what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-12-01

Zenphoto 1.4.10 Local File Inclusion
Posted Dec 1, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Zenphoto version 1.4.10 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ba42a64f94000d69b626766f98ef6b4343b2f83d132187d08702aa0bd5872bc9
Zenphoto 1.4.10 Cross Site Scripting
Posted Dec 1, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Zenphoto version 1.4.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 338d643e05d21281ce75b48a02bfc8bdfb08fcf3781a74cdae576f570735dc5b
BSides SF 2016 Call For Papers
Posted Dec 1, 2015
Site bsidessf.com

BSides SF is soliciting papers and presentations for the 2016 annual BSidesSF conference. It will be held at the DNA Lounge, 375 11th Street, San Francisco, CA, USA on February 28th through the 29th, 2016.

tags | paper, conference
SHA-256 | a01bad96a7b093f975eee9e0b3153eb0bc964a25403799a73f7af2b9fd91e4c4
Ubuntu Security Notice USN-2823-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2823-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2015-5283, CVE-2015-7872
SHA-256 | b571488b07c4a6634118c61047b479fdea699b8487c5473f9b60f7ecedacf73d
Debian Security Advisory 3408-1
Posted Dec 1, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3408-1 - It was discovered that GnuTLS, a library implementing the TLS and SSL protocols, incorrectly validates the first byte of padding in CBC modes. A remote attacker can possibly take advantage of this flaw to perform a padding oracle attack.

tags | advisory, remote, protocol
systems | linux, debian
advisories | CVE-2015-8313
SHA-256 | 34b8d58d97aa8a0f0267eb11b913d08c670a42fbf209c0304872f17c07ad3d02
Red Hat Security Advisory 2015-2534-01
Posted Dec 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2534-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
SHA-256 | 82e69af8562a6d2beda47ff7c64a29f5a548afef72a77b9a2f379497188dc9cf
Red Hat Security Advisory 2015-2535-01
Posted Dec 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2535-01 - Red Hat JBoss Enterprise Application Platform 5 is a platform for Java applications based on JBoss Application Server 6. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
SHA-256 | 1d209b80d89f5aac30e613d9f23c5927d34aaa7cb1d78b9d220eee948bbc03a0
RHEL 7.0 / 7.1 abrt / sosreport Local Root
Posted Dec 1, 2015
Authored by rebel

Local root exploit for Redhat Enterprise Linux versions 7.0 and 7.1 that leverages abrt/sosreport.

tags | exploit, local, root
systems | linux, redhat
advisories | CVE-2015-5287
SHA-256 | b790341fd59ae2e5d21dff21d1b31498f965eaa89caf7d3d86a361acf552509d
CentOS 7.1 / Fedora 22 abrt Local Root
Posted Dec 1, 2015
Authored by rebel

CentOS version 7.1 and Fedora version 22 abrt local root exploit. It leverages abrt-hook-ccpp insecure open() usage and abrt-action-install-debuginfo insecure temp directory usage.

tags | exploit, local, root
systems | linux, fedora, centos
advisories | CVE-2015-5273, CVE-2015-5287
SHA-256 | 2e6ff628343956da9862f4ece546ad0fa5bec7f2f3e42781031bd4c8eee3ff37
Kodi 15 Arbitrary File Access
Posted Dec 1, 2015
Authored by Machiel Pronk

Kodi 15 reintroduced an arbitrary file access vulnerability.

tags | exploit, arbitrary
SHA-256 | e05d978031114d81d6708e335f10396cc3db95a485c34cededae537acb52519a
Red Hat Security Advisory 2015-2525-01
Posted Dec 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2525-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 was retired on November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.

tags | advisory
systems | linux, redhat
SHA-256 | ba29dbf063299e831b083948a06044c9e23cff9bdfa922b9dfec4d8cdc6844dc
Ubuntu Security Notice USN-2819-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2819-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
SHA-256 | a311c779f9fd27a3a7bb5fd804f6f177902aee369fc6236ab5b3d629b731ef65
VoIP Wars: Destroying Jar Jar Lync
Posted Dec 1, 2015
Authored by Fatih Ozavci | Site viproy.com

This archive includes presentation slides for the talk VoIP Wars: Destroying Jar Jar Lync along with the Viproxy tool used to perform the attack.

tags | paper
systems | linux
SHA-256 | 7c10f7a577fbea0fc76921b0346d6dd57980d6c5773f75f34712eadc6b092e2e
Huawei Wimax CSRF / Information Disclosure / Manipulation
Posted Dec 1, 2015
Authored by Pierre Kim

Huawei Wimax routers suffer from cross site request forgery, information disclosure, and system manipulation vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
SHA-256 | 665c198903c1a2084546365ee984482cf859f3ed18d69b64ac380d553c6da03c
Packet Storm New Exploits For November, 2015
Posted Dec 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 190 exploits that were added to Packet Storm in November, 2015.

tags | exploit
systems | linux
SHA-256 | d6d0c6276b2fafc1b461728be0f139b590d4ce0965f02cb1e6192125de6aeedb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close