what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2016-06-22

Mandos Encrypted File System Unattended Reboot Utility 1.7.9
Posted Jun 22, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 0677e985bb4af607dbc77a865532d38f4f3397f6ed5a8d0e1bbd3b8f4cce24a8
Tiki-Wiki CMS Calendar Command Execution
Posted Jun 22, 2016
Authored by h00die, Dany Ouellet | Site metasploit.com

Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.

tags | exploit, remote, code execution
SHA-256 | 9131c295c6f0a87ffeed5ec24203a47294ef439eb9e76d9c596efa1d5fafc764
EMC Documentum WebTop Improper Authorization
Posted Jun 22, 2016
Site emc.com

Remote authenticated WebTop and WebTop Client users may gain access to the IAPI/IDQL interface in WebTop without proper authorization. Malicious users could exploit this vulnerability to run IAPI/IDQL commands on the affected systems using their own privilege. Affected products include EMC Documentum WebTop versions 6.8 and 6.8.1, Administrator versions 7.0, 7.1, 7.2, TaskSpace version 6.7 SP3, and Capital Projects versions 1.9 and 1.10.

tags | advisory, remote
advisories | CVE-2016-0914
SHA-256 | 922ee5b10d55ca104fdafbfbabd2f4263e941bd47bdcae7794773725a1ceb3d4
Open-Xchange App Suite 7.8.1 Information Disclosure
Posted Jun 22, 2016
Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-4027
SHA-256 | 27b0e6e0ca5abeb66f30b28d40b4ac9eb51c5bb7ed4b48985aba9a1fe1586857
WordPress Contus Video Comments 1.0 File Upload
Posted Jun 22, 2016
Authored by Larry W. Cashdollar

WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.

tags | exploit, remote, file inclusion, file upload
SHA-256 | 4f6ec1ff49f824524c93da0857f1b6f61521cb94809158b755faa6e7a4516efa
How To Exploit Magic Values In 32-Bit Processes On 64-Bit OSes
Posted Jun 22, 2016
Authored by SkyLined

This is a brief write-up on how magic values in 32-bit processes on 64-bit OSes work and how to exploit them.

tags | paper
advisories | CVE-2014-1592
SHA-256 | 0e22f4f695fe5a82d5a78008e35426ae71abb83926c813e23d3e43569e903c82
PCMAN FTP Server 2.0.7 ls Buffer Overflow
Posted Jun 22, 2016
Authored by quanyechavshuo | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.

tags | exploit, overflow
SHA-256 | c7b50b153ec04efb07018decce1a122711b94da1e8f8210a118da4147778adcf
Wolf CMS 0.8.2 Arbitrary PHP File Upload
Posted Jun 22, 2016
Authored by Nahendra Bhati, Rahmat Nurfauzi | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-6567, CVE-2015-6568
SHA-256 | bb14eded63b20bf9f13fdec65b93642599468f8b8d60278a25b93898e6f4fc4b
Windows x86 ShellExecuteA(NULL,NULL,"cmd.exe",NULL,NULL,1) Shellcode
Posted Jun 22, 2016
Authored by Roziul Hasan Khan Shifat

Windows x86 ShellExecuteA(NULL,NULL,"cmd.exe",NULL,NULL,1) shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | 7ae62e8f83f505044c299cb151a3efacef3a2f3efe98fb6a631523cae4f8b4df
TekDefense Automater OSINT Tool 0.21
Posted Jun 22, 2016
Authored by TekDefense | Site tekdefense.com

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

tags | tool
systems | unix
SHA-256 | 8063423c9b7219a9188c72b0ab2e7f522795882d4ac17a4cccf2bb72db3836ef
Faraday 1.0.21
Posted Jun 22, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Import Report dialog to Faraday GTK. Added a 'Loading workspace...' dialog to Faraday GTK. Added host sidebar to Faraday GTK. Added host information dialog to Faraday GTK with the full data about a host, its interfaces, services and vulnerabilities. Added support for run faraday from other directories. Fixed log reapparing after being disabled if user created a new tab. Fixed bug regarding exception handling in Faraday GTK. Now Faraday GTK supports Ctrl+Shift+C / Ctrl+Shift+V to Copy/Paste. Faraday will now not crash if you suddenly lose connection to your CouchDB.
tags | tool, rootkit
systems | unix
SHA-256 | c54ba1825e52da6ac47386229db2cfbe0234894a9cd44a6024f6e1c1a7eefa5c
Packet Fence 6.1.0
Posted Jun 22, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added new transifex files. Fix multiple cookies being sent from the browser. Many other bug fixes and updates.
tags | tool, remote
systems | unix
SHA-256 | 4f8140a99dec13b47cb82af0807ea715ca9a1a4f596bfa28579dc20e44941558
Mandos Encrypted File System Unattended Reboot Utility 1.7.8
Posted Jun 22, 2016
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 533428eb9f9a45bcd8526e89014102946eac74e8cf0fa05c337de290cbbbd070
SAP NetWeaver AS JAVA 7.4 jstart Denial Of Service
Posted Jun 22, 2016
Authored by Dmitry Yudin

