what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-07-13

phpSQLiteCMS CSRF / XSS / Privilege Escalation / File Upload
Posted Jul 13, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

phpSQLiteCMS suffers from cross site request forgery, cross site scripting, arbitrary file upload, and privilege escalation vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, sql injection, file upload, csrf
MD5 | 8f27a4b84b6ffbd88f2e31971e851b10
Accellion FTA getStatus verify_oauth_token Command Execution
Posted Jul 13, 2015
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauth_token' is passed into a system() call within a mod_perl handler. This Metasploit module exploits the '/tws/getStatus' endpoint. Other vulnerable handlers include '/seos/find.api', '/seos/put.api', and /seos/mput.api'. This issue was confirmed on version FTA_9_11_200, but may apply to previous versions as well. This issue was fixed in software update FTA_9_11_210.

tags | exploit, shell
advisories | CVE-2015-2857
MD5 | 574eb637708ed40c94b419650c536f7d
VNC Keyboard Remote Code Execution
Posted Jul 13, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

tags | exploit
systems | linux, windows, unix
MD5 | 84637a25e2b6ddf1b89af18e21eb42cd
Adobe Flash opaqueBackground Use After Free
Posted Jul 13, 2015
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This Metasploit module is an early release tested on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194

tags | exploit
systems | windows, 7
advisories | CVE-2015-5122
MD5 | 46fe95b7200053c30eae55ca1369b78f
TOR Virtual Network Tunneling Tool 0.2.6.10
Posted Jul 13, 2015
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor version 0.2.6.10 fixes some significant stability and hidden service client bugs, bulletproofs the cryptography init process, and fixes a bug when using the sandbox code with some older versions of Linux. Everyone running an older version, especially an older version of 0.2.6, should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 04f919e7882d1ca80f835545af562bad
Western Digital Arkeia Remote Code Execution
Posted Jul 13, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to execute arbitrary commands with root or SYSTEM privileges. The daemon is installed on both the Arkeia server as well on all the backup clients. The module has been successfully tested on Windows, Linux, OSX, FreeBSD and OpenBSD.

tags | exploit, arbitrary, root, tcp, code execution
systems | linux, windows, freebsd, openbsd, apple
MD5 | ebae27aa7c351921d3e11dbd4a53e360
GNU Transport Layer Security Library 3.3.16
Posted Jul 13, 2015
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This is a bug fix release.
tags | protocol, library
MD5 | c2143db71a57248f7bdb2fb6acd6b567
Western Digital Arkeia 11.0.13 Remote Code Execution
Posted Jul 13, 2015
Authored by xistence

Western Digital Arkeia versions 11.0.12 and below suffer from a ARKFS_EXEC_CMD remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | c500356f0437fdc6b8b7135c840dbb1c
WordPress WP-SwimTeam 1.44.10777 Arbitrary File Download
Posted Jul 13, 2015
Authored by Larry W. Cashdollar

WordPress WP-SwimTeam plugin version 1.44.10777 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 63c376200816d705ddb639d1ae9615ff
HP Security Bulletin HPSBGN03373 1
Posted Jul 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03373 1 - A potential security vulnerability has been identified with HP Release Control running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | a60eb1bd661285be1fbe10e9586568c7
Gentoo Linux Security Advisory 201507-12
Posted Jul 13, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-12 - A buffer overflow in libcapsinetwork might allow remote attackers to cause a Denial of Service condition. Versions less than or equal to 0.3.0-r2 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2015-0841
MD5 | d1ccbb81ac94da13484d5a2040ba667f
Cisco Security Advisory 20150710-openssl
Posted Jul 13, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication. Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability may be available.

tags | advisory, remote
systems | cisco
MD5 | dfe8fec3c22a94a802114804b2969e1e
HP Security Bulletin HPSBGN03351 2
Posted Jul 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03351 2 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-4000
MD5 | 7a80121adc98485bb2df53e552cfc8a3
ZenPhoto 1.4.8 XSS / SQL Injection / Traversal
Posted Jul 13, 2015
Authored by Tim Coen

ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
MD5 | a152c97ff53b04368572681b68d6275a
Passwords 2015 Call For Papers
Posted Jul 13, 2015
Site passwordscon.org

Passwords 2015 has announced its Call For Papers. It will take place December 7th through the 9th, 2015 at the University of Cambridge, United Kingdom.

tags | paper, conference
MD5 | 071787a1ec70a23ed660911e2930ac7d
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close