what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-03-24

SnappingTurtle: A Web Exploitation Tool
Posted Mar 24, 2016
Authored by John Leitch

This is a cross platform web exploitation tool written in Aphid and compiled into Python. Currently supports exploitation of PHP local file inclusion and SQL injection with more on the way.

tags | tool, web, local, php, sql injection, python, file inclusion
systems | unix
SHA-256 | 95b04c51ae4075a56716ce0a231f64be1caf216efe3d1a1e359c795e51ab9309
innovaphone IP222 11r2 sr9 Brute Force
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.

tags | exploit, web
SHA-256 | 5a2d36d564fe004b8101678bcdc007666e0547fe8e23b7a50847efbc69680872
innovaphone IP222 11r2 sr9 Download Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, web, denial of service, code execution
SHA-256 | 082b8f3575ba36bdc1044ed8d817104a1afb0c9d70e9163c8f9dfb60e5762b1a
innovaphone IP222 UDP Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, denial of service, udp, code execution, protocol
SHA-256 | cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931
WordPress WP External Links 1.80 Cross Site Scripting
Posted Mar 24, 2016
Authored by Vulnerability Laboratory, Cr4sh.0x | Site vulnerability-lab.com

WordPress WP External Links plugin version 1.80 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a34f4538a4c9325151bde2437a0e1686850704ddc19ef3969368b127aefe3005
Fortigate Backdoor Password Calculator
Posted Mar 24, 2016
Authored by Rishabh Dangwal

Simple python exploit that can be used to calculate the Fortigate backdoor password.

tags | exploit, python
SHA-256 | 15a07d650ef557b68a8c9bfe847dca4bd3934895f748d892ea6a2e85799567ab
Red Hat Security Advisory 2016-0505-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0505-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | a1ca5928df39cb93e5323cf513904cadd1eb4b2f8c76a22cc183665fdfe1876e
Red Hat Security Advisory 2016-0504-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0504-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 4d9f12390d17cfb48c176e56fd2deb47dc08e4eb92697c37cbabba1894266fc4
Red Hat Security Advisory 2016-0503-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0503-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 2b210d3a0fe1ec9873d9ca62c55bcc92f3674b8cc9e52134deee2ac826dba811
Red Hat Security Advisory 2016-0506-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0506-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 6579e5164b0a670658eaf58886c8b7e956d9a10588eaf80409b2278e764907f1
Ubuntu Security Notice USN-2941-1
Posted Mar 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2941-1 - Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2236, CVE-2016-2342
SHA-256 | dec0b6f9f3b35d3f8a8eb68d683beaa94258a1981f7ede3d89ddbda7fc3e091b
Debian Security Advisory 3527-1
Posted Mar 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3527-1 - It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-8702
SHA-256 | 0c471d8a4de27f2d477db379d20ed1b3dead807fc656a8246c90808e350edb27
Red Hat Security Advisory 2016-0502-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0502-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | fa247c02810e535d2829b461b7194a04d55af8567128c85df54d40410db78361
Lithium Social CRM Cross Site Scripting
Posted Mar 24, 2016
Authored by Imran Khan

Lithium Social CRM suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a18da3f5595beb53e777d77a8b0b21e525275684e4d53d1f380bce583bcfac5d
Linux x86 / x64 execve(/bin/sh) Shellcode
Posted Mar 24, 2016
Authored by Ajith KP

26 bytes small Linux x86 / x64 execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 4c116af0bc676da16ac382741a46e78372acdbb48ff74e3d67d5bcc8b53e22a6
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close