Exploit the possiblities

Recent Files

Files RSS Feed
CentOS Web Panel 0.9.8.12 Cross Site Scripting
Posted Jan 20, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
systems | linux, centos
Shopware 5.2.5 / 5.3 Cross Site Scripting
Posted Jan 20, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Shopware versions 5.2.5 and 5.3 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
Vodafone DE Cross Site Scripting
Posted Jan 20, 2018
Authored by Ismail Tasdelen

The vodafone.de site suffers from multiple cross site scripting and HTML injection vulnerabilities.

tags | advisory, vulnerability, xss
Agora Project 3.3.5 Cross Site Scripting
Posted Jan 20, 2018
Authored by indoushka

Agora Project version 3.3.5 suffers from a cross site scripting vulnerability via file uploads.

tags | exploit, xss, file upload
Microsoft Security Bulletin Updates For January, 2018
Posted Jan 20, 2018
Site microsoft.com

This Microsoft bulletin summary lists security updates released for January 19, 2018.

tags | advisory
Chameleon Mini Smartcard Emulator Iceman Fork 1.0
Posted Jan 19, 2018
Authored by Christian Herrmann | Site github.com

This is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This release is fully compatible with the GUI software that is bundled with the device upon purchase.

tags | tool
systems | unix
Red Hat Security Advisory 2018-0100-01
Posted Jan 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0100-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2018-0099-01
Posted Jan 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0099-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
Debian Security Advisory 4092-1
Posted Jan 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4092-1 - The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, debian
Kernel Exploitation Part 6: NULL Pointer Dereference
Posted Jan 19, 2018
Authored by abatchy17

Whitepaper called Kernel Exploitation 6: NULL pointer dereference.

tags | paper, kernel
Kernel Exploitation Part 4: Stack Buffer Overflow (SMEP Bypass)
Posted Jan 19, 2018
Authored by abatchy17

Whitepaper called Kernel Exploitation 4: Stack Buffer Overflow (SMEP Bypass).

tags | paper, overflow, kernel
Kernel Exploitation Part 5: Integer Overflow
Posted Jan 19, 2018
Authored by abatchy17

Whitepaper called Kernel Exploitation 5: Integer Overflow.

tags | paper, overflow, kernel
CentOS Web Panel 0.9.8.12 Cross Site Scripting
Posted Jan 19, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
systems | linux, centos
Microsoft Security Bulletin CVE Revision Increment For January, 2018
Posted Jan 19, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-0793, CVE-2018-0794, and CVE-2018-0819.

tags | advisory
Photo Vault 1.2 Brute Forcing Issue
Posted Jan 19, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photo Vault version 1.2 fails to rate limit authentication attempts allowing for brute force attacks.

tags | exploit
Simple ASC CMS 1.2 Database Disclosure
Posted Jan 19, 2018
Authored by indoushka

Simple ASC CMS version 1.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
Online Hotel Booking System Pro 1.3 SQL Injection
Posted Jan 19, 2018
Authored by indoushka

Online Hotel Booking System Pro version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Toplist 2 SQL Injection / Backdoor Account / Shell Upload
Posted Jan 19, 2018
Authored by indoushka

Toplist 2 suffers from remote shell upload, backdoor account, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
Linux/ARM Password Protected Reverse Shell Shellcode
Posted Jan 19, 2018
Authored by rtmcx

156 bytes small Linux/ARM password protected reverse TCP (192.168.1.1:4444/TCP) shell (/bin/sh) null-free shellcode.

tags | shell, tcp, shellcode
systems | linux
Vanilla 2.0.18.8 Local File Inclusion
Posted Jan 19, 2018
Authored by indoushka

Vanilla version 2.0.18.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
cryptmount Filesystem Manager 5.2.4
Posted Jan 18, 2018
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Minor updates to documentation and debian packaging. Patched to support cryptsetup-2.x. Updated to automake-1.15.
tags | tool, kernel, encryption
systems | linux
Lynis Auditing Tool 2.6.0
Posted Jan 18, 2018
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Binary paths are now sorted. Greek language added. systemd detection improved. VirtualBox detection extended. Several code enhancements.
tags | tool, scanner
systems | unix
Primefaces 5.x Remote Code Execution
Posted Jan 18, 2018
Authored by Bjoern Schuette | Site metasploit.com

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

tags | exploit, remote, crypto, code execution
Falco 0.9.0
Posted Jan 18, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Fixed driver incompatibility problems with some linux kernel versions that can disable pagefault tracepoints. Fixed OSX Build incompatibility with latest version of libcurl.
tags | tool, intrusion detection
systems | unix
glibc getcwd() Local Privilege Escalation
Posted Jan 18, 2018
Authored by halfdog

glibc suffers from a getcwd() local privilege escalation vulnerability.

tags | exploit, local
View Older Files →

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Recent News

News RSS Feed
Lebanese Government Hackers Hit Thousands Of Victims With Incredibly Simple Campaign
Posted Jan 19, 2018

tags | headline, government, malware, fraud, cyberwar, phish
Dridex Banking Trojan Compromises FTP Sites In New Campaign
Posted Jan 19, 2018

tags | headline, malware, bank, trojan, cybercrime, fraud
Triton Exploited Zero-Day Flaw To Target Industrial Systems
Posted Jan 19, 2018

tags | headline, hacker, malware, cyberwar, scada
Apple Sued Over Being Susceptible To Meltdown / Spectre
Posted Jan 19, 2018

tags | headline, flaw, apple, intel
Intel Fix Causes Reboots And Slowdowns
Posted Jan 18, 2018

tags | headline, flaw, intel
Text Bomb Is Latest Apple Bug
Posted Jan 18, 2018

tags | headline, phone, denial of service, flaw, apple
Industrial Systems Scrambling To Catch Up With Meltdown, Spectre
Posted Jan 18, 2018

tags | headline, flaw, scada, intel
German Hacker Offers Rare Look Inside Secretive World Of Julian Assange, WikiLeaks
Posted Jan 18, 2018

tags | headline, hacker, government, britain, data loss, germany
Google Intros Security Center Tool For G Suite
Posted Jan 18, 2018

tags | headline, google
Hackers Can't Dig Into Latest Xiaomi Phone Due To GPL Violations
Posted Jan 18, 2018

tags | headline, hacker, phone, google
View More News →

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close