exploit the possibilities

Recent Files

Files RSS Feed
tcpdump 4.99.1
Posted Jun 11, 2021
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Updated the snapend for some nested IP packets in ICMP. Fixed packet header fields in EIGRP. Update the snapend thus the ICV field is not payload for the caller in MACsec. Fixed overwrites in BGP and ARP. Various other updates.
tags | tool, sniffer
systems | unix
libpcap 1.10.1
Posted Jun 11, 2021
Site tcpdump.org

Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump.

Changes: Packet filtering fix for a parse error. Added PCAP_AVAILABLE_1_11 in source code. A half dozen fixes and tweaks to building and testing..
tags | library
systems | unix
NetSetManPro 4.7.2 Privilege Escalation
Posted Jun 11, 2021
Authored by Simon Bieber

NetSetManPro version 4.7.2 suffers from a privilege escalation vulnerability.

tags | exploit
nfstream 6.3.2
Posted Jun 11, 2021
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: There is an nDPI update and a fix for capturing on multiple interfaces.
tags | tool, python
systems | unix
GNU Privacy Guard 2.2.28
Posted Jun 11, 2021
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

Changes: gpg now allows decryption without public key but with correct card inserted, has a new --force-sign-key option, and has various other improvements added.
tags | tool, encryption
Accela Civic Platorm 21.1 Cross Site Scripting
Posted Jun 11, 2021
Authored by Abdulazeez Alaseeri

Accela Civic Platform version 21.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Backdoor.Win32.Zombam.gen Buffer Overflow
Posted Jun 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zombam.gen malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
WordPress Database Backups 1.2.2.6 Cross Site Request Forgery
Posted Jun 11, 2021
Authored by 0xB9

WordPress Database Backups plugin version 1.2.2.6 suffers from a cross site request forgery vulnerability in the databased backup download functionality.

tags | exploit, csrf
Ubuntu Security Notice USN-4987-1
Posted Jun 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Grocery Crud 1.6.4 SQL Injection
Posted Jun 11, 2021
Authored by TonyShavez

Grocery Crud version 1.6.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Ubuntu Security Notice USN-4986-3
Posted Jun 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4986-3 - USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
OpenEMR 5.0.0 Remote Shell Upload
Posted Jun 11, 2021
Authored by Ron Jost

OpenEMR version 5.0.0 authenticated remote shell upload exploit.

tags | exploit, remote, shell
Backdoor.Win32.Zombam.gen Code Execution
Posted Jun 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zombam.gen malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
Backdoor.Win32.Zombam.gen Cross Site Scripting
Posted Jun 11, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zombam.gen malware suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | windows
WoWonder Social Network Platform 3.1 Authentication Bypass
Posted Jun 11, 2021
Authored by securityforeveryone.com

WoWonder Social Network Platform version 3.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
Zenario CMS 8.8.52729 SQL Injection
Posted Jun 11, 2021
Authored by Avinash R

Zenario CMS version 8.8.52729 suffers from authenticated blind and error-based remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
Red Hat Security Advisory 2021-2380-01
Posted Jun 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2380-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
Cerberus FTP Web Service 11 Cross Site Scripting
Posted Jun 11, 2021
Authored by Mohammad Hossein Kaviyany

Cerberus FTP Web Service version 11 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
Microsoft SharePoint Server 16.0.10372.20060 Server-Side Request Forgery
Posted Jun 11, 2021
Authored by Alex Birnberg

Microsoft SharePoint Server version 16.0.10372.20060 suffers from a GetXmlDataFromDataSource server-side request forgery vulnerability.

tags | exploit
Ability FTP Server 2.34 Denial Of Service
Posted Jun 11, 2021
Authored by Fernando Mengalli

Ability FTP server version 2.34 APPE denial of service exploit.

tags | exploit, denial of service
Solar-Log 500 2.8.2 Password Disclosure
Posted Jun 11, 2021
Authored by Luca.Chiou

Solar-Log 500 version 2.8.2 suffers from password disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
Solar-Log 500 2.8.2 Incorrect Access Control
Posted Jun 11, 2021
Authored by Luca.Chiou

Solar-Log 500 version 2.8.2 suffers from an incorrect access control vulnerability.

tags | exploit
Ubuntu Security Notice USN-4971-2
Posted Jun 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4971-2 - USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2021-2375-01
Posted Jun 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2375-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
NSClient++ 0.5.2.35 Remote Code Execution
Posted Jun 10, 2021
Authored by kindredsec, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled.

tags | exploit, web, shell
View Older Files →

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close