exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-05-24

Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
MD5 | 70475f3d47267994bd9b861afc21614b
Ubuntu Security Notice USN-2984-1
Posted May 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2984-1 - It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-8865, CVE-2016-3078, CVE-2016-3132, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
MD5 | 50c1db5a82ce2fc56bc26d8613361ba0
HP Security Bulletin HPSBGN03605 1
Posted May 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03605 1 - A potential vulnerability has been identified in HPE Service Manager. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-2025
MD5 | a94d800ca043df04efe48c2e74688da9
Ubiquiti airOS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, 93c08539 | Site metasploit.com

This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.

tags | exploit, root, file upload
MD5 | e267290a4d5fe45ab492cc0d0ab34602
PowerFolder 10.4.321 Remote Code Execution
Posted May 24, 2016
Authored by Hans-Martin Muench

PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | 34c531d3d004a2411ee6ee63cfe6fd46
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
Posted May 24, 2016
Authored by Mehmet Ince, Halit Alptekin

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

tags | exploit, asp, xxe
MD5 | 41cc07503156fc99994ba41aa68c9031
Red Hat Security Advisory 2016-1100-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1100-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2015-5364, CVE-2015-5366
MD5 | 59d99f9d63984ee4febf767ce0e1592c
XenAPI For XenForo 1.4.1 SQL Injection
Posted May 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec6653535f15715683fb23b54a289bdb
Debian Security Advisory 3586-1
Posted May 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3586-1 - It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2016-4478
MD5 | b98842a58fb189b8f57464a815141511
Red Hat Security Advisory 2016-1098-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1098-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
MD5 | 15d91c406ee95e1d503563ec365e3968
Red Hat Security Advisory 2016-1099-01
Posted May 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1099-01 - jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix: A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-8863
MD5 | a2690c44d82f1aa519bb63391e176d32
MediaLink MWN-WAPR300N Insecure Session
Posted May 24, 2016
Authored by David Spector

MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.

tags | exploit
MD5 | f10ebaa939a2a3d516a6f8ea97b051d9
Infobae Cross Site Scripting
Posted May 24, 2016
Authored by Joel Noguera

The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.

tags | exploit, vulnerability, xss
MD5 | 684d14590f3fd547e17f6ccf4bed5a07
Shellsploit Framework Beta 0.3
Posted May 24, 2016
Authored by B3mB4m | Site github.com

Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.

Changes: Various updates.
tags | tool, shellcode
systems | unix
MD5 | 82022fc9011e91eb3bbab3f9132715be
Counterfeiting With Cisco IP Communicator
Posted May 24, 2016
Authored by Suman Sah

Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.

tags | exploit, spoof
systems | cisco
MD5 | 8bec58281b267dfc9884b43e3ff89a82
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close