exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-03-28

BMC Server Automation (BSA) RSCD Agent Unauthorized Password Reset
Posted Mar 28, 2016
Site bmc.com

A security vulnerability has been identified in BMC Server Automation (BSA) RSCD Agent on the Linux/Unix platforms. The vulnerability allows unauthorized remote password resets on a target server by using the Remote Procedure Call (RPC) API of the RSCD Agent. Windows agents are not affected. The flaw has been confirmed to exist in the following versions of BSA on Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.

tags | advisory, remote
systems | linux, windows, unix
advisories | CVE-2016-1543
SHA-256 | 42a2cfa91a915ec32a779d0c3890bb6f351677f99bf1f8a691f39f542b36877b
BMC Server Automation (BSA) RSCD Agent User Enumeration
Posted Mar 28, 2016
Site bmc.com

A security vulnerability has been identified in BMC Server Automation (BSA) RSCD Agent on the Linux/Unix platforms. The vulnerability allows unauthorized remote user enumeration on a target server by using the Remote Procedure Call (RPC) API of the RSCD Agent. Windows agents are not affected. The flaw has been confirmed to exist in the following versions of BSA on Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.

tags | advisory, remote
systems | linux, windows, unix
advisories | CVE-2016-1542
SHA-256 | a506801b86750add5af2274f8925103e410c0309f514ee92ee12876afa8dc6fe
Cogent Datahub 7.3.9 Privilege Escalation
Posted Mar 28, 2016
Authored by mr_me

Cogent Datahub versions 7.3.9 and below suffer from a gamma script elevation of privilege vulnerability.

tags | exploit
advisories | CVE-2016-2288
SHA-256 | 2ae65153dc3e6b35a12d5c12ec5b362b36f6d464768f9bdd2c17bc2d18c1e488
TallSoft SNMP TFTP Server 1.0.0 Denial Of Service
Posted Mar 28, 2016
Authored by Charley Celice

TallSoft SNMP TFTP server version 1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f8935126d59fd833b21b23b2631bd40d708bec744aa6ed525ed4cb088eb59e3a
SSLsplit 0.5.0
Posted Mar 28, 2016
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Added separate src/dst host and port format specifiers. Added signal SIGUSR1 to re-open long-living -l/-L log files. Removed all references to SHA-1 and small key RSA root CA keys from documentation, examples and unit testing. Various other updates and additions.
tags | tool, encryption
SHA-256 | 3eb13c1d0164bf04e7602d9fc45ef7460444b953efaee3ee7d52c357adb3a89a
Debian Security Advisory 3532-1
Posted Mar 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3532-1 - Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-2342
SHA-256 | cef9d895c39bbbb7661a16e382b449ce003efe7088ec7a48f82bdd410511a3ac
Trend Micro Deep Discovery Inspector 3.7 / 3.8 CSRF
Posted Mar 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Deep Discovery versions 3.7 and 3.8 suffer from multiple cross site request forgery vectors. If an authenticated user visits a malicious webpage attackers will have ability to modify many settings of the Deep Discovery application to that of the attackers choosing.

tags | exploit, csrf
SHA-256 | 4fcbc0ecd161f07f84b6f494716b66c2911b8b6d48a5b8ad3ba321fb4be6f363
IP-Array IPTables Firewall Script 1.2.2
Posted Mar 28, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: This is a bugfix only release. One critical, a few major, and some minor bugs have been fixed.
tags | tool
systems | linux, unix
SHA-256 | 4c747ff421514b04d85a245812dc63289687125e8c22e296fad9d732501c0200
IPSet List 3.5.1
Posted Mar 28, 2016
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Added option -Gp. Added an install and an uninstall script. Various other fixes.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | a91e75b6cb8cb107cb890a35522795d33084b9d4aeb07cc15981c44268ec81ef
WordPress Photocart Link 1.6 Local File Inclusion
Posted Mar 28, 2016
Authored by CrashBandicot

WordPress Photocart Link plugin version 1.6 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 937709f095f23ded1eeaf31ad1fcacb2a5ca7bf97b91f27583ad59fa470cbd8f
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion
Posted Mar 28, 2016
Authored by CrashBandicot

WordPress IMDb Profile Widget plugin version 1.0.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 835851d014df83981e56e6c795a9db667207a83a17e80527deb4d2c78d0726b7
WordPress Visual Form Builder 2.8.6 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Visual Form Builder plugin version 2.8.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d59e3708a15b9db6b5b606ae383991ce223d12827956904e28faeeec5f087565
WordPress Music Store 1.0.41 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Music Store plugin version 1.0.41 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 988d284d6c1d709b5bfdd283880cfa6381231da2fee67fe96e8305120928fdf6
WordPress CloudFlare 1.3.20 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress CloudFlare plugin version 1.3.20 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 391af5fb920c77241b88831fa068d1fc2401dad6b87cddb277f854c56fc39923
WordPress Claptastic Clap! Button 1.3 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Claptastic Clap! Button plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ce6b8f7bed87ddff3fd682d9b53ada66633787541bcc3983e301782d06ce59c9
Adobe Flash PCRE Regex Complication Logic Issue
Posted Mar 28, 2016
Authored by Google Security Research, markbrand

There's a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-0318
SHA-256 | 7634c378b901e854196bb2c6638f9cdaaeebb56a0a8e8bedc196af24d7ed49f8
C2Box 4.0.0(r19171) Validation Bypass
Posted Mar 28, 2016
Authored by Harish Ramadoss

C2Box versions 4.0.0(r19171) and below suffer from a validation bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2015-4626
SHA-256 | bc375d41b3055dd7d57b4dcb888c8376a80e14b7eb5b23111b255db7bf853cad
Linux x86 / x64 execve(/bin/bash) Shellcode
Posted Mar 28, 2016
Authored by Ajith KP

33 bytes small Linux x86 / x64 execve(/bin/bash) shellcode.

tags | x86, shellcode, bash
systems | linux
SHA-256 | aee8c9a799a98ddea14c91ece59e18500b71170c825b60cb95d6220e8f654553
D-Link DVG-5402SP CSRF / Brute Force
Posted Mar 28, 2016
Authored by MustLive

D-Link DVG-5402SP with firmware RU_1.01 suffers from brute force and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | c8410e7fa996a726bd780808ee545d5c8187522011902a3d7b92ba00281dcef9
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close