The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.

tags | advisory, java, remote, denial of service
advisories | CVE-2016-3980
SHA-256 | bb3db47d4fcab7f0f9eca2bde8886165421542cd01cf50081af2e14438a6d1d2
SAP NetWeaver AS JAVA 7.4 icman Denial Of Service
Posted Jun 22, 2016
Authored by Dmitry Yudin

Internet Communication Manager (ICMAN/ICM) in SAP JAVA AS version 7.4 allows remote attackers to cause a denial of service (possible heap corruption IctParseCookies()) via a crafted HTTP request.

tags | advisory, java, remote, web, denial of service
advisories | CVE-2016-3979
SHA-256 | 44848e8f5d0007ffcced7de64df26b2bc621da243fd08b9ed7a2f134d4043612
DarkComet Server 3.2 Remote File Download
Posted Jun 22, 2016
Authored by Jesse Hertz, Shawn Denbow, Jos Wetzels | Site metasploit.com

This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.

tags | exploit, arbitrary
SHA-256 | 526875de4b2f6bc5ec72d1ffc0e835dfcf46ebb40dc25640bde82c28768474fd
SSHC 5.0 Encrypted Database Content Stealing
Posted Jun 22, 2016
Authored by Mickael Dorigny

SSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.

tags | exploit
SHA-256 | b65f0bcd7a1b909d9cb74e42f7e28b4350fbff790f58e10c2ce3ecbc6b8ec091
YetiForce CRM Cross Site Scripting
Posted Jun 22, 2016
Authored by David Silveiro

YetiForce CRM versions prior to 3.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 88f77d119109097e0ff59b4bccf90941faf7911f4ad4ee8ca7d4130767c35bd8
Radiant CMS 1.1.3 Cross Site Scripting
Posted Jun 22, 2016
Authored by David Silveiro

Radiant CMS version 1.1.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 632cfe489664d2879a2526e59d8fd6d08acf732b32e77e62489c5b96fc4c47ea
Yona CMS 1.3.x Cross Site Request Forgery
Posted Jun 22, 2016
Authored by s0nk3y

Yona CMS version 1.3.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 92dec5774d0ae52f5f489ce2f3acbdb2637cdc8adacd50647918faeca2f19ad6
Joomla Publisher 3.0.11 SQL Injection
Posted Jun 22, 2016
Authored by s0nk3y

Joomla Publisher component version 3.0.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e207bc23de7b81fa6d7bba62a85fb3af31af242aff646877284899d4eda58b47
Ionize CMS 1.0.8 Cross Site Request Forgery
Posted Jun 22, 2016
Authored by s0nk3y

Ionize CMS versions 1.0.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 04a53f78bc0110447c0d663c58372767475534ed26cdb901e7124c35bc4516c4
SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
Posted Jun 22, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.

tags | exploit, java, xss
SHA-256 | 3227c8ee7e5ffae4107c3102e05d6c483cc347aa6c21ed54de26dc0f839fee13
SAP NetWeaver AS JAVA 7.5 Information Disclosure
Posted Jun 22, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer form an information disclosure vulnerability in WD_CHAT.

tags | exploit, java, info disclosure
advisories | CVE-2016-3973
SHA-256 | c86a0c971a9ddf7d0a42320c53175f15d4860f92751a45e80a3910f467711ef4
Ubuntu Security Notice USN-3014-1
Posted Jun 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3014-1 - Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. Frediano Ziglio discovered that Spice incorrectly handled certain primary surface parameters. A malicious guest operating system could potentially exploit this issue to escape virtualization. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-0749, CVE-2016-2150
SHA-256 | 6e05cdcaf2aa1cf993c525ec3863c9f2831bf4e664648184e4bee5b17da517e3
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close