exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2015-10-02

FTGate 2009 SR3 Cross Site Scripting
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 99a355c0ad599328abceaf0fae609ea435adbf8015e3bff1bf74e184f3f138db
FTGate 7 Cross Site Request Forgery
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate version 7 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | fd79666db0bf16b4789a4b47b07c05cca8adffccf0476cac004649e4884f28ce
Kaseya VSA uploader.aspx Arbitrary File Upload
Posted Oct 2, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

tags | exploit, arbitrary, code execution, asp, file upload
advisories | CVE-2015-6922
SHA-256 | a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7d
Zemra Botnet CnC Web Panel Remote Code Execution
Posted Oct 2, 2015
Authored by Angel Injection, Jay Turla, Darren Martyn | Site metasploit.com

This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.

tags | exploit, web
SHA-256 | bba4847d938e70eaa639f5ffbd593428a114739a4c9d9e43f69cba60825e2b73
Simple Backdoor Shell Remote Code Execution
Posted Oct 2, 2015
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.

tags | exploit, web, shell
SHA-256 | 96b4d85b82093a7747d2255737fa73cdfabac010e4e6a0f9042ac20b0cd78d73
Ubuntu Security Notice USN-2760-1
Posted Oct 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2760-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5707, CVE-2015-6252, CVE-2015-6526
SHA-256 | de3aa6e0975c435774afaabe129529eb031c77093f69aba45a8407301df84c59
Ubuntu Security Notice USN-2759-1
Posted Oct 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2759-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-5707, CVE-2015-6252, CVE-2015-6526
SHA-256 | 9d78cf9adfdb9b807b2e11fb63d2b4a4d51e2a604a147c8dffa40b63b82e8695
Red Hat Security Advisory 2015-1855-01
Posted Oct 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1855-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2014-3583
SHA-256 | c25e7045b536f19c343d2600ad2915983486d7c873edd073a86e8cdca2e369eb
Red Hat Security Advisory 2015-1858-01
Posted Oct 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1858-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2014-3583
SHA-256 | 712e6d3176d4b8c7d8231b6c2b1bdc3883253130045828a63bb0aff667e368a3
HP Security Bulletin HPSBPV03516 1
Posted Oct 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV03516 1 - A potential security vulnerability has been identified with the HP VAN SDN Controller running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of privileged information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-8730
SHA-256 | 41cd8f970b7548eb328909f254534afe096b9c71850212470c70d52bff9245a8
FTGate 2009 SR3 Denial Of Service
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
SHA-256 | e6e80901955db70c66f85b1993add77b2f95a830c53fd9a14093f98da5087ebe
Bosch Security Systems Dinion NBN-498 XML Injection
Posted Oct 2, 2015
Authored by neom22

The Bosch Security Systems Dinion NBN-498 web interface suffers from an XML injection vulnerability.

tags | exploit, web, xxe
advisories | CVE-2015-6970
SHA-256 | a12d29591883d284d568f0ad1d6260eb088acdb48fe2604e353eb253983126e0
PIXORD Vehicle 3G Wi-Fi Router Command Injection / Information Disclosure
Posted Oct 2, 2015
Authored by Karn Ganeshen

PIXORD Vehicle 3G Wi-Fi Router suffers from OS command injection, information disclosure, and various other vulnerabilities.

tags | exploit, info disclosure
SHA-256 | 03ad30f1f842d6ddf4697f5efd5ca3278bb8272bd2d539ab9c4945bec0b34bfa
FTGate 2009 SR3 Cross Site Request Forgery
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate 2009 SR3 May 13 2010 Build 6.4.00 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 6e925b84a783858a7d7e6b12219a361993b2ff36e6cac576b107f6ef30aea172
Tempracer Windows Race Condition Tool
Posted Oct 2, 2015
Authored by Alexander Georgiev

This tool helps exploit race conditions on Windows filesystems.

systems | windows
SHA-256 | 8137e809133703f08cdb5ca2bd6d5f144e36bcc1c8b2078fe6f661dd28646725
WinRAR Settings Import Command Execution
Posted Oct 2, 2015
Authored by R-73eN

WinRAR settings import command execution proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | dac679a571be8faa5e8774fd313bbbc45be49a86dc7067b4c95eb95ccfeabdea
vCenter Java JMX/RMI Remote Code Execution
Posted Oct 2, 2015
Authored by David Stubley | Site 7elements.co.uk

VMware vCenter Server provides a centralized platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with access can abuse the configuration to achieve remote code execution, providing SYSTEM level access to the server.

tags | advisory, remote, code execution
advisories | CVE-2015-2342
SHA-256 | 10390f727e34027dc5042e78df6a093644dcc4e778d7b8da10844696d32650b1
Pygments FontManager._get_nix_font_path Shell Injection
Posted Oct 2, 2015
Authored by Javantea

Pygments FontManager._get_nix_font_path version 1.2.2-2.0.2 suffers from a shell injection vulnerability.

tags | advisory, shell
SHA-256 | 3397a1c355830a482e027b8cd95b6bf167ba0bb49d1180a4c3f8616aa279a2e4
Telegram Denial Of Service / Bypass Limit
Posted Oct 2, 2015
Authored by Eduardo Alves

Telegram suffers from various vulnerabilities such as denial of service and time limit bypass.

tags | exploit, denial of service, vulnerability, bypass
SHA-256 | 1dc735240d34d31b30cc38d165446cf8c0d032383f52204d8ecec2fb7ef28f34
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close