exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2016-04-14

Exim perl_startup Privilege Escalation
Posted Apr 14, 2016
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.

tags | exploit, perl
SHA-256 | 9244d1a56ca1a0b4187fc7d9232dd5485fbbf380c0bdb9f35ea79df0019c335a
Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference
Posted Apr 14, 2016
Authored by OrwellLabs | Site orwelllabs.com

Brickcom Network Cameras suffer from insecure direct object reference, hard-coded credentials, information disclosure, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
SHA-256 | d4263442a7cc41a494d9af50e1ba3231bc2e0bda0bbf7e50965fda5669553dc6
Asterisk Project Security Advisory - AST-2016-005
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP connections and sending no data to Asterisk. If PJProject has been compiled in debug mode, then once the number of allowed TCP connections has been depleted, the next attempted TCP connection to Asterisk will crash due to an assertion in PJProject. If PJProject has not been compiled in debug mode, then any further TCP connection attempts will be rejected. This makes Asterisk unable to process TCP SIP traffic. Note that this only affects TCP/TLS, since UDP is connectionless. Also note that this does not affect chan_sip.

tags | advisory, udp, tcp
SHA-256 | 122646434ef3ffdbf4f736e5ba7648af84f7dff43cfe57162960b91becc450fd
Asterisk Project Security Advisory - AST-2016-004
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring. This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.

tags | advisory
SHA-256 | afafbceea5744913691ffdaa1e188cde546064b48141faa603d4ecb51464d088
Red Hat Security Advisory 2016-0632-01
Posted Apr 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0632-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Ceph Storage 1.2 offering will be retired as of May 31, 2016, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including Critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
SHA-256 | 571366d5e03d4e8944a1d32ee5130b116af47843449136c95f54efbf44c63e33
Cisco Security Advisory 20160413-ucs
Posted Apr 14, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | 2e6d030fae5d28b76ac8736016fce9f068231a0fdf92d0a4a48686c89aceba6f
Django CMS 3.2.3 Filter Bypass / Script Insertion
Posted Apr 14, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Django CMS version 3.2.3 suffers from filter bypass and malicious script insertion vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 37f9d80f871c90b98fbef578bb3285d459c2ce9bc4b43e2ee9a1ea05eff816ab
PHPmongoDB 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 14, 2016
Authored by Ozer Goker

PHPmongoDB version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | e76ac1cdaae844776a01728a703770c3e964816b862a0c6b2c52054c63a4e509
Debian Security Advisory 3548-2
Posted Apr 14, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3548-2 - The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem.

tags | advisory, python
systems | linux, debian
SHA-256 | af50d04b296b06f28fa050a688f99a7b316167b8c46b06c89022bfc29068b18e
Windows Kernel ATMFD.DLL NamedEscape 0x2511 Out-Of-Bounds Read
Posted Apr 14, 2016
Authored by Google Security Research, mjurczyk

The Adobe Type Manager Font Driver (ATMFD.DLL) suffers from a NamedEscape out-of-bounds read.

tags | exploit
systems | linux
SHA-256 | 47ff745db957f4da9f0bfd5c001563adb1efd711f4a8c5d321e86fdc7660d19a
ChitaSoft CMS 3 Cross Site Scripting
Posted Apr 14, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

ChitaSoft CMS version 3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f2496bfce8bfd1272daa114fe6e23c1117c8a54c7bb3145226a1d3e60df3b268
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close