what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-01-28

Oracle Outside In VSDX 8.4.0 / 8.5.1 / 8.5.2 / 8.5.3 Use-After-Free
Posted Jan 28, 2017
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the vsvsdx.dll when processing PageHeight and PageWidth values of VSDX file, which can be exploited to corrupt memory via a specially crafted VSDX file. Successful exploitation may allow execution of arbitrary code. Versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.

tags | advisory, arbitrary
advisories | CVE-2017-3266
SHA-256 | 9697a7c849f39a13926892d6b471d55b1281d9096e5b8186ba951919119c04ab
CA Common Services casrvc Privilege Escalation
Posted Jan 28, 2017
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.

tags | advisory, arbitrary, local, root
systems | linux, solaris, aix, hpux
advisories | CVE-2016-9795
SHA-256 | fc6c18b1ab288c81928a10a9339d929938fcd7120518c622254694d974c59667
WordPress FormBuilder 1.05 Cross Site Request Forgery
Posted Jan 28, 2017
Authored by Securify B.V., Burak Kelebek

WordPress FormBuilder plugin version 1.05 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 802b442dfa53531fd80f9ec001bf164207aa8164ff344771bb40415f62a94715
VirtualBox Privilege Escalation
Posted Jan 28, 2017
Authored by Wolfgang Hotwagner

VirtualBox versions prior to 5.0.32 and prior to 5.1.14 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-3316
SHA-256 | fbc8f27ebd046afc3d15e93a02ab62b9b5e464ee5560c917a0d6571f8f1167c0
Joomla Store Locator 2.3.1.0 Cross Site Scripting
Posted Jan 28, 2017
Authored by Mojtaba MobhaM

Joomla Store Locator component version 2.3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 69ac0cbe43a7053fc1a8b440d18caa470f6c9a5368bf65886509c810a03c6e25
EMC Data Protection Advisor Path 6.x Path Traversal
Posted Jan 28, 2017
Site emc.com

EMC Data Protection Advisor contains a fix for a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 6.1.x, 6.2, 6.2.1, 6.2.2, and 6.2.3 prior to patch 446 are affected.

tags | advisory
advisories | CVE-2016-8211
SHA-256 | 1399b4c25d75885ede6ffe39eddd5e40f0959f9e9f7b40269343455100f526fb
Cordova-Android 6.1.1 Insecure Transport
Posted Jan 28, 2017
Authored by Alon Galili

Cordova-Android versions 6.1.1 and below suffer from an insecure transport vulnerability due to the Gradle Distribution URL not using HTTPS by default.

tags | advisory, web
advisories | CVE-2017-3160
SHA-256 | d6bee6780400c2c31f859d15dc8af513d4a62cec6920be28a9ec3b5477f6e910
EMC Documentum D2 4.5 / 4.6 DQL Injection / Cross Site Scripting
Posted Jan 28, 2017
Site emc.com

EMC Documentum versions 4.5 and 4.6 suffer from DQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2016-9872, CVE-2016-9873
SHA-256 | 1fa1935776c0450f0c6cdea2c7600f969b1b60558c23fe2f89c44e6ca37d23f4
EMC Data Domain DD 5.x OS Command Injection
Posted Jan 28, 2017
Site emc.com

EMC Data Domain DD OS has been updated to fix a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.4, 5.5 family all versions prior to 5.5.5.0, 5.6 family all versions prior to 5.6.2.0, 5.7 family all versions prior to 5.7.2.10 are affected.

tags | advisory
advisories | CVE-2016-8216
SHA-256 | 3719ab75a9e74d2e20d08072be2aceabafc3b494f8af1bd2a3a39707e215f405
Joomla JTAG Calendar 6.2.4 SQL Injection
Posted Jan 28, 2017
Authored by Mojtaba MobhaM

Joomla JTAG Calendar component version 6.2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a4d0ea155714f1050a57d2e8d9c9f1c9306b6b785b9798cb7e6b4109de210ba5
RSA BSAFE Crypto-J Cryptography Failure
Posted Jan 28, 2017
Site emc.com

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

tags | advisory, cryptography, vulnerability
advisories | CVE-2016-8212, CVE-2016-8217
SHA-256 | ab31c6b98b6ff07db4a9a779660f5967f97cb4172a52706352ff182ae3cb9252
MRF Web Panel 9.0.1 OS Command Injection
Posted Jan 28, 2017
Authored by Filippos Mastrogiannis, Dimitrios Maragkos, Loukas Alkis

MRF Web Administration Panel (SWMS) version 9.0.1 is vulnerable to OS command injection attacks.

tags | exploit, web
advisories | CVE-2016-10043
SHA-256 | f0aa656e6a7de9e427504db15b24aee38689c905553cf5d9c2b80a569ffbba77
EMC PowerPath Management Appliance Information Disclosure
Posted Jan 28, 2017
Site emc.com

EMC PowerPath Virtual Appliance is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 2.0 and 2.0 SP1 are affected.

tags | advisory, info disclosure
advisories | CVE-2016-0890
SHA-256 | b686a3a955b58b02de9046c1ae26899038d003ce1ed99f6164b144454ff9f2e4
EMC RecoverPoint Information Disclosure / Command Injection
Posted Jan 28, 2017
Site emc.com

EMC RecoverPoint versions prior to 4.4.1.1 and 5.0 suffer from information disclosure and command injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-6648, CVE-2016-6649
SHA-256 | 0ca4b3c6ebdf0150051ad3eed18350d2e8904925131165880fd50ece4d779fc2
RSA Web Threat Detection 5.x Cross Site Scripting
Posted Jan 28, 2017
Site emc.com

RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.0, 5.1, and 5.1.2 are affected.

tags | advisory, web, xss
advisories | CVE-2016-0919
SHA-256 | 1c09ee7779d8cae0ef00e80b9c059864bc8bbabe7168d438d03104a558311d36
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close