Exploit the possiblities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2015-12-08

Microsoft Office / COM Object DLL Planting With Els.dll
Posted Dec 8, 2015
Authored by Google Security Research, scvitti

It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.

tags | exploit, proof of concept
systems | linux, windows, 7
advisories | CVE-2015-6128
MD5 | 94387353b752607c2ee09cf93bb87bb2
dotCMS 3.2.4 CSRF / XSS / Open Redirect
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | cc07e16add389395e30e5f8a14e9d438
Microsoft Security Bulletin Summary For December, 2015
Posted Dec 8, 2015
Site microsoft.com

This bulletin summary lists twelve released Microsoft security bulletins for December, 2015.

tags | advisory
MD5 | 416a7c6035e8f8df280cd48b094d0999
Red Hat Security Advisory 2015-2579-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2579-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 3ca2a0831a4fe8a084739671c3095fb8
Red Hat Security Advisory 2015-2578-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2578-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 735dd0d4f95c82c1dbf2d34bc089654c
ASP Dynamika 2.5 Cross Site Scripting
Posted Dec 8, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
MD5 | c9b04b24328d128f04a3a0978d658dc4
oclHashcat for AMD 2.01
Posted Dec 8, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Various updates.
tags | tool, cracker
MD5 | d0dedd948e233137b29370b1f911be06
oclHashcat For NVidia 2.01
Posted Dec 8, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Various updates.
tags | tool, cracker
MD5 | c5916cbe34de650a76fcc90ed290fad7
Packet Fence 5.5.2
Posted Dec 8, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed circular dependency. Various other updates.
tags | tool, remote
systems | unix
MD5 | 4fde9e12a8aa5b44e2e576a8dd489652
phpFileManager 0.9.8 Remote Code Execution
Posted Dec 8, 2015
Authored by Jay Turla, hyp3rlinx | Site hyp3rlinx.altervista.org

This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

tags | exploit, remote, code execution
MD5 | fb8ce639c13abf9025e14404d222a6e0
Red Hat Security Advisory 2015-2551-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2551-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information.

tags | advisory, web, local, ruby
systems | linux, redhat
advisories | CVE-2015-7502
MD5 | 5b727d9a0d2866abd7cbf793a6e98cd9
Red Hat Security Advisory 2015-2561-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2561-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.

tags | advisory, remote, arbitrary
systems | linux, redhat
MD5 | 94449f053fe6b8159bd870c2cf81ebb8
Red Hat Security Advisory 2015-2552-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2552-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | 7565ce49f3b56e667e33f9ac550d1c80
OpenMRS 2.3 (1.11.4) XXE Injection
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be exploited to e.g. disclose data from local resources or cause a DoS condition (billion laughs) via a specially crafted XML file including external entity references.

tags | exploit, local
MD5 | dbc7fb7da2ab0a362033feaa41f76b08
OpenMRS 2.3 (1.11.4) Expression Language Injection
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from an expression language injection vulnerability that can lead to arbitrary java code being executed.

tags | exploit, java, arbitrary
MD5 | f8bba67e6e7c072452ba429cd12315cd
OpenMRS 2.3 (1.11.4) Cross Site Scripting
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 121bd85bb8a6da48bc29a5521404ca41
SHAREit WebShare 2.3.80 Cross Site Scripting
Posted Dec 8, 2015
Authored by Mahdi.Hidden

SHAREit WebShare version 2.3.80 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 28a00293acd7c5cb4049d65a04067ad4
OpenMRS 2.3 (1.11.4) Local File Disclosure
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from a local file disclosure vulnerability.

tags | exploit, local
MD5 | f31cea71dbb1bc43e1defd9056092f10
sysPass 1.1.2.23 Cross Site Scripting
Posted Dec 8, 2015
Authored by Daniele Salaris

sysPass versions 1.1.2.23 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6488692414f2d6f4dda79af710325b6e
PHP Utility Belt Remote Code Execution
Posted Dec 8, 2015
Authored by WICS

PHP Utility Belt suffers from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
MD5 | eae323af43ebea1ae4693c8a64386598
JRSoft InnoSetup DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

JRSoft InnoSetup executable installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 55adf916340c35736cb747365753c9f4
NSIS DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

The executable installer for Nullsoft Scriptable Install System suffers from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 9b284c9a2e6ae839d39a10aa18a384ed
VLC DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

The executable installer for the VideoLAN Client suffers from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | be1131fd74ec7ad7372ec7381c7b2a56
SumatraPDF DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

SumatraPDF suffers from multiple DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 7c4d2f5718bcd72c18b79d9ff6581a6a
YesWiki 1 / 2 File Upload / Directory Traversal
Posted Dec 8, 2015
Authored by indoushka

YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
MD5 | e17c9fd65b614a884bf6e4f1386e932c
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close