exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-05-24

Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
SHA-256 | 472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65f
Ubuntu Security Notice USN-2984-1
Posted May 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2984-1 - It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-8865, CVE-2016-3078, CVE-2016-3132, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
SHA-256 | 264cfc8cd7257e3fdc5b3ecb5d21a1ddea22e0c427eef2997d33a60a1c152159
HP Security Bulletin HPSBGN03605 1
Posted May 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03605 1 - A potential vulnerability has been identified in HPE Service Manager. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-2025
SHA-256 | d65b75f5ab641a72a1689f928cc8b1e48e6eab3b06ac1c7255f27b9bc4141865
Ubiquiti airOS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, 93c08539 | Site metasploit.com

This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.

tags | exploit, root, file upload
SHA-256 | bb35dd847b4006bfddf6670aa0099dfa601022d89cda1ae234b032fd32276366
PowerFolder 10.4.321 Remote Code Execution
Posted May 24, 2016
Authored by Hans-Martin Muench

PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | 0f0efada160c1447152adc09401bed6a535c764c9ce9e56f17fa7b105821aa98
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
Posted May 24, 2016
Authored by Mehmet Ince, Halit Alptekin

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

tags | exploit, asp, xxe
SHA-256 | 285a356df0342917c10949047f0e7a8de20316652b88f7502badf4e23df2d5c3
Red Hat Security Advisory 2016-1100-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1100-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2015-5364, CVE-2015-5366
SHA-256 | b70f2e42ede5e8da8e1e8e7a87cd9775e00d40e084a51ce37fc464b37cd86495
XenAPI For XenForo 1.4.1 SQL Injection
Posted May 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7c3a37ee9ac8d2b769a495f772ba61c0683b07b2341e2500844b324ffac74676
Debian Security Advisory 3586-1
Posted May 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3586-1 - It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2016-4478
SHA-256 | aa2e48dd1598aac48f47d914c160293f08d5b7c396bab401c847c24cfdb0235d
Red Hat Security Advisory 2016-1098-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1098-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
SHA-256 | e5082f024d9d1cffd20ad196891fab3bec8fae91dbf4d0db215c6bdf68e423d3
Red Hat Security Advisory 2016-1099-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1099-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
SHA-256 | 78c4251cc04ffbfe8ae9a5c3083f623d6791288c6353f113aab81871dd062679
MediaLink MWN-WAPR300N Insecure Session
Posted May 24, 2016
Authored by David Spector

MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.

tags | exploit
SHA-256 | d083f82d3886c34b608717c7e62cbdb88123448dd50ef58ccf95bfc5317898cc
Infobae Cross Site Scripting
Posted May 24, 2016
Authored by Joel Noguera

The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.

tags | exploit, vulnerability, xss
SHA-256 | 7d27834c41218abe78f74ed25b1687903fade4c02f0c42f10175989c165ee7b8
Shellsploit Framework Beta 0.3
Posted May 24, 2016
Authored by B3mB4m | Site github.com

Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.

Changes: Various updates.
tags | tool, shellcode
systems | unix
SHA-256 | d8cb793be2a436b47284454f1f100287761ac59042791ccd4992836f7b48e0ae
Counterfeiting With Cisco IP Communicator
Posted May 24, 2016
Authored by Suman Sah

Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.

tags | exploit, spoof
systems | cisco
SHA-256 | 5fa6355a4e3c274a002436a52e827eab9e6cbcae0ca0402c3a1c6a7211bbcdeb
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close