Exploit the possiblities
Showing 1 - 25 of 444 RSS Feed

Files Date: 2016-06-01 to 2016-06-30

Cisco Security Advisory 20160629-piauthbypass
Posted Jun 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | d53dec1c8deedbc0b7839116fe901ecf
Cisco Security Advisory 20160629-cpcpauthbypass
Posted Jun 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, protocol
systems | cisco
MD5 | 4ccbc143a3a81bcd85e77b8e5100e913
Cisco Security Advisory 20160629-fp
Posted Jun 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote
systems | cisco
MD5 | 1ff797079a57ebe7fb1aa7ba04a44789
Apache Xerces-C XML Parser Crash
Posted Jun 29, 2016
Authored by Brandon Perry

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Apache Xerces-C XML Parser library versions prior to 3.1.4 are affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-4463
MD5 | f3582ebcd1fe05c63ce8c5e48bdf6608
Symantec PowerPoint Misaligned Stream-Cache Buffer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from a PowerPoint misaligned stream-cache remote stack buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | linux
advisories | CVE-2016-2209
MD5 | 116aa31c3493272f2691214bff41fc78
Symantec dec2zip ALPkOldFormatDecompressor::UnShrink Missing Bounds Check
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from a missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink.

tags | exploit
systems | linux
advisories | CVE-2016-3646
MD5 | 3a43bfce36616cabf71d499e016c7f27
Symantec TNEF Decoder Integer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from an integer overflow in the TNEF decoder.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-3645
MD5 | f21c39e1d3e50be281d83c1bf1b1ee26
Symantec MIME Message Modification Heap Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components from MIME encoded messages in CMIMEParser::UpdateHeader() assumes that filenames cannot be longer than 77 characters. This assumption is obviously incorrect, names can be any length, resulting in a very clean heap overflow.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-3644
MD5 | 42c9fc23525f28d7c9bf9817cb618d06
Symantec Antivirus MSPACK Unpacking Memory Corruption
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec Antivirus suffers from multiple remote memory corruption issues when unpacking MSPACK archives.

tags | exploit, remote
systems | linux
advisories | CVE-2016-2211
MD5 | 27d7a1936055cb7ca8a671830a2eef8f
Symantec dec2lha Remote Stack Buffer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

The Symantec dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::get_header() routine has a trivial stack buffer overflow.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-2210
MD5 | 33bac75a9c3004d9122edae68ccd0901
Symantec Antivirus RAR Unpacking Memory Corruption
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec Antivirus version 5.3.11 suffers from multiple remote memory corruption vulnerabilities when unpacking RAR files.

tags | exploit, remote, vulnerability
systems | linux
advisories | CVE-2016-2207
MD5 | d39fc11703c648b6bb9c46f8b091c6c6
Ubiquiti Administration Portal CSRF / Remote Command Execution
Posted Jun 29, 2016
Authored by Matthew Bergin | Site korelogic.com

The Ubiquiti AirGateway, AirFiber, and mFi platforms feature remote administration via an authenticated web-based portal. Lack of CSRF protection in the Remote Administration Portal, and unsafe passing of user input to operating system commands executed with root privileges, can be abused in a way that enables remote command execution.

tags | exploit, remote, web, root
MD5 | 88f3cb53aec137818114812416ad3c2c
Concrete5 5.7.3.1 Local File Inclusion
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7aad8a3d1adf10f05ea51ee8ca0e546d
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d058d3ec001d3a60cfa71271ebc40d36
Concrete5 5.7.3.1 Cross Site Request Forgery
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
MD5 | a9b43ed5dadf22c5af4f6e27e76b6a2d
Linux x86_64 /etc/passwd File Sender Shellcode
Posted Jun 29, 2016
Authored by Roziul Hasan Khan Shifat

Linux x86_64 /etc/passwd file sender shellcode.

tags | shellcode
systems | linux
MD5 | 302c2271032d8e3b2eca49286547f7e4
Alfine CMS 2.6 SQL Injection
Posted Jun 28, 2016
Authored by mr_mask_black | Site vulnerability-lab.com

Alfine CMS version 2.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 75cd1b6946f65df2c039324395587d74
Mutualaid CMS 4.3.1 SQL Injection
Posted Jun 28, 2016
Authored by mr_mask_black | Site vulnerability-lab.com

Mutualaid CMS version 4.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 86f564c316a2a73a0e47ecc65f70d499
Ladesk Agent Session Reset Password
Posted Jun 28, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A password reset session web vulnerability has been discovered in the official Ladesk online service web-application. The vulnerability allows remote attackers to reset a session credentials to unauthorized access user accounts or data.

tags | exploit, remote, web
MD5 | 14f2773a6cc8d488356f00b105460dbe
Iranian Weblog Services 3.3 Cross Site Scripting / Shell Upload / SQL Injection
Posted Jun 28, 2016
Authored by ICG SEC | Site vulnerability-lab.com

Iranian Weblog Service CMS version 3.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | 4ddc8466b03565a099972f84ceb9a69a
Debian Security Advisory 3607-1
Posted Jun 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3607-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-7515, CVE-2016-0821, CVE-2016-1237, CVE-2016-1583, CVE-2016-2117, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3070, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4470, CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4569
MD5 | 97be339593413497c6543462dc22c534
JSON Swagger CodeGen Parameter Injector
Posted Jun 28, 2016
Authored by ethersnowman | Site metasploit.com

This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.

tags | exploit, arbitrary
MD5 | ee34a941af38374fda5600408aa6daa3
HNB 1.9.18-10 Buffer Overflow
Posted Jun 28, 2016
Authored by Juan Sacco

HNB version 1.9.18-10 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 09263334a2f1408c660dbd686e124f23
BigTree CMS 4.2.11 SQL Injection
Posted Jun 28, 2016
Authored by Mehmet Ince

BigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 97512bfee561640281a0ecd4acf8a516
PInfo 0.6.9-5.1 Buffer Overflow
Posted Jun 28, 2016
Authored by Juan Sacco

PInfo version 0.6.9-5.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | f30823faae674df6ee0f431558e988ab
Page 1 of 18
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close