Twenty Year Anniversary
Showing 1 - 25 of 104,139 RSS Feed

Files

Cisco Prime Infrastructure Unauthenticated Remote Code Execution
Posted Nov 13, 2018
Authored by Pedro Ribeiro | Site metasploit.com

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | cisco
advisories | CVE-2018-15379
MD5 | 2c9170145359581c4c8d1c13f564bce3
Ubuntu Security Notice USN-3816-1
Posted Nov 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-1 - Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-6954
MD5 | 0d1d149d094bc787a61b8d9a8420e7bb
Android RSSI Broadcast Information Disclosure
Posted Nov 13, 2018
Authored by Yakov Shafranovich, Vilius Kraujutis | Site wwws.nightwatchcybersecurity.com

Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts.

tags | exploit, info disclosure
advisories | CVE-2018-9581
MD5 | a26217d9d0c12d9ab358f22208fabe78
Android 5.0 Battery Information Broadcast Information Disclosure
Posted Nov 13, 2018
Authored by Yakov Shafranovich, Vilius Kraujutis | Site wwws.nightwatchcybersecurity.com

Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts.

tags | exploit, info disclosure
advisories | CVE-2018-15835
MD5 | 1662a0811657c2af60dfcefe19ec6d2f
TufinOS 2.1.7 Build 1193 XML Injection
Posted Nov 12, 2018
Authored by Konstantinos Alexiou

TufinOS version 2.1.7 build 1193 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | ccd2c04ce995ab3a02c0fb45eeb538aa
The Don 1.0.1 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

The Don version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a6151d20387a2fb7f431a9064d670d29
Mongoose Web Server 6.9 Denial Of Service
Posted Nov 12, 2018
Authored by Ihsan Sencan

Mongoose Web Server version 6.9 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | 0bfc59fbbe8fc8dce5ff5ee4bf59679b
Nominas 0.27 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

Nominas version 0.27 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 035d880db5eccd94dd115104f910b017
ServerZilla 1.0 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

ServerZilla version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7b2b67def4a643fdfd3f2c493c0fa519
GPS Tracking System 2.12 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

GPS Tracking System version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b3d47b43dcee7925d466c114f0441523
Easyndexer 1.0 Cross Site Request Forgery
Posted Nov 12, 2018
Authored by Ihsan Sencan

Easyndexer version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 5cddd718e27c0e3419a973f5446a7e5d
Facturation System 1.0 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

Facturation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cc739da9b1dce4e69acec65524f7f8ed
Paroiciel 11.20 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

Paroiciel version 11.20 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2cef56992e3bde78149d1a2a712ab38b
Data Center Audit 2.6.2 SQL Injection
Posted Nov 12, 2018
Authored by Ihsan Sencan

Data Center Audit version 2.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 50743004a9d872e2e1324206cc8fb52a
RSA BSAFE Micro Edition Suite Key Management Error
Posted Nov 12, 2018
Site emc.com

RSA BSAFE Micro Edition Suite contains a fix for a key management error that could potentially be exploited by malicious users to compromise the affected system. RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and RSA BSAFE Micro Edition Suite versions prior to 4.1.6.2 (in 4.1.x series) are affected.

tags | advisory
advisories | CVE-2018-15769
MD5 | 026b101ee9c8be4aea5befac0e580621
WordPress PeepSo 1.11.2 Cross Site Scripting
Posted Nov 12, 2018
Authored by Socket_0x03

WordPress PeepSo plugin version 1.11.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0d2abe1f8360ec073ae662fa0f60ddd8
WordPress PeepSo 1.11.2 SQL Injection
Posted Nov 12, 2018
Authored by Socket_0x03

WordPress PeepSo plugin version 1.11.2 suffers from a remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f7801a9f20acb28193e406e3e8127b11
WordPress WP User Manager 2.0.8 SQL Injection
Posted Nov 12, 2018
Authored by Socket_0x03

WordPress WP User Manager plugin version 2.0.8 suffers from a remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b23aa52bd9caaf0ef1b7daec59bcbab1
Dell EMC RecoverPoint Information Disclosure / Resource Consumption
Posted Nov 12, 2018
Authored by Paul Taylor | Site emc.com

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

tags | advisory, info disclosure
advisories | CVE-2018-15771, CVE-2018-15772
MD5 | c22adbdd431026937dde62858e1d4472
Vignette Content Management 6 Security Bypass
Posted Nov 12, 2018
Authored by Rafael Pedrero

Vignette Content Management version 6 suffers from a security bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-18941
MD5 | 134f2f8a3d512fe1b1e828f5bdf8ebdf
Netscape Enterprise 3.63 Cross Site Scripting
Posted Nov 12, 2018
Authored by Rafael Pedrero

Netscape Enterprise 3.63 suffers from a cross site scripting vulnerability in the default SnoopServlet servlet.

tags | exploit, xss
advisories | CVE-2018-18940
MD5 | 0c6b97708954b5902901fac4c063a6c2
Advanced Comment System 1.0 SQL Injection
Posted Nov 12, 2018
Authored by Rafael Pedrero

Advanced Comment System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18619
MD5 | 2e410b3407ce4a5c6db3c52fa0679770
Ubuntu Security Notice USN-3815-2
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-2 - USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 51e487332db90c74eb92afb810976bca
Ubuntu Security Notice USN-3815-1
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3815-1 - It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-18751
MD5 | 55c08c31b7c8375fb97d655a18afabb1
Ubuntu Security Notice USN-3814-1
Posted Nov 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3814-1 - It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-18584
MD5 | 08291f8fba97ca0ed220da4aeaf4801e
Page 1 of 4,166
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    4 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close