exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-09-27

Red Hat Security Advisory 2016-1939-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1939-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.

tags | advisory, kernel, tcp
systems | linux, redhat
advisories | CVE-2016-5696
SHA-256 | 2e89712d5d9a3a6580bbe1199d40bc6f01d0d90d8dc5606a0a1f3917f336791d
Ubuntu Security Notice USN-3089-1
Posted Sep 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3089-1 - Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7401
SHA-256 | 1429af6725fcfdc8874b40c166000833bee38d63c06de42ce71e433a12f523fb
Red Hat Security Advisory 2016-1940-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306
SHA-256 | 19da4e9f2644bafd62ade81685cad4dbfebe84c91adc49693b780a7d22008e4e
Adobe Flash 23 Sandbox Bypass
Posted Sep 27, 2016
Authored by Leone Pontorieri

Adobe Flash versions 23 and below local-with-filesystem sandbox bypass via navigateToURL() and UI redressing. Proof of concept included.

tags | exploit, local, proof of concept, bypass
SHA-256 | d781b3b3524940c25a5fbcb3235ee478a3d76f94af8e3a9b1b38f55e89374500
EMC ViPR SRM Cross Site Scripting
Posted Sep 27, 2016
Authored by Eric Flokstra | Site emc.com

EMC ViPR SRM versions prior to 4.0.1 suffer from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-6647
SHA-256 | e1828eb16abfb65ae9177f9aa8c447a3d49f6714d6cc7284391fd2913d94e586
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
Posted Sep 27, 2016
Authored by Travis Lee

AVer Information EH6108H+ hybrid DVR suffers from authentication bypass, hard-coded credential, and information exposure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2016-6535, CVE-2016-6536, CVE-2016-6537
SHA-256 | 542457f732586cd30de78d97744a7ccf237f6d15e517b95167adadf9ca79f1d4
hack4 2016 Call For Papers
Posted Sep 27, 2016
Authored by dash | Site hack4.org

hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2016 in Berlin, Germany.

tags | paper, conference
SHA-256 | ef4f6d88341c88a807480c594f4168027177c29a2cf5e642e44020d858f86245
Deactivating Endpoint Protection Software In An Unauthorized Manner (Revisited)
Posted Sep 27, 2016
Authored by Matthias Deeg, Sven Freund

In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.

tags | paper, local, vulnerability, bypass
SHA-256 | 16bdb44dfe3a5da3e0a9b5376b22c5274d1bfbf4ba7e2ff6870b90b93b63eb07
Skype DLL Hijacking
Posted Sep 27, 2016
Authored by Tien Phan

The Skype installer suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 0b3c640eeab0ab7cd7ec7ebff214b1a4bceb0e0789d4d92e6c3110b0a6a3749a
Ipod Video Converter DLL Hijacking
Posted Sep 27, 2016
Authored by ZwX

Ipod Video Converter suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 61b579cc65a6eeaa34bb88ecc10504935818bcf88f2da16f27c50681e96bb7ea
Debian Security Advisory 3679-1
Posted Sep 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3679-1 - Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites.

tags | advisory, java, web, csrf
systems | linux, debian
advisories | CVE-2016-6801
SHA-256 | 0f5a893138b1cd78069b3dd03323499db2c569a7b00c3e203e1abf84f2e14e43
HP Security Bulletin HPSBHF03652 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03652 1 - A potential vulnerability in Apache Commons FileUpload was addressed by HPE iMC PLAT network products. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-3092
SHA-256 | 95a8eceab70b60080766e978894efbac8842f4208552f7ea273e4246150a8058
HP Security Bulletin HPSBHF03654 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03654 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
SHA-256 | e95853b077c436c5cb5faee1cb16a533e757741fc8e0f4554f5e9d9b4c3468ac
HP Security Bulletin HPSBHF03655 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03655 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products running Apache Axis2. These vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1632
SHA-256 | e207ba0504f3712bbbee74a63b3d54bb39ce810ec03276cf275b027f373c294b
Debian Security Advisory 3678-1
Posted Sep 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3678-1 - Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django.

tags | advisory, web, arbitrary, csrf
systems | linux, debian
advisories | CVE-2016-7401
SHA-256 | ca95b0a735b7833fab215c8cd225e9f45f2155853007fe8f4abf34c989e7cc84
Linux Kernel 4.6.3 Netfilter Privilege Escalation
Posted Sep 27, 2016
Authored by h00die, vnik | Site metasploit.com

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2016-4997
SHA-256 | 3ed3279ffabc1d769fe51805e802f0af5a86f32107a739ee1f3f3ec23f7e3010
Android Stagefright MP4 tx3g Integer Overflow
Posted Sep 27, 2016
Authored by jduck, NorthBit | Site metasploit.com

This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two tx3g atoms that, when their sizes are summed, cause an integer overflow when processing the second atom. As a result, a temporary buffer is allocated with insufficient size and a memcpy call leads to a heap overflow. This version of the exploit uses a two-stage information leak based on corrupting the MetaData that the browser reads from mediaserver. This method is based on a technique published in NorthBit's Metaphor paper. First, we use a variant of their technique to read the address of a heap buffer located adjacent to a SampleIterator object as the video HTML element's videoHeight. Next, we read the vtable pointer from an empty Vector within the SampleIterator object using the video element's duration. This gives us a code address that we can use to determine the base address of libstagefright and construct a ROP chain dynamically. NOTE: the mediaserver process on many Android devices (Nexus, for example) is constrained by SELinux and thus cannot use the execve system call. To avoid this problem, the original exploit uses a kernel exploit payload that disables SELinux and spawns a shell as root. Work is underway to make the framework more amenable to these types of situations. Until that work is complete, this exploit will only yield a shell on devices without SELinux or with SELinux in permissive mode.

tags | exploit, remote, overflow, shell, kernel, root
advisories | CVE-2015-3864
SHA-256 | 1a90f98f06bcb60d18f94ddf7062901f68d339cc68bbdab75711aaafaeffc5d2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close