what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-06-04

Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
MD5 | 2a6158d11c1b40429f00b3cddeb09daf
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
MD5 | 7cd4d2e2bae235e1c45b77da702e1e5f
Red Hat Security Advisory 2015-1066-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1066-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
MD5 | 2e474e389ffaf2fb090f832ec2d9d5b6
Red Hat Security Advisory 2015-1064-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1064-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
MD5 | 3038b0ab13e9ef23119ea69c30cf11ac
Red Hat Security Advisory 2015-1052-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1052-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. A pluggable agent and GUI framework allow users to collect and visualize performance data beyond what is included out of the box. The thermostat1 packages have been upgraded to upstream version 1.2.0, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3201
MD5 | e3dcb1e5e39e60f836278f72c677de8f
Red Hat Security Advisory 2015-1053-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1053-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
MD5 | 41639e4633e106eb21db696ff0b897af
ProductCart 2.1 Database Disclosure
Posted Jun 4, 2015
Authored by indoushka

ProductCart version 2.1 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 9f655dd975543b5be805e1da7f32afcc
pppBLOG 0.3.11 Cross Site Scripting / Access Bypass
Posted Jun 4, 2015
Authored by indoushka

pppBLOG version 0.3.11 suffers from access bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
MD5 | 8573405cb05b3e6fc2fd4c143c41593d
Open Letters Newsletter 1.0.5 XSS / Administrative Bypass
Posted Jun 4, 2015
Authored by indoushka

Open Letters Newsletter system version 1.0.5 suffers from administrative bypass and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, bypass
MD5 | d0da54c35bdfcd2ef8b178945fbf5524
Maian Gallery 2.0 SQL Injection / Header Injection
Posted Jun 4, 2015
Authored by indoushka

Maian Gallery version 2.0 suffers from remote SQL injection and HTTP response splitting vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | d3bd778703709116129969795abc790e
CmyDocument CMS Database Disclosure
Posted Jun 4, 2015
Authored by indoushka

CmyDocument CMS suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | b64b08755877646fd8e44bdf18d77a64
Chmool Net 2 SQL Injection / Unauthenticated Administrative Access
Posted Jun 4, 2015
Authored by indoushka

Chmool Net version 2 suffers from direct unauthenticated administrative interface access and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
MD5 | 8fb8cec676be7bd7205f9a2be31b3f29
Chmool Net 1 Unauthenticated Administrative Access
Posted Jun 4, 2015
Authored by indoushka

Chmool Net version 1 suffers from a direct unauthenticated administrative interface access vulnerability.

tags | exploit, bypass
MD5 | 3b43f786066b3fed863aac7aed03f90a
AnimaGallery 2.6 LFI / XSS / File Upload
Posted Jun 4, 2015
Authored by indoushka

AnimaGallery version 2.6 suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, file inclusion
MD5 | ce5a37bbbe24a1f167faaf9f8a089696
Gargoyle 1.5.x Command Execution
Posted Jun 4, 2015
Authored by Provensec

Gargoyle routers version 1.5.x suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 72c325362b72bfe51d94b4a8aa44667d
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close