exploit the possibilities
Showing 1 - 25 of 35 RSS Feed

Files Date: 2016-06-22

Mandos Encrypted File System Unattended Reboot Utility 1.7.9
Posted Jun 22, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 7ca1d88dbc90064c78b6e629bf0f87c5
Tiki-Wiki CMS Calendar Command Execution
Posted Jun 22, 2016
Authored by h00die, Dany Ouellet | Site metasploit.com

Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.

tags | exploit, remote, code execution
MD5 | 815b810d96d3491d5f1c2345cc295a93
EMC Documentum WebTop Improper Authorization
Posted Jun 22, 2016
Site emc.com

Remote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.

tags | advisory, remote
advisories | CVE-2016-0914
MD5 | 47bf51099b647a609d295030d1d4894a
Open-Xchange App Suite 7.8.1 Information Disclosure
Posted Jun 22, 2016
Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-4027
MD5 | 910936d4615de9cca8522b94efda498b
WordPress Contus Video Comments 1.0 File Upload
Posted Jun 22, 2016
Authored by Larry W. Cashdollar

WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.

tags | exploit, remote, file inclusion, file upload
MD5 | 878ac11298bc7d34f344850054ac0a6d
How To Exploit Magic Values In 32-Bit Processes On 64-Bit OSes
Posted Jun 22, 2016
Authored by SkyLined

This is a brief write-up on how magic values in 32-bit processes on 64-bit OSes work and how to exploit them.

tags | paper
advisories | CVE-2014-1592
MD5 | 37f2076a2763f2f4cb4bece0777fe356
PCMAN FTP Server 2.0.7 ls Buffer Overflow
Posted Jun 22, 2016
Authored by quanyechavshuo | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.

tags | exploit, overflow
MD5 | 0bfcbb507ab822d3b479f65e3ae91ca0
Wolf CMS 0.8.2 Arbitrary PHP File Upload
Posted Jun 22, 2016
Authored by Nahendra Bhati, Rahmat Nurfauzi | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-6567, CVE-2015-6568
MD5 | 66beb761f39c59b3da55b23a9f9564fc
Windows x86 ShellExecuteA(NULL,NULL,"cmd.exe",NULL,NULL,1) Shellcode
Posted Jun 22, 2016
Authored by Roziul Hasan Khan Shifat

Windows x86 ShellExecuteA(NULL,NULL,"cmd.exe",NULL,NULL,1) shellcode.

tags | x86, shellcode
systems | windows
MD5 | db4fd3b0e05f42ba77be8d93b2ef686c
TekDefense Automater OSINT Tool 0.21
Posted Jun 22, 2016
Authored by TekDefense | Site tekdefense.com

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

tags | tool
systems | unix
MD5 | 3b6129333585b30953f0c0b3079be88c
Faraday 1.0.21
Posted Jun 22, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Import Report dialog to Faraday GTK. Added a 'Loading workspace...' dialog to Faraday GTK. Added host sidebar to Faraday GTK. Added host information dialog to Faraday GTK with the full data about a host, its interfaces, services and vulnerabilities. Added support for run faraday from other directories. Fixed log reapparing after being disabled if user created a new tab. Fixed bug regarding exception handling in Faraday GTK. Now Faraday GTK supports Ctrl+Shift+C / Ctrl+Shift+V to Copy/Paste. Faraday will now not crash if you suddenly lose connection to your CouchDB.
tags | tool, rootkit
systems | unix
MD5 | 87991923a1ded69f3be0041e460cecfb
Packet Fence 6.1.0
Posted Jun 22, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added new transifex files. Fix multiple cookies being sent from the browser. Many other bug fixes and updates.
tags | tool, remote
systems | unix
MD5 | 1c8dc063ab440db0b5ce8ffbfd43c5a3
Mandos Encrypted File System Unattended Reboot Utility 1.7.8
Posted Jun 22, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 0773ac87f38ace010c68dc216e4a8710
SAP NetWeaver AS JAVA 7.4 jstart Denial Of Service
Posted Jun 22, 2016
Authored by Dmitry Yudin

The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.

tags | advisory, java, remote, denial of service
advisories | CVE-2016-3980
MD5 | bb62c0c729b39b300dc3fbb134ee72c0
SAP NetWeaver AS JAVA 7.4 icman Denial Of Service
Posted Jun 22, 2016
Authored by Dmitry Yudin

Internet Communication Manager (ICMAN/ICM) in SAP JAVA AS version 7.4 allows remote attackers to cause a denial of service (possible heap corruption IctParseCookies()) via a crafted HTTP request.

tags | advisory, java, remote, web, denial of service
advisories | CVE-2016-3979
MD5 | adf683a2dd11ecfdaae45b85b0f2e39c
DarkComet Server 3.2 Remote File Download
Posted Jun 22, 2016
Authored by Jesse Hertz, Shawn Denbow, Jos Wetzels | Site metasploit.com

This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.

tags | exploit, arbitrary
MD5 | 989082518cf6eccac4d9419bbfb170fa
SSHC 5.0 Encrypted Database Content Stealing
Posted Jun 22, 2016
Authored by Mickael Dorigny

SSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.

tags | exploit
MD5 | 3be2b5cb9f2655993c4efae3223ae178
YetiForce CRM Cross Site Scripting
Posted Jun 22, 2016
Authored by David Silveiro

YetiForce CRM versions prior to 3.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 44dbf2491071582a75bd6761e8db1b47
Radiant CMS 1.1.3 Cross Site Scripting
Posted Jun 22, 2016
Authored by David Silveiro

Radiant CMS version 1.1.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 645a2faf9f137753eb30f08ee585809b
Yona CMS 1.3.x Cross Site Request Forgery
Posted Jun 22, 2016
Authored by s0nk3y

Yona CMS version 1.3.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3471a84c1f747925f89080bdee7fdccb
Joomla Publisher 3.0.11 SQL Injection
Posted Jun 22, 2016
Authored by s0nk3y

Joomla Publisher component version 3.0.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5248539bb87ed82ec5155b17b7089c6e
Ionize CMS 1.0.8 Cross Site Request Forgery
Posted Jun 22, 2016
Authored by s0nk3y

Ionize CMS versions 1.0.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9501b441427479ae0a217ac8ae28e7a9
SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
Posted Jun 22, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.

tags | exploit, java, xss
MD5 | fa53e6898eb3732aaa5f4ba6ed8f7b47
SAP NetWeaver AS JAVA 7.5 Information Disclosure
Posted Jun 22, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer form an information disclosure vulnerability in WD_CHAT.

tags | exploit, java, info disclosure
advisories | CVE-2016-3973
MD5 | d3e6c44fb2365d40c1c8714de05523a5
Ubuntu Security Notice USN-3014-1
Posted Jun 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3014-1 - Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-0749, CVE-2016-2150
MD5 | 445af79a60953c08e8ec1dbc122a1fa9
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close