what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-06-04

Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
SHA-256 | 4a656cf67191a9b5d586dc37c9e4d421b37d29b2e9e8805a00d6eaf3e1021219
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
SHA-256 | 63740e368582aaa39bf0e329e2d82cdd141937b5026cb93e2a3e1238803204cf
Red Hat Security Advisory 2015-1066-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1066-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 737b0fc8464520a03cda25d1868c5e45d2eda21dfbca75a7f5d7a523dcde4ef1
Red Hat Security Advisory 2015-1064-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1064-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
SHA-256 | c0e3cc2e371398b78ff43e1a431500d56f2413e503a376c528eedca74106238f
Red Hat Security Advisory 2015-1052-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1052-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. A pluggable agent and GUI framework allow users to collect and visualize performance data beyond what is included out of the box. The thermostat1 packages have been upgraded to upstream version 1.2.0, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3201
SHA-256 | 96baedde8efeaaf2e6afd0dcb8a95bbdbbeeb52213e7566166d882bc79235547
Red Hat Security Advisory 2015-1053-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1053-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
SHA-256 | 277990d32ba3a0e77323741d4d5dd06eb3a124cd7bc3d266dc530c4f8981c0ba
ProductCart 2.1 Database Disclosure
Posted Jun 4, 2015
Authored by indoushka

ProductCart version 2.1 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 0724e5cd6f4a2667daa98cade6f3c6b7a2b499e51de04b6d29cf3a36fea9a683
pppBLOG 0.3.11 Cross Site Scripting / Access Bypass
Posted Jun 4, 2015
Authored by indoushka

pppBLOG version 0.3.11 suffers from access bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 812913eb79c1c2f7fe823b5e41256d3deedf5d6c2db9111a97b370be3b8cddc3
Open Letters Newsletter 1.0.5 XSS / Administrative Bypass
Posted Jun 4, 2015
Authored by indoushka

Open Letters Newsletter system version 1.0.5 suffers from administrative bypass and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, bypass
SHA-256 | eb31e179eff6e05f01694b31bdaf5986e9b9d4d4651c55d3c3b851d1f5b3094a
Maian Gallery 2.0 SQL Injection / Header Injection
Posted Jun 4, 2015
Authored by indoushka

Maian Gallery version 2.0 suffers from remote SQL injection and HTTP response splitting vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 1c6557b8dbbf946c30aecec14d588df09501a4e754dbc38d8a8e867bd9cd2cc8
CmyDocument CMS Database Disclosure
Posted Jun 4, 2015
Authored by indoushka

CmyDocument CMS suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 255d2593b0d8394a83a6d45be2b4298c74a92e7b305064e6eb5ea9fee51894ff
Chmool Net 2 SQL Injection / Unauthenticated Administrative Access
Posted Jun 4, 2015
Authored by indoushka

Chmool Net version 2 suffers from direct unauthenticated administrative interface access and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 5f002c181b6999b277ce4e7e2f273b7947fc864d43404860ad56a62786d11b93
Chmool Net 1 Unauthenticated Administrative Access
Posted Jun 4, 2015
Authored by indoushka

Chmool Net version 1 suffers from a direct unauthenticated administrative interface access vulnerability.

tags | exploit, bypass
SHA-256 | 610fe35da414f7d74defec162c6888efba6272496701995863d5ed7f860371ab
AnimaGallery 2.6 LFI / XSS / File Upload
Posted Jun 4, 2015
Authored by indoushka

AnimaGallery version 2.6 suffers from cross site scripting, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, file inclusion
SHA-256 | 6a28e86c1becd8cea7bcb780eb4c64b569e0e62f5ce962b4b7c0030a6922d440
Gargoyle 1.5.x Command Execution
Posted Jun 4, 2015
Authored by Provensec

Gargoyle routers version 1.5.x suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | ecbb41195177b9d9a6c2ccfa3cc768ae104f3e7a093d08cb8fb1c052aa17bf26
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close