what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2015-04-19

Maligno 2.1
Posted Apr 19, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Clientgen now supports standalone script generation, without requiring Maligno server component for downloading a payload. Cookie support added. Payload parameter + ID can be provided via a cookie. Various other updates and improvements.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | e62c4728f7cef68bfb76677d78c3863b
Lynis Auditing Tool 2.1.0
Posted Apr 19, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Screen output has been improved to provide additional information. CUPS detection on Mac OS has been improved. Various other updates and improvements.
tags | tool, scanner
systems | unix
MD5 | 7f201fea70aeeed35b4d5bbdb5370fec
Adobe Flash Player copyPixelsToByteArray Integer Overflow
Posted Apr 19, 2015
Authored by Chris Evans, Nicolas Joly, juan vazquez, hdarwin | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2014-0556
MD5 | 4cff6de22707258e03d6b5a94098eea8
WordPress Reflex Gallery Upload
Posted Apr 19, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-88853
MD5 | 706bd52d29f48452cf44662a0b4b8121
WordPress N-Media Website Contact Form Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | f48296e18e9f4421ac086119c662d7d7
WordPress Creative Contact Form Upload
Posted Apr 19, 2015
Authored by Gianni Angelozzi | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 134c796ad1d27553f7d2f3e571bc64cd
WordPress Work The Flow Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | dc2ad90b527114d951180cd2ca685749
Lychee 2.7.1 Remote Code Execution
Posted Apr 19, 2015
Authored by Filippo Cavallarin

Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.

tags | exploit, remote, code execution
MD5 | ffeb76aee22dd08c5004ddb2e4550767
Landesk Management Suite 9.5 RFI / CSRF
Posted Apr 19, 2015
Authored by Alex Haynes

Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion, csrf
advisories | CVE-2014-5361, CVE-2014-5362
MD5 | 643ac1edf3af42b8b7e5abf729714d86
Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow
Posted Apr 19, 2015
Authored by Dmitry Janushkevich | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a sign extension error in ibpsd2.dll when processing PSD files, which can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerability may allow execution of arbitrary code. Oracle Outside In versions 8.4.1, 8.5.0, and 8.5.1 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2015-0493
MD5 | b8a8520189bfa0ea254297c04be69875
Gentoo Linux Security Advisory 201504-07
Posted Apr 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.457 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
MD5 | d6d8ba429b3ad80f77b017e8c105b909
Gentoo Linux Security Advisory 201504-06
Posted Apr 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103, CVE-2015-0255
MD5 | 4cc69e1f489af5daf1897135469850b4
Red Hat Security Advisory 2015-0854-01
Posted Apr 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0854-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492
MD5 | 57c9ff1ebbf2610d9e76898ad7134532
BlueDragon CFChart Servlet 7.1.1.17759 Directory Traversal
Posted Apr 19, 2015
Authored by Mike Westmacott | Site portcullis-security.com

The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances the retrieved file is also deleted. Versions 7.1.1.17759 is affected.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2014-5370
MD5 | 1c78504a6f38fac2ccb9f00516eafff6
ADB Backup Traversal / File Overwrite
Posted Apr 19, 2015
Authored by Imre Rad

ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.

tags | exploit, file inclusion
advisories | CVE-2014-7951
MD5 | e4e9268b88452697ab4830733dc3ff44
Android 4.4 MTP Path Traversal
Posted Apr 19, 2015
Authored by Imre Rad

The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-7954
MD5 | 31e2c89ebd60eaddd94891616bc2289f
WordPress Content Slide 1.4.2 CSRF / Cross Site Scripting
Posted Apr 19, 2015
Authored by Tom Adams

WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7beae7997262010b351d7849f57f7d98
112 ipTIME Remote Code Execution
Posted Apr 19, 2015
Authored by Pierre Kim, Alexandre Torres

Many 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.

tags | advisory, remote, root, code execution
MD5 | 914adf235f667ba89e9e18adc6ef5e8e
Android Backup Agent Arbitrary Code Execution
Posted Apr 19, 2015
Authored by Imre Rad

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

tags | exploit, arbitrary, shell
advisories | CVE-2014-7951
MD5 | 92dd96fde3a8b8327d8c6cc2f73c7c09
WordPress Citizen Space 1.1 Cross Site Scripting
Posted Apr 19, 2015
Authored by Glyn Wintle

WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ec623d2d94622f089d045fdae1f33a32
Mac OS X Local Denial Of Service
Posted Apr 19, 2015
Authored by Maxime Villard

Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.

tags | exploit, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2015-1100
MD5 | 9b6709c0e397b4fbaa91bf43235fc9d2
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    14 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    17 Files
  • 23
    Mar 23rd
    1 Files
  • 24
    Mar 24th
    1 Files
  • 25
    Mar 25th
    16 Files
  • 26
    Mar 26th
    21 Files
  • 27
    Mar 27th
    6 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close