what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2016-01-12

Red Hat Security Advisory 2016-0024-01
Posted Jan 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0024-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
SHA-256 | 5e0c3c6dc7d454657950f76fcf7f8a7193a45b84c6fe39b7cf9a405bdfa5ce2d
Ubuntu Security Notice USN-2867-1
Posted Jan 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2867-1 - It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-4600, CVE-2014-8136, CVE-2015-0236, CVE-2015-5247, CVE-2015-5313
SHA-256 | 81de5061f01fc900a3f9b5fe66332907d17877a48a0c25d90b22b5288c911ff4
FingerTec Default Root Password / Remote Enrollment
Posted Jan 12, 2016
Authored by Daniel Lawson

FingerTec devices have a default root password that allows for remote enrollment.

tags | exploit, remote, root
SHA-256 | a8567f878bdec6acc2d742b90abb6aaff946e2de70df870e144ec1b61be4cd74
FortiGate OS 5.0.7 SSH Backdoor
Posted Jan 12, 2016
Authored by operator8203

Fortigate OS versions 4.x through 5.0.7 remote ssh backdoor exploit.

tags | exploit, remote
SHA-256 | a6cb5b8879467e7da5b5599021a3f5539a788338077fca13d3cdc9dbc1a78fa4
Microsoft Office / COM Object WMALFXGFXDSP.dll DLL Planting
Posted Jan 12, 2016
Authored by Google Security Research, scvitti

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.

tags | exploit, x86
systems | linux, windows
advisories | CVE-2016-0016
SHA-256 | 5506ab0759c338b846f6d5d261e281702e49edfdeeab4fa19b87507f6ba7fb37
Bypassing McAfee's Application Whitelisting For Critical Infrastructure Systems
Posted Jan 12, 2016
Authored by Rene Freingruber | Site sec-consult.com

This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.

tags | paper
SHA-256 | 447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18
Microsoft Security Bulletin Summary For January, 2016
Posted Jan 12, 2016
Site microsoft.com

This bulletin summary lists nine released Microsoft security bulletins for January, 2016.

tags | advisory
SHA-256 | 0ddedfcbe5b715ca627576a334b69f3f28cbb032a8f329faa7f8c98ec7fa8e52
Microsoft DirectShow Remote Code Execution
Posted Jan 12, 2016
Authored by Google Security Research, scvitti

There exists a buffer underflow vulnerability in devenum.dll!DeviceMoniker::Load when attempting to null terminate a user supplied string.

tags | exploit
systems | linux
advisories | CVE-2016-0015
SHA-256 | 0009209c1eb7f9ca7d1c5807f6812a7afe78a223f9e3594c10f96feea0470acd
WordPress Symposium Pro Social Network 16.1 Cross Site Scripting
Posted Jan 12, 2016
Authored by Rahul Pratap Singh

WordPress Symposium Pro Social Network plugin version 16.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6a2d0425b1719d1186fb0e34fa724654e3fda7953b4c25a65931591a9dc7cf00
TrendMicro Node.js HTTP Server Command Execution
Posted Jan 12, 2016
Authored by Tavis Ormandy, Google Security Research

When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute().

tags | exploit, web, arbitrary, javascript
systems | linux, windows
SHA-256 | 53073638c8c75e9a351656a4dcd7d53e7dbf2acdea0e8d44f29494b8f842d950
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close