exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files Date: 2016-05-06

Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
Posted May 6, 2016
Authored by Google Security Research, Sven Blumenstein

Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.

tags | exploit, remote, vulnerability, protocol
advisories | CVE-2007-0932, CVE-2014-7299, CVE-2016-2031, CVE-2016-2032
SHA-256 | 3a3494bcdbe8f6b8c31c2a7fca58aaa5c1af0d80362f0ec65e759ae54b68b2ac
ImageMagick Delegate Arbitrary Command Execution
Posted May 6, 2016
Authored by wvu, Nikolay Ermishkin, hdm, stewie | Site metasploit.com

This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.

tags | exploit, shell
systems | linux, unix, bsd, apple, osx
SHA-256 | b4c6b0e7acc235fa1688e82fff7eedb021357977c009bfb8d3faf0171a733bf1
Ruby on Rails Development Web Console (v2) Code Execution
Posted May 6, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution feature of the Ruby on Rails framework. This feature is exposed if the config.web_console.whitelisted_ips setting includes untrusted IP ranges and the web-console gem is enabled.

tags | exploit, remote, web, code execution, ruby
SHA-256 | 5ca760de5b992f66e42849ecba672747e9368e98103288a44aa0f05280828b67
HP Security Bulletin HPSBMU03584 1
Posted May 6, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03584 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization and other vulnerabilities have been addressed by HPE Network Node Manager I (NNMi). These vulnerabilities could be remotely exploited resulting in arbitrary code execution, authentication bypass, Cross-Site Scripting (XSS), disclosure of information, or unauthorized access. Revision 1 of this advisory.

tags | advisory, java, arbitrary, vulnerability, code execution, xss
advisories | CVE-2012-6153, CVE-2014-3577, CVE-2016-2009, CVE-2016-2010, CVE-2016-2011, CVE-2016-2012, CVE-2016-2013, CVE-2016-2014
SHA-256 | 6932fc27d76b223b26811fd1c8109ff2788f5efa3128f0e68d7559f74346f341
Debian Security Advisory 3570-1
Posted May 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3570-1 - Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2016-3105
SHA-256 | 5ee35477cc8c27ba9e76dbf6cf3f79be71dfe919bab4cfba87ba09a641932ade
Apple Security Advisory 2016-05-03-1
Posted May 6, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-03-1 - Xcode 7.3.1 is now available and addresses a heap-based buffer overflow vulnerability.

tags | advisory, overflow
systems | apple
advisories | CVE-2016-2315, CVE-2016-2324
SHA-256 | de7ad5b8d22c9f8865c6a0c295ca9fbf8e157d1ed947788a5de45f67ca0e0e1e
Faraday 1.0.19
Posted May 6, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Open services count to Hosts list in WEB UI. Improved zsh integration. Various other updates and improvements.
tags | tool, rootkit
systems | unix
SHA-256 | 8e785b00507681b7c2585044c035db5d62dd4e8fd2d90d57728b3e238f817d7a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close