what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2016-07-04

Faraday 1.0.22
Posted Jul 4, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: GTK is the default interface now. Added new plugin Ndiff. Added new plugin Netcat. Added button to edit your host in the GTK interface. Various other updates and changes.
tags | tool, rootkit
systems | unix
SHA-256 | bc0e3e1d109dedc36a4b8bd38acaf20a9bdc6d8ea141f57aeba14e80aba1541c
Syslog Server 1.2.3 Denial Of Service
Posted Jul 4, 2016
Authored by ChaoYi Huang

Syslog Server version 1.2.3 for windows suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | eb46422ac777aa5dbb0a485572f6eef92724300a3e1e4ce51efb6b9d7f377572
WebCalendar 1.2.7 CSRF Bypass
Posted Jul 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.

tags | exploit, web
SHA-256 | b21b04f0900a0f57b17194ed5f9dc60a1ad09467022464b6d1d905884edfc003
Linux 4.6 auditsc.c Double-Fetch
Posted Jul 4, 2016
Authored by Pengfei Wang

A double-fetch vulnerability exists in Linux-4.6/kernel/auditsc.c for kernel versions 4.6 and below that can allow for a race condition.

tags | advisory, kernel
systems | linux
advisories | CVE-2016-6136
SHA-256 | b8484509b883b5ba7efb0f9836de1eba2e683bda2f71f327c5292b39ac3bafa3
Linux/64bit NetCat Bind Shell Shellcode
Posted Jul 4, 2016
Authored by CripSlick

64 bytes small Linux/64bit NetCat bindshell shellcode.

tags | shellcode
systems | linux
SHA-256 | ccb8a4620f13eab28b158fe220b47f9d39887bd7678a8dc86c301a69c5420547
Debian Exim Spool Local Root Privilege Escalation
Posted Jul 4, 2016
Authored by halfdog

Exim4 in some variants is started as root but switches to uid/gid Debian-exim/Debian-exim. But as Exim might need to store received messages in user mailboxes, it has to have the ability to regain privileges. This is also true when Exim is started as "sendmail". During internal operation, sendmail (Exim) will manipulate message spool files in directory structures owned by user "Debian-exim" without caring about symlink attacks. Thus execution of code as user "Debian-exim" can be used to gain root privileges by invoking "sendmail" as user "Debian-exim".

tags | exploit, root
systems | linux, debian
SHA-256 | bd74c62b27f39b7f46709bc09cd8804cada21ce8799966cc4bc67706ff142d5b
Linux 4.6 Double-Fetch Race Condition / Buffer Overflow
Posted Jul 4, 2016
Authored by Pengfei Wang

Linux-4.6/drivers/platform/chrome/cros_ec_dev.c suffers from a double-fetch vulnerability that can lead to a race condition and buffer overflow.

tags | advisory, overflow
systems | linux
advisories | CVE-2016-6156
SHA-256 | 80e0da9e4ae252335cbbe6ee98e428a3d91d04848442075c7a5d00d6fe887ef1
eCardMAX 10.5 Cross Site Scripting / SQL Injection
Posted Jul 4, 2016
Authored by Bikramaditya Guha

eCardMAX version 10.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5f8de22c048b71098b35ba1e93cbe3c2fa763ab62088181de333bfc3b4e6b4a4
KWSPHP CMS 1.6.995 Cross Site Scripting
Posted Jul 4, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

KWSPHP CMS version 1.6.995 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b714b2be97af5970b2a4ee01b3b85daac8e2776f7d722f1dec378d2bb467d9fd
Linux/x86 TCP Bind Shell Port 4444 Shellcode
Posted Jul 4, 2016
Authored by sajith

98 bytes small Linux/x86 TCP bindshell shellcode that binds to port 4444.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | bbeda0cdeea38bf97a30d59d5a8052ae8344aaec1e3c2e7e0e24491a1739f9bb
EMC Documentum WDK-Based Applications Code Execution / Traversal
Posted Jul 4, 2016
Authored by Andrey B. Panfilov

All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.

tags | advisory, web, arbitrary, code execution, file inclusion
advisories | CVE-2014-0629, CVE-2016-0914
SHA-256 | 46663e14e60c2d3f94f374b2571e350b1e7744ac4f13a7cd8032e426b3ab94df
WebCalendar 1.2.7 PHP Code Injection
Posted Jul 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WebCalendar version 1.2.7 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | f08625bb439c813ff12d6610f1b47451bd70656f904beb6b7f2d5a5f98986f4d
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close