Twenty Year Anniversary
Showing 1 - 8 of 8 RSS Feed

Files Date: 2016-04-09

DotCMS 3.5 Beta Cross Site Scripting
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 50386f30837ec7b4648f8f918fd0242e
DotCMS 3.5 Beta Directory Traversal
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 76d97ec3f16133075cd60a3bb87edfc0
ExaGrid Known SSH Key / Default Password
Posted Apr 9, 2016
Authored by egypt | Site metasploit.com

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.

tags | exploit, remote, root
advisories | CVE-2016-1560, CVE-2016-1561
MD5 | 3fbd7e79c9e739bd3384bf1e8d1cadf6
PostgreSQL CREATE LANGUAGE Execution
Posted Apr 9, 2016
Authored by Micheal Cottingham, midnitesnake, Nixawk | Site metasploit.com

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.

tags | exploit, perl, python
systems | linux, windows, apple, osx
MD5 | 3c81d94f69a7a70e2c856b1c3cb07ab0
Android IOMX getConfig/getParameter Information Disclosure
Posted Apr 9, 2016
Authored by Google Security Research, forshaw

The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.

tags | exploit, info disclosure
systems | linux
advisories | CVE-2016-2417
MD5 | 66e59acf2d705f1b7f2bf56ae18ab2a5
Android IMemory Native Interface Insecure IPC Use
Posted Apr 9, 2016
Authored by Google Security Research, forshaw

The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.

tags | exploit, arbitrary, info disclosure
systems | linux
advisories | CVE-2016-0846
MD5 | ec093c2a518746cb8fe96c41275efde3
Hikvision Digital Video Recorder Cross Site Request Forgery
Posted Apr 9, 2016
Authored by LiquidWorm | Site zeroscience.mk

Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ca3b7aec5d618bd60ac4bc8866bce554
JAWS 13 Privilege Escalation
Posted Apr 9, 2016
Authored by Gregory Heimbuecher

A local privilege escalation vulnerability has been identified in the JTVNCProxy Windows service in JAWS version 13.0 and earlier. When installed, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. It should be noted that this vulnerability is not present in versions of JAWS from version 14 onwards.

tags | advisory, local
systems | windows
MD5 | 81d8b05d70ef8e08d2b3a76c9f5ff3e2
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close