accept no compromises
Showing 1 - 24 of 24 RSS Feed

Files Date: 2016-07-13

WordPress Top 10 Popular Posts 2.3.0 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Top 10 Popular Posts plugin version 2.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bd37fc5ea22780b723c510962958d0a6
WordPress Simple Membership 3.2.8 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Simple Membership plugin version 3.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 904442dd37fe33676dfda296b8ddc1ab
Red Hat Security Advisory 2016-1423-01
Posted Jul 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1423-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225
MD5 | f2261256ec8bae18e6432d532eedeb87
Gentoo Linux Security Advisory 201607-03
Posted Jul 13, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-3 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.632 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244
MD5 | 1706fdc734d4cba22aba98f2804e49b5
WordPress WP No External Links 3.5.15 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WP No External Links plugin version 3.5.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 38384c6f6778dbb32885328daead873c
Red Hat Security Advisory 2016-1424-01
Posted Jul 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1424-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2016-0734, CVE-2016-0782
MD5 | ee3df25a5e74a9ffe72eab8cf21cf359
Cisco Security Advisory 20160713-ncs6k
Posted Jul 13, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the management of system timer resources in Cisco IOS XR for Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an unauthenticated, remote attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the Route Processor (RP) on the affected platform. The vulnerability is due to improper management of system timer resources. An attacker could exploit this vulnerability by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections to an affected device. An exploit could allow the attacker to cause a leak of system timer resources, leading to a nonoperational state and an eventual reload of the RP on the affected platform. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

tags | advisory, remote, shell, protocol
systems | cisco, osx
MD5 | cbc0767ec3a82c4c407c734af4f71a48
Open-Xchange App Suite 7.8.1 Cross Site Scripting
Posted Jul 13, 2016
Authored by Martin Heiland

Open-Xchange App Suite version 7.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-5124
MD5 | d60a7f33ad89664b8be9155ff78dc07f
WordPress Google Forms 0.84 Cross Site Scripting
Posted Jul 13, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Google Forms plugin version 0.84 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 25c439de00fbec25ae6b8e6285130adf
Adobe Acrobat Reader DC 15.016.20045 Memory Corruption
Posted Jul 13, 2016
Authored by Sebastien Morin, Pier-Luc Maltais

Adobe Acrobat Reader DC version 15.016.20045 suffers from multiple memory corruption vulnerabilities while handling font (.ttf) files. Adobe is offering support for this issue here: https://forums.adobe.com/community/adobe_reader_forums.

tags | exploit, vulnerability
systems | linux
advisories | CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208
MD5 | d24854330887fa8403eaae93ec66fbf3
Suricata IDPE 3.1.1
Posted Jul 13, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: DNS transaction handling issues addressed. libhtp updated. Various other bug fixes and feature additions.
tags | tool, intrusion detection
systems | unix
MD5 | acf37313500fac39a544c4521c1a91ec
Lynis Auditing Tool 2.3.0
Posted Jul 13, 2016
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Several big changes have been made to core functions of Lynis. There is a risk of breaking your existing configuration. As this is a major release, please check the changelog for details.
tags | tool, scanner
systems | unix
MD5 | 2b4bf607f16e771871f9ba11c7ac4d71
pmount 0.9.23 Arbitrary Device Mount
Posted Jul 13, 2016
Authored by Imre Rad

pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted system completely. Versions 0.9.23 is affected.

tags | exploit, arbitrary, local
MD5 | e3c08454f70126f83ffa6f790129db26
WSO2 SOA Enablement Server Cross Site Scripting
Posted Jul 13, 2016
Authored by Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a reflective cross site scripting vulnerability.

tags | exploit, java, xss
MD5 | ce2cbb5b922929ac18a1f56499a34538
WSO2 SOA Enablement Server XML External Entity Injection
Posted Jul 13, 2016
Authored by Jakub Palaczynski, Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from an XML external entity injection vulnerability.

tags | exploit, java
MD5 | 3e5d3ae69a6baac7273853cae43b2c8a
WSO2 SOA Enablement Server Server Side Request Forgery
Posted Jul 13, 2016
Authored by Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a server-side request forgery vulnerability.

tags | exploit, java
MD5 | 183c55096d7becad1eb2d703b757a31c
RootExplorer Man-In-The-Middle / Remote Code Execution
Posted Jul 13, 2016
Authored by 0x3d5157636b525761

RootExplorer is a rooted Android App aimed to ultimately control file operations on an Android device. Unfortunately, RootExplorer tries to download an external busybox from plain a HTTP website, which might cause rooted remote code execution.

tags | advisory, remote, web, root, code execution
MD5 | 231eef619964779c221a48f33ccfede6
GSX Analyzer 10.12 / 11 Backdoor Account
Posted Jul 13, 2016
Authored by ndevnull

GSX Analyzer versions 10.12 and 11 appear to have a hard-coded backdoor account in Main.swf.

tags | exploit
MD5 | e2545e0bbae496deb6ecce01fa5d974b
Linux x86 Reverse Shell Using Xterm Shellcode
Posted Jul 13, 2016
Authored by RTV

Linux x86 reverse shell shellcode using xterm ///usr/bin/xterm -display 127.1.1.1:10.

tags | shell, x86, shellcode
systems | linux
MD5 | f198cc87a2eb8963305ea0590f331004
Bitdefender Antivirus Free Edition DLL Hijacking
Posted Jul 13, 2016
Authored by Himanshu Mehta

Bitdefender Antivirus Free Edition suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 3d06d758e3d19c26207fbef8f36cc79b
Windows x86 Download / Execute Shellcode
Posted Jul 13, 2016
Authored by Roziul Hasan Khan Shifat

Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() shellcode.

tags | x86, shellcode
systems | windows
MD5 | 23c2074209fa439403f761d02d387ec3
7-Zip 16.02 DLL Hijacking
Posted Jul 13, 2016
Authored by Himanshu Mehta

7-Zip version 16.02 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | bfc293395cdad1830ac28dcbd8257f7b
C.COM Events CMS 0.1.02 SQL Injection / Authentication Bypass
Posted Jul 13, 2016
Authored by indoushka

C.COM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
MD5 | 005e6f85c5f554a51c635103d9d44209
Adobe Flash Player fpb.tmp Privilege Escalation
Posted Jul 13, 2016
Authored by Stefan Kanthak

The executable installers of Adobe Flash Player released on 2016-06-15 fixed CVE-2016-1014 in the second attempt, but another vulnerability remained allowing for fpb.tmp to be executed with elevated privileges.

tags | advisory
advisories | CVE-2016-1014, CVE-2016-4247
MD5 | 914d2ea4fe1758e698bc2c87116b127e
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close