Exploit the possiblities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2015-09-10

Faraday 1.0.14
Posted Sep 10, 2015
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Removed old couchdb upgrade process. Refactored GUI Web. Various other updates and additions.
tags | tool, rootkit
systems | unix
MD5 | 9f8a930030bbbfb62072154661caa1b3
DataTables 1.10.8 Cross Site Scripting
Posted Sep 10, 2015
Authored by Onur YILMAZ

DataTables version 1.10.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6584
MD5 | 408d9c26f1f6774ab3cf3964b9a0977c
Bugzilla Unauthorized Account Creation
Posted Sep 10, 2015
Authored by Frederic Buclin, Byron Jones, Netanel Rubin | Site bugzilla.org

Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.

tags | advisory
advisories | CVE-2015-4499
MD5 | 53df4eefd8d46a7e139089eeb1c05da4
Raritan PowerIQ Default Accounts
Posted Sep 10, 2015
Authored by Brandon Perry

Raritan PowerIQ ships with three default backdoor credentials left in.

tags | exploit
MD5 | 01046bb950c07865832145771f1e513e
Android Stagefright Remote Code Execution
Posted Sep 10, 2015
Authored by jduck

Android Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling.

tags | exploit, remote, overflow, code execution
advisories | CVE-2015-1538
MD5 | 5b9784faf12b2c54976352d6be571091
SAP Mobile Platform 3 XXE Injection
Posted Sep 10, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. An attacker can perform a DoS attack (for example, XML Entity Expansion). An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access.

tags | exploit, java, arbitrary, vulnerability
advisories | CVE-2015-5068
MD5 | 657faf02c150c84915a87df7ddc595dd
HP Security Bulletin HPSBOV03505 1
Posted Sep 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, tcp, vulnerability
advisories | CVE-2013-5211, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
MD5 | 509857457f500e317efd338ea6b2b9b2
Synology Download Station 3.5-2956 / 3.5-2962 Cross Site Scripting
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | linux
MD5 | a796d2461c7e924ed0d96630e9e71583
Synology Video Station 1.5-0757 Command Injection / SQL Injection
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2d70ccd0c21c161323f8483a0c458393
HP Security Bulletin HPSBGN03504 1
Posted Sep 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03504 1 - Potential security vulnerabilities have been identified in HP UCMDB which would allow local disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, local, vulnerability
advisories | CVE-2015-5440
MD5 | 588219b676305dabfbebcdfd7af7b146
SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials
Posted Sep 10, 2015
Authored by Diana Grigorieva, Rustem Gazizov

An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the NetWeaver AS ABAP. In addition, it is likely that the code will be implemented into the system as a backdoor.

tags | exploit
MD5 | 7a428a49e9f2f40459be8f702879d99b
SAP NetWeaver AS FKCDBFTRACE ABAP Hardcoded Credentials
Posted Sep 10, 2015
Authored by Diana Grigorieva, Rustem Gazizov

SAP NetWeaver AS ABAP contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed.

tags | exploit
MD5 | 0d8e2bb51994ef4309298804d75a3eb9
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close