seeing is believing
Showing 1 - 13 of 13 RSS Feed

Files Date: 2014-01-07

vm86 Syscall Linux Root Privilege Escalation
Posted Jan 7, 2014
Authored by halfdog

The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating of old 8086 software as done with dosemu, was prone to trigger FPU errors. Closer analysis showed, that in general, the handling of the FPU control register and unhandled FPU-exception could trigger CPU-exceptions at unexpected locations, also in ring-0 code. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
MD5 | d51c172c2a52d41901fa4a885e01e0af
Spamina Email Firewall 3.3.1.1 Directory Traversal
Posted Jan 7, 2014
Authored by Sisco Barrera

Spamina Email Firewall version 3.3.1.1 suffers from multiple directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
MD5 | edfd06ae0bc0a6ff57394e3827aa7cc8
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Posted Jan 7, 2014
Authored by Ahmed Elhady Mohamed

GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-7243
MD5 | 0e276c273df32bee25227d636f53c18d
Dredge School Administration System 1.0 SQL Injection / XSS / CSRF
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Dredge School Administration System version 1.0 suffers from backup disclosure, account disclosure, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 99c4cf56ddf7b150c2217f4adfe7df2d
Middle School Homework Page 1.3 Beta 1 Cross Site Scripting / SQL Injection
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Middle School Homework Page version 1.3 Beta 1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6a9d2f1b8112eb36370bef20157a2eb9
Command School Student Management System 1.06.01 SQL Injection / CSRF / XSS
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Command School Student Management System version 1.06.01 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 15237fb33e1f791d3b7e2af4164d04ba
Digital Whisper Electronic Magazine #48
Posted Jan 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 48. Written in Hebrew.

tags | magazine
MD5 | 50af7cec3d568dc48457b7a0ea48927c
Joomla Aclsfgpl Shell Upload
Posted Jan 7, 2014
Authored by TUNISIAN CYBER

The Joomla Aclsfgpl component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 43996263dcd5e4191719fe3dad510df4
HITB Magazine Volume 4 Issue 10
Posted Jan 7, 2014
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 4 Issue 10 - Topics include TCP Idle Scans in IPv6, You Can Be Anything You Want To Be, and more.

tags | tcp, magazine
MD5 | b604dc254b232026bec1d8d773dcee68
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20131230
Posted Jan 7, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release follows the upstream's release of tor-0.2.4.20. The kernel was also updated to Linux-3.12.6 plus Gentoo's hardened-patches-3.12.4-3.extras, but all other components were kept at the same version as the 20131216 release.
tags | tool, kernel, peer2peer
systems | linux
MD5 | d534f06b9a91b57333f0828ab0361326
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20131230
Posted Jan 7, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release follows the upstream's release of tor-0.2.4.20. The kernel was also updated to Linux-3.12.6 plus Gentoo's hardened-patches-3.12.4-3.extras, but all other components were kept at the same version as the 20131216 release.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | fe6ba9395f7e8293280969cbe9038843
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
Posted Jan 7, 2014
Authored by EgiX, juan vazquez | Site metasploit.com

vTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu 10.04 and Windows 2003 SP2.

tags | exploit, arbitrary, php, vulnerability, file upload
systems | linux, windows, ubuntu
advisories | CVE-2013-3214, CVE-2013-3215, OSVDB-95902, OSVDB-95903
MD5 | 8cfa2756a8caf281bdf7170de13d5b60
Xplico Network Forensic Analysis Tool 1.1.0
Posted Jan 7, 2014
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: This release improves performance, and adds the new dissectors Yahoo Messenger, Cisco HDLC, and Null/Loopback. The nDPI library has been updated. Alice Webmail and Libero Webmail decoding have been added.
tags | tool, imap, forensics
systems | linux
MD5 | 4822ac669f61afeea11c25f60a1a841c
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    1 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close