Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

Files Date: 2016-05-06

Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
Posted May 6, 2016
Authored by Google Security Research, Sven Blumenstein

Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.

tags | exploit, remote, vulnerability, protocol
advisories | CVE-2007-0932, CVE-2014-7299, CVE-2016-2031, CVE-2016-2032
MD5 | 79bbcc053b93555ca4f82417addfb3ca
ImageMagick Delegate Arbitrary Command Execution
Posted May 6, 2016
Authored by wvu, Nikolay Ermishkin, hdm, stewie | Site metasploit.com

This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.

tags | exploit, shell
systems | linux, unix, bsd, apple, osx
MD5 | 673c4b90719c9b8a377e4c72d8396c29
Ruby on Rails Development Web Console (v2) Code Execution
Posted May 6, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution feature of the Ruby on Rails framework. This feature is exposed if the config.web_console.whitelisted_ips setting includes untrusted IP ranges and the web-console gem is enabled.

tags | exploit, remote, web, code execution, ruby
MD5 | d0edf8ed42e473bd899ea40ae4b535e7
HP Security Bulletin HPSBMU03584 1
Posted May 6, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03584 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization and other vulnerabilities have been addressed by HPE Network Node Manager I (NNMi). These vulnerabilities could be remotely exploited resulting in arbitrary code execution, authentication bypass, Cross-Site Scripting (XSS), disclosure of information, or unauthorized access. Revision 1 of this advisory.

tags | advisory, java, arbitrary, vulnerability, code execution, xss
advisories | CVE-2012-6153, CVE-2014-3577, CVE-2016-2009, CVE-2016-2010, CVE-2016-2011, CVE-2016-2012, CVE-2016-2013, CVE-2016-2014
MD5 | 422ccebcbc7205e90c1150a56290f2b9
Debian Security Advisory 3570-1
Posted May 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3570-1 - Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2016-3105
MD5 | e5892b46ecd160c44eea72ecfcc123e5
Apple Security Advisory 2016-05-03-1
Posted May 6, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-03-1 - Xcode 7.3.1 is now available and addresses a heap-based buffer overflow vulnerability.

tags | advisory, overflow
systems | apple
advisories | CVE-2016-2315, CVE-2016-2324
MD5 | f9b8bc1dabb1d23d58121349e25a256c
Faraday 1.0.19
Posted May 6, 2016
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Open services count to Hosts list in WEB UI. Improved zsh integration. Various other updates and improvements.
tags | tool, rootkit
systems | unix
MD5 | c28176f8588d2157caddd9125a51be58
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close