what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2017-03-20

Microsoft Windows Uniscribe USP10!ttoGetTableData Heap Buffer Overflow
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!ttoGetTableData.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-0088
SHA-256 | 1036003b55e9803f13366cbd90b0b3253577d8defb5b2332a29bfcdf6f5ea01e
Microsoft Windows Uniscribe USP10!MergeLigRecords Memory Corruption
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!MergeLigRecords.

tags | exploit
systems | windows
advisories | CVE-2017-0087
SHA-256 | b03ce8b02b92aac1a5794298beb93487bd04a1ecc3e92d4bd3146b8cee535a2e
Microsoft Windows Uniscribe USP10!otlCacheManager::GlyphsSubstituted Memory Corruption
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!otlCacheManager::GlyphsSubstituted.

tags | exploit
systems | windows
advisories | CVE-2017-0086
SHA-256 | 1bd880c0af67e97f521d59bf8c0ad3a3a1545f5c03974f514248a1af6afea6e9
Microsoft Windows Uniscribe USP10!AssignGlyphTypes Out-Of-Bounds Read/Write
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing out-of-bounds read/write vulnerability in USP10!AssignGlyphTypes.

tags | exploit
systems | windows
advisories | CVE-2017-0084
SHA-256 | 54bd1c24e20a2ed83b1c05981225e62254aa9d9e5ee54c57aec3a8b4e2e73f0f
Microsoft Windows Uniscribe USP10!otlList::insertAt Heap Buffer Overflow
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!otlList::insertAt.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-0108
SHA-256 | 01f16a9fdd196b607c53532a9c54c5145240d3154eef2f3812f5052cdb413615
Microsoft Windows Uniscribe usp10!otlChainRuleSetTable::rule Out-Of-Bounds Read
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a uniscribe font processing out-of-bounds read in usp10!otlChainRuleSetTable::rule.

tags | exploit
systems | windows
advisories | CVE-2017-0085
SHA-256 | c9574d6c38cb198f8f8d4715734fcd991bb212fa0ff4bd4871cdd469b047282c
Microsoft Windows Kernel Registry Hive Loading Crashes
Posted Mar 20, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0103
SHA-256 | c0c9f385d6a3ca0455940f14112e0baedb6607593051dca745cd9940fced29ca
Google Nest Cam 5.2.1 Buffer Overflow
Posted Mar 20, 2017
Authored by Jason Doyle

Google Nest Cam version 5.2.1 suffers from buffer overflow conditions over bluetooth LE.

tags | exploit, overflow
SHA-256 | 83ef9172b8314085199e09c18b9b81b0aab7eabd466d67966b771810fb57d7d6
OpenSSH 7.5p1
Posted Mar 20, 2017
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0
Faraday 2.4.0
Posted Mar 20, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added link to name column in Hosts list. Created a requirements_extras.txt file to handle optional packages for specific features. Fixed bug in SQLMap plugin that made the client freeze. Fixed bug when creating/updating Credentials. Various other improvements and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | b08cf69aa27f83187244b525225e8f921c319ebe15b8935e92544c96a6570f0a
dnaLIMS Admin Module Command Execution
Posted Mar 20, 2017
Authored by h00die, Nicholas von Pechmann | Site metasploit.com

This Metasploit module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.

tags | exploit
advisories | CVE-2017-6526
SHA-256 | cfcbce3052c73130003476d0ee627bdcb72ab71008ac686ffaae35583cfb31c0
EMC RecoverPoint SSL Stripping
Posted Mar 20, 2017
Authored by Mike Erman, Joshua Burbrink, Jack Baker | Site emc.com

EMC RecoverPoint update contains a fix for an SSL stripping vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.0 are affected.

tags | advisory
advisories | CVE-2016-6650
SHA-256 | 8279c37d5fc37aaeb794e695f885941bc5413f2602ef275e025af37d36f98b7e
Ubuntu Security Notice USN-3238-1
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3238-1 - An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5428
SHA-256 | b6b00bdea5a46267871ff5572e784dc568cabd5a7a8f0ea1e960b32c132c6319
Debian Security Advisory 3796-2
Posted Mar 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3796-2 - CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client.

tags | advisory, web
systems | linux, debian
SHA-256 | 9f454c966cfbe982bd6953ab0bde1b10a4a667a1dd3b4d83f34331327a46db91
HP Security Bulletin HPSBUX03596 2
Posted Mar 20, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03596 2 - A security vulnerability in Samba was addressed by HPE HP-UX running CIFS Server (Samba). The vulnerability could be exploited resulting in remote access restriction bypass and unauthorized access. Revision 2 of this advisory.

tags | advisory, remote
systems | hpux
advisories | CVE-2015-7560
SHA-256 | d841f519b91c644cd53e085dff736d033e160d2adae9e3588ae69a1f6ed05cb1
Ubuntu Security Notice USN-3237-1
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3237-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10244
SHA-256 | 043ff2b27d9d296fe83b51e3661fdcb9e5855895d2618bc4c4729e92302fa76c
Ubuntu Security Notice USN-3183-2
Posted Mar 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-2 - USN-3183-1 fixedCVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334
SHA-256 | c20be476843f82dbeef2f80230bbcaa5a17fdb8eea114d74c07fde2da3274f09
CreateFile Shellcode
Posted Mar 20, 2017
Authored by Osanda Malith

This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.

tags | shellcode
SHA-256 | 2491b63c867c622c3989731692259fbf0c1e25e9f5dc567cec8b45443580d9f2
ExtraPuTTY 029_rc2 Denial Of Service
Posted Mar 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ExtraPuTTY version 029_RC2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-7183
SHA-256 | 0043f5e8be30c2dacc702f3813eff38d378406972789c13975cb074a84e70843
Red Hat Security Advisory 2017-0559-01
Posted Mar 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0559-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163, CVE-2016-9675
SHA-256 | cf1a2baceb0a6cb4020ae9a518c4553bc770b2638def72f156336ff01db72e25
Gentoo Linux Security Advisory 201703-03
Posted Mar 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-3 - A buffer overflow in PuTTY might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 0.68 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2017-6542
SHA-256 | bf2e380ea3c1c66d7992ffd39196ce810ddc34c559ff53caf3d2462d9b6e0e3f
Gentoo Linux Security Advisory 201703-02
Posted Mar 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.127 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
SHA-256 | c51f8a0051e7270f97a95bcf1711ad8b3aa56c17825334c096efb33f1dcfa87c
FTPShell Server 6.56 ChangePassword Buffer Overflow
Posted Mar 20, 2017
Authored by Greg Priest

FTPShell Sever version 6.56 ChangePassword buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 7a7829b9b8916e50eb5bc8a3e094b666b5819672c7f8b48a17e2e8b398e775c0
ClipBucket 2.8.2 Cross Site Scripting
Posted Mar 20, 2017
Authored by NoGe

ClipBucket versions 2.8.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | bfc96451c84b6bad73bcd5ad0551dca3f08ed1c7a2f10bc94fa4faa643149557
iFdate Social Dating Script 2.0 SQL Injection
Posted Mar 20, 2017
Authored by Ihsan Sencan

iFdate Social Dating Script version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8e259311b82da0fdf2f723f5691008d575533e9e60a40c045499817c4c91a096
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close