what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-10-06

Truecrypt 7 Privilege Escalation
Posted Oct 6, 2015
Authored by Google Security Research, forshaw

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token which allow a user to inspect and potentially manipulate other users mounted encrypted volumes on the same machine.

tags | exploit, local
systems | linux, windows
advisories | CVE-2015-7359
SHA-256 | b9912959dea9864927e9d66a4186b8a6617c45745645d5b82d3eaab9bff7b6aa
OpenSCAP Libraries 1.2.6
Posted Oct 6, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | tool, protocol, library
systems | unix
SHA-256 | 95f2345e041e9ba838ad8065b68ce0ec4b0971d7afc72d601489236bbfc0c652
OpenDNSSEC 1.4.8.2
Posted Oct 6, 2015
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Support for RFC5011 style KSK rollovers. New repository option AllowExtraction in Enforcer allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.
tags | tool
systems | unix
SHA-256 | 7fd553ee39173e807477ed1daff6ee2f8b1c83875cd2e52a1df3315bf0015513
Distro Checker 1.0.1
Posted Oct 6, 2015
Authored by Francisco Amato | Site blog.infobytesec.com

Distro Checker is a tool written for doing cross distribution exploit testing.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 022a90231764ed9b0e48572c61d2794b93fa205b0a56e7db376cd45c213afd39
Faraday 1.0.15
Posted Oct 6, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Hosts and Services views now have pagination and search. Continuous Scanning Tool cscan added to ./scripts/cscan. Added sections of Commercial versions. Various other updates and additions.
tags | tool, rootkit
systems | unix
SHA-256 | ec2e393341678fc93eb61c1bbf9cdc6a0b41885d9bbd93b0417173fe657a7509
PHP-Fusion 7.02.07 Blind SQL Injection
Posted Oct 6, 2015
Authored by Manuel Garcia Cardenas

PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.

tags | exploit, remote, php, sql injection
SHA-256 | 2d3631f3cae71c6c00737d58613810035ce43dc14bb280fe68f78f41a9cf3de0
LanSpy 2.0.0.155 Buffer Overflow
Posted Oct 6, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2e17ea86e3b7e6207891ab7629ef137a4bc24466fafb4299bf5316035b1c6609
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2015-7669
SHA-256 | 89fef2eb1e9eb1f0402391f86cf88a6187cef6759d3a1f9cfc03b88f6af502f4
WordPress Easy2Map 1.2.9 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7668
SHA-256 | 2ceebaff32ed86949d742881d73497aeba9a509039ce1ebe306fea28e73f3d99
WordPress ResAds 1.0.1 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7667
SHA-256 | 77dc179cb529b870639eb019931596493779f2f1e32d9bd99a03db17385a4abc
Ubuntu Security Notice USN-2753-3
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2753-3 - USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the problem. Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 26cfe085202e157543b578b53dca21709f264378e7890dda1284be96782f45a5
Ubuntu Security Notice USN-2765-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2765-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
SHA-256 | a12bd71a124e85e19f3a788a1278f193e178fe0de50b7d32497e92e8abeb282c
Ubuntu Security Notice USN-2764-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2764-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
SHA-256 | 84a1b1a86737830a22b5fbcfdec9a5049d08aa63490d2fee1fbb64f43b8f8e13
Ubuntu Security Notice USN-2763-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2763-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
SHA-256 | 17ffac8653fbca12a326ebe188931aa55a7af3f3908f2c68ec9bdf4b050405a8
Ubuntu Security Notice USN-2762-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2762-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
SHA-256 | 557d0378bcacaae31e66c9113d740c1cdcdd9aa403663541c724caadcc60c003
Ubuntu Security Notice USN-2761-1
Posted Oct 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2761-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7613
SHA-256 | a921843058fb9a0df6031304ccdc763cd2c1f7532bf2b29ed722f2386692514c
WordPress Payment Form For PayPal Pro 1.0.1 XSS
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7666
SHA-256 | 2007df90ba493db7564966a60dc98a55c84ad721b9f2fc60ceb9f46ac334c43e
Liferay Portal 6.2 EE SP13 Cross Site Scripting
Posted Oct 6, 2015
Authored by Tim Schughart

Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e137181199945439684e4ea7bf1d423e31ddc64173fd464c512550a84430d277
SourceBans 1.4.11 Cross Site Scripting
Posted Oct 6, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-8349
SHA-256 | 8bf06e8406bad27f08f2a97b4717d95fd3058836c68b4f936b0f9829a5665589
ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal
Posted Oct 6, 2015
Authored by xistence

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | f8c2df4202c241dffb8fdf7f5b2b23f85c16dc7b6036aaef2466f7f1c632fa98
Cisco AnyConnect Secure Mobility Client 3.1.08009 Privilege Elevation
Posted Oct 6, 2015
Authored by Google Security Research, forshaw

Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command.

tags | exploit, local
systems | cisco, linux
advisories | CVE-2015-6305
SHA-256 | d8d8aba2be2bbe07e77874ac6db9c506cab1e1e1d4012296e7b37ab6841902a0
ZTE ZXHN H108N 3.3.0_MU CWMP Configuration Disclosure
Posted Oct 6, 2015
Authored by Todor Donev

ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.

tags | exploit
SHA-256 | 2a0797ba5acfc3ee0289de8d4ef17774c784e1c02fafa0180d9adb61c382dae0
Callisto 821+R3 Cross Site Request Forgery
Posted Oct 6, 2015
Authored by MustLive

Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | af4316b3fe76f674686548d0a61b7526220457c2d325ea722aa52b51a1102270
WordPress U-Design Theme 2.7.9 Cross Site Scripting
Posted Oct 6, 2015
Authored by K3n4ng

WordPress U-Design theme versions 2.3.0 through 2.7.9 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-7357
SHA-256 | a5fc153165fd8d5c3958ae8834b300fae1a0c7d6555f1e09c398f2b74c1082ae
Shell Shock Auto Exploitation Script
Posted Oct 6, 2015
Authored by Rafay Baloch

This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.

tags | exploit, tool, python
SHA-256 | 394a7921e89370c9d46b7105136fa1e127f06fefe2c6d6a4c8bb66f41b592170
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close