecc1752a6e3c4c3ff2f6053dcd0afb084cb39dc1e3ad48e6d3f2b37f
Slackware Security Advisory - seamonkey Updates
Posted Mar 16, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 63e7436a20b7f16a9193f2d1c474e58f41258cf6ffd9a05661a2fc963ef50202
Slackware Security Advisory - git Updates
Posted Mar 16, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2315, CVE-2016-2324
SHA-256 | 1c99e71a3fad9650a752f68bbbef7c024a33b46b4b822521373fefb124404fdb
Mobile Security Framework MobSF 0.9.1
Posted Mar 16, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Improved and responsive UI. Dynamic SSL testing. Various other updates and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
SHA-256 | 215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6c
Apache TomEE Patched
Posted Mar 16, 2016
Authored by Romain Manni-Bucau

Apache TomEE versions 7.0.0-M3 and 1.7.4 have been released to address the vulnerability in CVE-2016-0779.

tags | advisory
advisories | CVE-2016-0779
SHA-256 | 7a86eadc9d1a0c572c427b8b770a26e63f25a4bbeb52d74b04a4cdb22d7e750c
Litecart CMS 1.3.4 Cross Site Scripting
Posted Mar 16, 2016
Authored by Ravindra Singh Rathore

Litecart CMS version 1.3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4cb7456694a81224960fbf8001ba720d140582b309f4096d0341ed93e2691c6d
Netgear CG3000v2 Password Change Bypass
Posted Mar 16, 2016
Authored by Paul Szabo

The Netgear CG3000v2 cable modem fails to validate an admin's old password prior to changing to a new one. It also appears to suffer from cross site request forgery issues.

tags | exploit, bypass, csrf
SHA-256 | 60a9f0aaa0dd1bda3794476688930f7d44eef4e51d60f57a34808b39c96672ff
Netwrix Auditor 7.1.322.0 ActiveX (sourceFile) Stack Buffer Overflow
Posted Mar 16, 2016
Authored by LiquidWorm | Site zeroscience.mk

Netwrix Auditor version 7.1.322.0 suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | db825249db3363632ce5398e5a1a478c8eb43957adac1cbc99ffdd9d41d19e51
Security BSides Las Vegas 2016 Call For Papers
Posted Mar 16, 2016
Authored by BSides LV

BSides Las Vegas 2016 has announced its Call For Papers. It will take place August 2nd and 3rd, 2016, in Las Vegas, Nevada.

tags | paper, conference
SHA-256 | 47f535e27fa7797f9e5e41782d91a6f18a81f1d91be895e77faebcdf3ea369a4
Chamilo LMS 1.10.2 Cross Site Scripting
Posted Mar 16, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Chamilo LMS version 1.10.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 12f915c60ca619847a0cd7048a890848d0bc5b2449afdcc3e307a8cc7c233372
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close