Exploit the possiblities

Recent Files

Files RSS Feed
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow
Posted Feb 23, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
CloudMe Sync 1.10.9 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira, hyp3rlinx | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
AsusWRT LAN Unauthenticated Remote Code Execution
Posted Feb 23, 2018
Authored by Pedro Ribeiro | Site metasploit.com

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

tags | exploit, web, root, udp
GNU Privacy Guard 2.2.5
Posted Feb 23, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes added.
tags | tool, encryption
Mandos Encrypted File System Unattended Reboot Utility 1.7.19
Posted Feb 23, 2018
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
Asterisk Project Security Advisory - AST-2018-006
Posted Feb 23, 2018
Authored by Sean Bright | Site asterisk.org

Asterisk Project Security Advisory - When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a busy loop that waited for the underlying connection to close.

tags | advisory
Kernel Live Patch Security Notice LSN-0035-1
Posted Feb 23, 2018
Authored by Benjamin M. Romer

On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.

tags | advisory, kernel
systems | linux, ubuntu
Groupon Clone Script 3.0.2 Cross Site Scripting
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Groupon Clone Script version 3.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Alibaba Clone Script 1.0.2 Cross Site Scripting
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Learning And Examination Management System Script 2.3.1 XSS
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
Joomla! OS Property Real Estate 3.12.7 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Joomla! Proclaim 9.1.1 Shell Upload
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
Joomla! CheckList 1.1.1 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Joomla! Alexandria Book Library 3.1.2 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Alexandria Book Library component version 3.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Joomla! Ek Rishta 2.9 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Ek Rishta component version 2.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Joomla! PrayerCenter 3.0.2 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! PrayerCenter component version 3.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Joomla! Proclaim 9.1.1 Backup Disclosure
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Proclaim component version 9.1.1 suffers from a backup disclosure vulnerability.

tags | exploit
Joomla! CW Tags 2.0.6 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! CW Tags component version 2.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
NoMachine nxfuse Privilege Escalation
Posted Feb 23, 2018
Authored by Fidus InfoSecurity

NoMachine versions prior to 6.0.80 (x64) suffer from an nxfuse privilege escalation vulnerability.

tags | exploit
Armadito Antivirus 0.12.7.2 Detection Bypass
Posted Feb 23, 2018
Authored by Souhail Hammou

Armadito Antivirus version 0.12.7.2 suffers from a detection bypass vulnerability.

tags | exploit, bypass
Disk Pulse Enterprise 10.4.18 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira

Disk Pulse Enterprise version 10.4.18 suffers from an import command buffer overflow vulnerability.

tags | exploit, overflow
Disk Savvy Enterprise 10.4.18 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira

Disk Savvy Enterprise version 10.4.18 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
Wavpack 5.1.0 Denial Of Service
Posted Feb 23, 2018
Authored by r4xis

Wavpack version 5.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
Asterisk Project Security Advisory - AST-2018-005
Posted Feb 23, 2018
Authored by Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

tags | advisory, tcp
Asterisk Project Security Advisory - AST-2018-004
Posted Feb 23, 2018
Authored by Joshua Colp, Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

tags | advisory
View Older Files →

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close