Twenty Year Anniversary
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-07-12

Red Hat Security Advisory 2016-1406-01
Posted Jul 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1406-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-4565
MD5 | a8891b80853682172af10fa5a785dbf0
MS16-032 Secondary Logon Handle Privilege Escalation
Posted Jul 12, 2016
Authored by b33f, James Forshaw, khr0x40sh | Site metasploit.com

This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.

tags | exploit
systems | windows, 7
advisories | CVE-2016-0099
MD5 | 37a34759947c810455938c65ab482084
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
MD5 | 75ff5f78056283806bf48c4b08b4edfc
WordPress Easy Forms For MailChimp 6.0.5.5 Local File Inclusion
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 65adab6988ef66974433f81b2a78efe0
WordPress WP Fastest Cache 0.8.5.9 Local File Inclusion
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 760e7ccd799a73ce964210f524693a92
WordPress Profile Builder 2.4.0 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Profile Builder plugin version 2.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 530c5006d6d3bf18d1fc959b8eefc661
WordPress Master Slider 2.7.1 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Master Slider - Responsive Touch Slider plugin version 2.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 667da316aac28a0b009da188f9088e27
WordPress Email Users 4.8.2 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Email Users plugin version 4.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3023cf48133ae94c6b7deb2665edda0a
Microsoft Security Bulletin Summary For July, 2016
Posted Jul 12, 2016
Site microsoft.com

This bulletin summary lists eleven released Microsoft security bulletins for July, 2016.

tags | advisory
MD5 | a53a0f8e15d6770b8345713085bd52d7
Ubuntu Security Notice USN-3031-1
Posted Jul 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3031-1 - Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323
MD5 | bee9450b7cbf321fb800b570e7930ee0
Apache Archiva 1.3.9 Cross Site Scripting
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-5005
MD5 | 49af5bfe6cafae1122d621ea5294c340
Apache Archiva 1.3.9 Cross Site Request Forgery
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-4469
MD5 | bb5f2cae376e13ae271a747583391445
Red Hat Security Advisory 2016-1395-01
Posted Jul 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2015-4170
MD5 | 9abd5a4bf2df041607dd68d43abe0148
HP Security Bulletin HPSBHF03608 1
Posted Jul 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03608 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, java, arbitrary
advisories | CVE-2016-4372
MD5 | 97e0258d6c0b3fa75e77317a3813f960
WordPress WP Job Manager 1.25 Shell Upload
Posted Jul 12, 2016
Authored by xBADGIRL21

WordPress WP Job Manager plugin version 1.25 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | a608a5a847db36eebef7b79660c84b96
Clinic Management System Blind SQL Injection
Posted Jul 12, 2016
Authored by Yakir Wizman

Clinic Management System suffers from an unauthenticated remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ead48c8458bb1fc093da100028c262ed
Beauty Parlour And SPA Saloon Management System SQL Injection
Posted Jul 12, 2016
Authored by Yakir Wizman

Beauty Parlour and SPA Saloon Management System suffers from an unauthenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1e2148e3a3cb4d4c768bd849accb2171
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
Posted Jul 12, 2016
Authored by Francesco Oddo | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application's database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.

tags | exploit, remote, web, arbitrary, root, vulnerability, code execution, sql injection
MD5 | 43250fc531037c614242f3fd33ba0a4a
Blue Team Training Toolkit (BT3) 1.1
Posted Jul 12, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | 5aa37d7a933381d2b3981641c5bc2327
ifchk 1.0.4
Posted Jul 12, 2016
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Added systemd service unit support for Red Hat Enterprise Linux 7 and CentOS 7.
tags | tool
systems | unix
MD5 | 6414f9b910303b38e74608648f709f68
Bug Tracker 2.7.1 Information Disclosure
Posted Jul 12, 2016
Authored by indoushka

Bug Tracker version 2.7.1 suffers from a database name and credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d35b56c9d9e442796bdce2b50d836c80
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close