exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-06-30

OpenSCAP Libraries 1.2.10
Posted Jun 30, 2016
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | 5e40ba546c56ca9da70c21d13a2df23456f1a1ce6e65966fc09c8150d08386f0
Packet Storm New Exploits For June, 2016
Posted Jun 30, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 234 exploits added to Packet Storm in June, 2016.

tags | exploit
systems | linux
SHA-256 | 65c670ff496ef48d9ad7f1fde630d9c0a156ee29bb9a365516085aaa8f307064
Huawei HiSuite For Windows 4.0.3.301 Privilege Escalation
Posted Jun 30, 2016
Authored by Benjamin Gnahm

A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Versions 4.0.3.301 and below are affected.

tags | exploit, local, root
systems | windows
advisories | CVE-2016-5821
SHA-256 | 6c6581b85754886f7bf71324c9215879a17f5cce30ef4b37096ab2d6b6d81ffa
Ubuntu Security Notice USN-3015-1
Posted Jun 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3015-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1704
SHA-256 | e10fd246dad11166feb241b4d648306e287802ffdbc7819c5b565dcb57d21be3
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
SHA-256 | bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996
Joomla SmartFormer 2.4.1 Shell Upload
Posted Jun 30, 2016
Authored by indoushka

Joomla Smartformer component version 2.4.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1b4e93b6e8307844e941b5738100e3231e02e90071e189914c94886f43387028
Ktools Photostore 4.7.5 Blind SQL Injection
Posted Jun 30, 2016
Authored by Viktor Minin, Gal Goldshtein

Ktools Photostore versions 4.7.5 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-4337
SHA-256 | e1c064ba516e117f8148f9926109b58abaffa30ddd6ae6668dae0ecd6362f63e
RockLoader SQL Injection / Shell Upload
Posted Jun 30, 2016
Authored by Danail Velev

The RockLoader malware tool suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 6791a3d9faefcca7817af221317b6551aea06e2523ac2d59b9090b612529dd50
Phoenix Exploit Kit Remote Code Execution
Posted Jun 30, 2016
Authored by CrashBandicot

Phoenix Exploit Kit suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 1f25ff92651bd8bb32029e3adf634acf5d0f7f6e4d481eafd322a6ba7c9eb2c9
Debian Security Advisory 3611-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3611-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.

tags | advisory, remote, web, denial of service, file upload
systems | linux, debian
advisories | CVE-2016-3092
SHA-256 | 8063f2fceed2ffb108fdb433edb8aa47a61a755d3a99c08fb9ab864029de4cdf
Debian Security Advisory 3610-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3610-1 - Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library.

tags | advisory, remote, denial of service, overflow
systems | linux, debian
advisories | CVE-2016-4463
SHA-256 | 1f894b4a8b46f7ea26ba4c7e1e986dae118351e027465bbd76eee0989c28c308
Ubuntu Security Notice USN-3022-1
Posted Jun 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3022-1 - It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4324
SHA-256 | 8ae390a08fb00115285a78feeee55a76b9fb90b69d2d0153911e8f6d45b6f559
Debian Security Advisory 3608-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3608-1 - Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-4324
SHA-256 | 3b3ec3f622f1f01c4413241a511b9a03e1b2a5e8126b4b15ab0699876e43f2d8
Debian Security Advisory 3609-1
Posted Jun 30, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3609-1 - Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
SHA-256 | dc0dfa37ac8428b022149f7007f8c04701baa05b455c582b2b3162c0543ee491
Red Hat Security Advisory 2016-1374-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1374-01 - JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal's web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 286af024f9c96f19f6b30409bb512c0b84c72342914a566e0e893e47f30c5daf
Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect
Posted Jun 30, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2016-3652, CVE-2016-3653, CVE-2016-5304
SHA-256 | 65b13d36661ece87ba1bdd49bd3f70a0e5b540ef29bbd7ab7cc57d9d5d95b4ac
WordPress Ultimate Membership Pro 3.3 SQL Injection
Posted Jun 30, 2016
Authored by wp0Day.com

WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9edba755da9d970478234df675d2e2057d355945224203a45b1c7c3945f3736c
Cuckoo Sandbox Guest 2.0.1 Code Execution
Posted Jun 30, 2016
Authored by Remi ROCHER

Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | c0ec4947410116d6957300d0f302ff16f00765aa7038deb88954db8885fafbda
Lenovo ThinkPad System Management Mode Arbitrary Code Execution
Posted Jun 30, 2016
Authored by Cr4sh

This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.

tags | exploit
systems | linux
SHA-256 | d7cc976511ad7609235445cc38467f50cb436c74822e85605a700f38f803fe60
Windows 7 SP1 x86 Privilege Escalation
Posted Jun 30, 2016
Authored by blomster81

Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.

tags | exploit, x86
systems | windows
advisories | CVE-2016-0400
SHA-256 | 90dceeedf953cb4edb51470fa645fd788318328c628cb56e0c176a1148d50f58
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close