exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-06-28

Alfine CMS 2.6 SQL Injection
Posted Jun 28, 2016
Authored by Vulnerability Laboratory, mr_mask_black | Site vulnerability-lab.com

Alfine CMS version 2.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bd8d25abe0c3ba989859567b7465ae932a92d91005c70b7e47e11d8aeae2d32d
Mutualaid CMS 4.3.1 SQL Injection
Posted Jun 28, 2016
Authored by Vulnerability Laboratory, mr_mask_black | Site vulnerability-lab.com

Mutualaid CMS version 4.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a455179bbdccd33589cb9f67403270734ddad7760c1b837bbbfb7bf933be47eb
Ladesk Agent Session Reset Password
Posted Jun 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

A password reset session web vulnerability has been discovered in the official Ladesk online service web-application. The vulnerability allows remote attackers to reset a session credentials to unauthorized access user accounts or data.

tags | exploit, remote, web
SHA-256 | 48448a68d6625f37f4bfd263b2acf7e8357e8b4ea8097b513d291e4aa57a873d
Iranian Weblog Services 3.3 Cross Site Scripting / Shell Upload / SQL Injection
Posted Jun 28, 2016
Authored by Vulnerability Laboratory, ICG SEC | Site vulnerability-lab.com

Iranian Weblog Service CMS version 3.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | c3116d6596bcb349a186df81125f516059f566a684a9d04972b62ea8182c4147
Debian Security Advisory 3607-1
Posted Jun 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3607-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-7515, CVE-2016-0821, CVE-2016-1237, CVE-2016-1583, CVE-2016-2117, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3070, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4470, CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4569
SHA-256 | 0d223b304d17753a1ce52094557c77094582be1a5339c862d34ee91a630a21d9
JSON Swagger CodeGen Parameter Injector
Posted Jun 28, 2016
Authored by ethersnowman | Site metasploit.com

This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.

tags | exploit, arbitrary
SHA-256 | 925a6c94c2aaaf2800d73d3a13675fcc5378848d10e33bb01c987d3250914670
HNB 1.9.18-10 Buffer Overflow
Posted Jun 28, 2016
Authored by Juan Sacco

HNB version 1.9.18-10 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | aaeae969855be3306cdcb2e32a65086c3546c2454ef4c52eae43f8d68c2a975a
BigTree CMS 4.2.11 SQL Injection
Posted Jun 28, 2016
Authored by Mehmet Ince

BigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 968aa637a70ad16367def25fb2cfce1ce28e8f27120df89d1a374a92fc0e4e5e
PInfo 0.6.9-5.1 Buffer Overflow
Posted Jun 28, 2016
Authored by Juan Sacco

PInfo version 0.6.9-5.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | bd449abb80e20ea86e7a578310b7a24726e21f5b4ffeaebf4d394e4654f4205d
MyLittleForum 2.3.5 Command Execution
Posted Jun 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

MyLittleForum version 2.3.5 suffers from a PHP command execution vulnerability.

tags | exploit, php
SHA-256 | 2d0eb479e123885dc4f3ba4bea291050b16793c255cfefd1c779cd7cd6e61bd6
Red Hat Security Advisory 2016-1345-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1345-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 2fc622331271f6afa73eb4f7e48d1d066bc6cbbf159a462885b921ad6608bee7
Ubuntu Security Notice USN-3016-4
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3016-4 - USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 8b422961da61bd3f40b99e99fad351371bb6609bb98f432f77cc11d8d554d24b
Ubuntu Security Notice USN-3017-3
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3017-3 - USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | a1beb623f5e33a2e8c161fd6cca966622aa0882f56c90c2404ac48f36c15fc9b
Ubuntu Security Notice USN-3021-2
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3021-2 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3951, CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4805, CVE-2016-4913
SHA-256 | a1920ccfc4f4c6e5f276bfd5d75431b8b3ae7cb57f8387df52a131fbfbe2120f
Ubuntu Security Notice USN-3021-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3021-1 - Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-3951, CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4805, CVE-2016-4913
SHA-256 | a58aea903cc903ad65202dc2ce64c473a75d915b0fa02a508452f77673343643
Gentoo Linux Security Advisory 201606-19
Posted Jun 28, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-19 - Kwalletd password stores are vulnerable to codebook attacks. Versions less than 4.14.3-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2013-7252
SHA-256 | ea592a530bcb697a8742eb3a0b6c8b5ba892f26c30d3e70a01ddfbf99e837986
Gentoo Linux Security Advisory 201606-18
Posted Jun 28, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-18 - Multiple vulnerabilities have been found in IcedTea allowing remote attackers to affect confidentiality, integrity, and availability through various vectors. Versions less than 7.2.6.6-r1 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0636, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | ebdd1b365bfa8f378b59b53cf2276953c442ce0a028d0eab48f33412fe350ecf
Ubuntu Security Notice USN-3020-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3020-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4951, CVE-2016-4997, CVE-2016-4998
SHA-256 | 54f83afa154640f8024df9abd28aa401d3608933d58a98291d2ff9437c61ffc3
Ubuntu Security Notice USN-3018-2
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3018-2 - USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 967ed36586a074ad56c5537a86344439a141220272f76359ff378d22c3a93cd7
Ubuntu Security Notice USN-3019-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3019-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 9290b489b84336a68219bbf34af20a42bbcb89266e0f5470f3726d9949ced727
Ubuntu Security Notice USN-3018-1
Posted Jun 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3018-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-4482, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998
SHA-256 | 19b9ec27b0226f3c7b7630645b541791cdab6e5d2596d808843adf1e12571f08
Red Hat Security Advisory 2016-1347-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1347-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | a0fd5df58421128c1a07f21c9a92276cf8767d845c7f9e6fc3c0aecc8f18306d
Red Hat Security Advisory 2016-1346-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1346-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, local, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 10910d0024b75b8f8033a76719b206b712d0277d444d33e117eb8cfe6f89d1bc
Linux x86 /bin/sh Shellcode With ASLR Bruteforce
Posted Jun 28, 2016
Authored by Pawan Lal

Linux x86 /bin/sh shellcode with ASLR bruteforce.

tags | x86, shellcode
systems | linux
SHA-256 | eb9f0e8da13c2d6306f0927441510c06cf9a7ae3abc0d02412ff3582db632f27
Armadito Arbitrary File Write / Man-In-The-Middle
Posted Jun 28, 2016
Authored by The Dead Cow

Armadito suffers from a remote arbitrary file write due to a man-in-the-middle issue.

tags | exploit, remote, arbitrary
systems | linux
SHA-256 | 3c940d2b604802823a92dfde76f87dccff6b8a34a3da8280c1427ca2bcaf9d01
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close