exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-11-21

SAP NetWeaver AS JAVA 7.4 XXE Injection
Posted Nov 21, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA version 7.4 suffers from an XML external entity (XXE) injection vulnerability.

tags | exploit, java, xxe
SHA-256 | efd99512a1f7388c7f876065269028bfcebd3facd45d7f9528eed91a41312084
SAP NetWeaver AS JAVA 7.4 Denial Of Service
Posted Nov 21, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA version 7.4 suffers from a denial of service vulnerability.

tags | exploit, java, denial of service
SHA-256 | 867f8128690b89340fd1f3685572beeded84a79290e1e6dc540dcd297158cc35
Proxmark Iceman Fork 1.6.6
Posted Nov 21, 2016
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems. It also contains the new attack vector against newer Mifare Classic tags with the hardend prng.

Changes: Fixes, adjustments, and enhancements.
tags | tool
systems | unix
SHA-256 | e28ff35e958e1665c04bd54ed740b57a2d54e5fd398f123aa42d1d90a32d93a5
Atlassian Confluence AppFusions Doxygen 1.3.x Cross Site Scripting
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 58c57bd896a1b741f14676780ed0548bea2bc4824bf165be69c2d7dd293e7f52
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 8357c39588ad5506639d97020e1806800b3080757eee8fa79931e45eb66d5148
Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen version 1.3.0 suffers from a path traversal vulnerability.

tags | exploit
SHA-256 | 77aa28687a473275fa3261bb168ee38f7a5939fe9c9aa294dd42f3b61e038e76
Ansvif 1.6.1
Posted Nov 21, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a -M option for maximum arguments in the fuzz, as well as algorithmic control of ansvif fuzz testing (so that if it has already tried a particular fuzz it will not try it again, this speeds things up quite a bit).
tags | tool, fuzzer
systems | unix
SHA-256 | 859f9e504580cf957ec756c239cf58ea4940fa4416cab0fa7e4d1ea6024c0f4c
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
Posted Nov 21, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.

tags | exploit, overflow, shell, tcp, protocol
advisories | CVE-2016-6563
SHA-256 | f09dc3e03a56a9a9441af1cc6229aa3bd868aca364888ba73e07ec9a07559e11
Multitech RightFax Faxfinder Credential Disclosure
Posted Nov 21, 2016
Authored by Joshua Platz

Multitech RightFax Faxfinder versions prior to 4.1.2 suffer from a clear-text credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-10512
SHA-256 | 4cba9fb5d18c9d4697ebdd1ee70bdbba03e52490e9c35b8c78903bbc2933d69e
Ubuntu Security Notice USN-3131-1
Posted Nov 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3131-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8562, CVE-2014-8716, CVE-2014-9805, CVE-2014-9806, CVE-2014-9807, CVE-2014-9808, CVE-2014-9809, CVE-2014-9810, CVE-2014-9811, CVE-2014-9812, CVE-2014-9813, CVE-2014-9814, CVE-2014-9815, CVE-2014-9816, CVE-2014-9817, CVE-2014-9818, CVE-2014-9819, CVE-2014-9820, CVE-2014-9821, CVE-2014-9822, CVE-2014-9823, CVE-2014-9826, CVE-2014-9828, CVE-2014-9829, CVE-2014-9830, CVE-2014-9831
SHA-256 | 97f74f2887273aaf548965ae782a0d45d4345f1afed77295fdf4004d81751ca0
Red Hat Security Advisory 2016-2809-01
Posted Nov 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2809-01 - The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on. Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure Apache-based service providers. Security Fix: A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-8638
SHA-256 | 62ebd6d5c44aa0b4baaa3685abab5cbb76b339806e15c8c48e96b76428ab30f4
Debian Security Advisory 3719-1
Posted Nov 21, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3719-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.

tags | advisory, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2016-9373, CVE-2016-9374, CVE-2016-9375, CVE-2016-9376
SHA-256 | ff0042f1d46181ecb6688120175f8f37efc1368dea2b32c7c87d609b9ba1c690
Gentoo Linux Security Advisory 201611-14
Posted Nov 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-14 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.13.2-r2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-2695, CVE-2015-2696, CVE-2015-2697
SHA-256 | 9cc870d75fec5b3e5e72b5410b010b6e2964e4ac02c65b63650fe6ad75245d4c
Gentoo Linux Security Advisory 201611-13
Posted Nov 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-13 - A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-1609
SHA-256 | b4839033da00a62a97688eab707eedcf52ab5e81048779f078e4fd71ee2a2362
Gentoo Linux Security Advisory 201611-12
Posted Nov 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-12 - Multiple vulnerabilities have been found in imlib2, the worst of which allows for the remote execution of arbitrary code. Versions less than 1.4.9 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9762, CVE-2014-9763, CVE-2014-9764, CVE-2016-4024
SHA-256 | c0bc2da01fe92dabf8269a7cfb2e656e04ea91d148acd072356abd67d733f945
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close