ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.
b8dc5f1df82809852d6a77c351c7f2eb981f60244033ee5ab50a39260d9b0d1aThis archive contains 174 exploits that were added to Packet Storm in April, 2015.
67480065aa8abecec85b2ad4c8cb36f1b82c6d8fedcfa0b5e7d84c41fd389464This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.
5e90527feb81af64901755b776a489cf3494498219d1281419ecb16f62818f6fRed Hat Security Advisory 2015-0921-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. Prior to this update, Chromium did not accept GNOME's system proxy settings due to having GConf support disabled. This issue has been resolved in this update.
301bac35da2e59ffdc9f50eb0ec7896703490da588a5ff89beab97063b0a47dcRed Hat Security Advisory 2015-0920-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.2 release serves as a replacement for JBoss Operations Network 3.3.1, and includes several bug fixes.
c25f8c7aa83c4adab8c0e47d17575a57f0427ec64a20d4a50b201fb46d6be949Red Hat Security Advisory 2015-0919-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
e543bbe7dc1fe5d20b208997d464ebdaa39d87fae511896d22262d347cf97f5cThis bulletin summary lists one bulletin that has undergone a major revision increment for April, 2015.
0d8e8e1c906c66d8920f4ce6daa1cbf9f94fbb26b2edc6a5dee1615630f677f6Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().
3b4b298d51f795e837fdad045082d8d21888b30a3c72b0d84495cbda9339fe16
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed