exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-05-24

Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
MD5 | 70475f3d47267994bd9b861afc21614b
Ubuntu Security Notice USN-2984-1
Posted May 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2984-1 - It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-8865, CVE-2016-3078, CVE-2016-3132, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
MD5 | 50c1db5a82ce2fc56bc26d8613361ba0
HP Security Bulletin HPSBGN03605 1
Posted May 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03605 1 - A potential vulnerability has been identified in HPE Service Manager. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-2025
MD5 | a94d800ca043df04efe48c2e74688da9
Ubiquiti airOS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, 93c08539 | Site metasploit.com

This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.

tags | exploit, root, file upload
MD5 | e267290a4d5fe45ab492cc0d0ab34602
PowerFolder 10.4.321 Remote Code Execution
Posted May 24, 2016
Authored by Hans-Martin Muench

PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | 34c531d3d004a2411ee6ee63cfe6fd46
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
Posted May 24, 2016
Authored by Mehmet Ince, Halit Alptekin

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

tags | exploit, asp, xxe
MD5 | 41cc07503156fc99994ba41aa68c9031
Red Hat Security Advisory 2016-1100-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1100-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2015-5364, CVE-2015-5366
MD5 | 59d99f9d63984ee4febf767ce0e1592c
XenAPI For XenForo 1.4.1 SQL Injection
Posted May 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec6653535f15715683fb23b54a289bdb
Debian Security Advisory 3586-1
Posted May 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3586-1 - It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2016-4478
MD5 | b98842a58fb189b8f57464a815141511
Red Hat Security Advisory 2016-1098-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1098-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
MD5 | 15d91c406ee95e1d503563ec365e3968
Red Hat Security Advisory 2016-1099-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1099-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
MD5 | a2690c44d82f1aa519bb63391e176d32
MediaLink MWN-WAPR300N Insecure Session
Posted May 24, 2016
Authored by David Spector

MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.

tags | exploit
MD5 | f10ebaa939a2a3d516a6f8ea97b051d9
Infobae Cross Site Scripting
Posted May 24, 2016
Authored by Joel Noguera

The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.

tags | exploit, vulnerability, xss
MD5 | 684d14590f3fd547e17f6ccf4bed5a07
Shellsploit Framework Beta 0.3
Posted May 24, 2016
Authored by B3mB4m | Site github.com

Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.

Changes: Various updates.
tags | tool, shellcode
systems | unix
MD5 | 82022fc9011e91eb3bbab3f9132715be
Counterfeiting With Cisco IP Communicator
Posted May 24, 2016
Authored by Suman Sah

Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.

tags | exploit, spoof
systems | cisco
MD5 | 8bec58281b267dfc9884b43e3ff89a82
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    8 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close