what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-06-15

Solarwinds Virtualization Manager 6.3.1 Java Deserialization
Posted Jun 15, 2016
Authored by Nate Kettlewell

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2016-3642
MD5 | 874acff2f397a4c25725e3ce2c3302a1
Bomgar Remote Support Unauthenticated Code Execution
Posted Jun 15, 2016
Authored by Markus Wulftange | Site metasploit.com

This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.

tags | exploit, remote, arbitrary, php
advisories | CVE-2015-0935
MD5 | 6967187d9cc044d56dee179d177af71a
Cisco Security Advisory 20160615-rv
Posted Jun 15, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 8fd2fa2e26b9c32869a5a2dd9a17d9e0
jbFileManager Path Traversal
Posted Jun 15, 2016
Authored by HaHwul

jbFileManager suffers from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | a12d4222c4b2e4283c2a2ffcbe13ef16
FibeAir IP-10 Authentication Bypass
Posted Jun 15, 2016
Authored by Ian Ling

FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".

tags | exploit, web, bypass
MD5 | 34a8f5abb2f5b640fcd229aab8b5e0e1
AdobeUpdateService 3.6.0.248 Privilege Escalation
Posted Jun 15, 2016
Authored by Cyril Vallicari

AdobeUpdateService version 3.6.0.248 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | dacc851a88daa2fc3cdab76bfcf6d2ea
DDN SFA Default SSH Keys
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.

tags | exploit
MD5 | 5687082f543efb79e12f33bdb69b4604
BookingWizz LFI / XSS / CSRF / SQL Injection
Posted Jun 15, 2016
Authored by Mehmet Ince

BookingWizz versions prior to 5.5 suffer from having default administrative credentials, local file inclusion, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion, csrf
MD5 | 1c319583f82f231e10fa8953319eb536
VMware Security Advisory 2016-0009
Posted Jun 15, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0009 - VMware vCenter Server updates address an important reflective cross-site scripting issue.

tags | advisory, xss
advisories | CVE-2015-6931
MD5 | c8c5df9b8f31cd21ebb880019bbd27d2
Debian Security Advisory 3603-1
Posted Jun 15, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3603-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory
systems | linux, debian
advisories | CVE-2016-3062
MD5 | bee8d7141b58ab49f52d9add67e596c5
Microsoft Visio DLL Hijacking
Posted Jun 15, 2016
Authored by Yorick Koster, Securify B.V.

Microsoft Visio suffers from a DLL hijacking vulnerability.

tags | advisory
systems | windows
advisories | CVE-2016-3235
MD5 | 72f90bf45267f4baa3971413f07d2b96
DDN SFA Privilege Escalation
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN SFA suffers from a privilege escalation vulnerability.

tags | advisory
MD5 | a6402c274b33e346c3b926e1c4dd258d
Joomla En-Masse 6.4 SQL Injection
Posted Jun 15, 2016
Authored by Hamed Izadi

Joomla En-Masse component versions 5.1 through 6.4 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e20f11d6e89994734929d1cd401c5865
Mozilla Firefox DLL Hijacking
Posted Jun 15, 2016
Authored by Stefan Kanthak

The fix applied for CVE-2014-1520 does not fix a DLL hijacking issue with Mozilla Firefox's executable installer.

tags | exploit
systems | windows
advisories | CVE-2014-1520
MD5 | 8ccb338cab7271385d9a014995b5be12
Blat 3.2.14 Denial Of Service
Posted Jun 15, 2016
Authored by vishnu raju

Blat version 3.2.14 suffers from a stack overflow vulnerability that can trigger a denial of service condition.

tags | exploit, denial of service, overflow
MD5 | db5280edfb1d646c4220ddb81a2c743f
Solarwinds Virtualization Manager 6.3.1 Privilege Escalation
Posted Jun 15, 2016
Authored by Nate Kettlewell

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo.

tags | exploit
advisories | CVE-2016-3643
MD5 | 10e7ec398fefe10a27919b3459fbdbbc
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close