exploit the possibilities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2016-07-21

TFTP Server 1.4 WRQ Buffer Overflow
Posted Jul 21, 2016
Authored by Karn Ganeshen

TFTP server version 1.4 WRQ buffer overflow exploit with egghunter shellcode.

tags | exploit, overflow, shellcode
MD5 | fe5dce41ea7ae479599f167ae29fb639
Ubuntu Security Notice USN-3040-1
Posted Jul 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3040-1 - Multiple security issues were discovered in MySQL and this update include s new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-3424, CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3518, CVE-2016-3521, CVE-2016-3588, CVE-2016-3614, CVE-2016-3615, CVE-2016-5436, CVE-2016-5437, CVE-2016-5439, CVE-2016-5440, CVE-2016-5441, CVE-2016-5442, CVE-2016-5443
MD5 | 052cb436e50e297df527b9e0c30e049b
Blue Team Training Toolkit (BT3) 1.2
Posted Jul 21, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New commands implemented, UI improvements, documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | e7085fefd7be1488324644ab7870d41b
OpenDNSSEC 2.0.1
Posted Jul 21, 2016
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Multiple bug fixes.
tags | tool
systems | unix
MD5 | 22c2c9d8d9f229fbf08f393a2bb4f459
Drupal RESTWS Module Remote PHP Code Execution
Posted Jul 21, 2016
Authored by Mehmet Ince, Devin Zuczek | Site metasploit.com

This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php, code execution
systems | linux, ubuntu
MD5 | a07fff541bb884e4701ff7f27d49ae76
UPC Hungary Administrative Password / Insecure Transit
Posted Jul 21, 2016
Authored by Gergely Eberhardt

UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.

tags | exploit
MD5 | bebbe65f28213dfa74a81de195dfd819
Technicolor TC7200 Modem / Router Session Management / Fixed Password
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.

tags | exploit, proof of concept
MD5 | be3302863bceda9f8ece1413401b6a21
WordPress WooCommerce 2.6.2 Cross Site Scripting
Posted Jul 21, 2016
Authored by Han Sahin

WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 128f43aecf47badf4272571710225474
WordPress Paid Memberships Pro 1.8.9.3 Cross Site Scripting
Posted Jul 21, 2016
Authored by Burak Kelebek

WordPress Paid Memberships Pro plugin version 1.8.9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e32c768b8c371dc7303205be0eba1cc9
PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
Posted Jul 21, 2016
Authored by Hans Jerry Illikainen

PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().

tags | exploit, php
advisories | CVE-2016-5399
MD5 | 6b6fb4f1de53517be6387665e5599f1a
Hitron CGNV4 Modem / Router CSRF / Session Management / Command Injection
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Hitron CGNV4 modem / router suffers session management, cross site request forgery, and command injection vulnerabilities.

tags | advisory, vulnerability, csrf
MD5 | 8a3a259586203af1a05ce043b9562f57
Compal CH7465LG-LC Modem / Router Session Management / Command Injection
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.

tags | exploit, denial of service, vulnerability, proof of concept, bypass
MD5 | df44524323cde2bddb6548a8a7631cf4
Cisco EPC3925 UPC Modem / Router Default Passphrase
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via WiFi and the typical serial number is within the range 200.000.000 and 260.000.000, the default password can be brute-forced within minutes. Proof of concept included.

tags | exploit, proof of concept
systems | cisco
MD5 | aee1f536046790ca1bc25977b15d4f5d
Red Hat Security Advisory 2016-1458-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1458-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
MD5 | f7e087a6bd2acdcf4b4f1a8c2d151b26
Gentoo Linux Security Advisory 201607-16
Posted Jul 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-16 - arpwatch is vulnerable to the escalation of privileges. Versions less than 2.1.15-r8 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-2653
MD5 | 4ed95c6f5c1ffbbaff25d1a904a0505b
Gentoo Linux Security Advisory 201607-15
Posted Jul 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-15 - Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, CVE-2016-1547
MD5 | 37d7aaee61e4fd18730be42b0dad0d01
Red Hat Security Advisory 2016-1477-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1477-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 121. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3550
MD5 | e4f6d0e1e2f855f5f18d0473b716724c
Red Hat Security Advisory 2016-1475-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1475-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
MD5 | 7bb81975abbe13850d87e034083a82de
Red Hat Security Advisory 2016-1476-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1476-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 111. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606
MD5 | 603bf170fae2d21cf13d3b70811f9100
Red Hat Security Advisory 2016-1474-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1474-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. The following packages have been upgraded to a newer upstream version: openstack-neutron. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8914, CVE-2016-5362, CVE-2016-5363
MD5 | 6e4901de6d6562e723246778596f9cf2
Red Hat Security Advisory 2016-1473-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1473-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8914, CVE-2016-5362, CVE-2016-5363
MD5 | 5c14b05cb19a924a0c7b830b4db41d28
Cisco Security Advisory 20160720-ucsperf
Posted Jul 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 0580b25988fbc5edab88cdc20e31460a
OpenSSHD 7.2p2 User Enumeration
Posted Jul 21, 2016
Authored by 0_o

OpenSSHD versions 7.2p2 and below remote username enumeration exploit.

tags | exploit, remote
MD5 | fa557a65295528572def67f216ae854d
MySQL Overflows / Memory Corruption / Format String
Posted Jul 21, 2016
Authored by Nicholas Lemonias

MySQL versions 5.7.12 and below suffer from integer overflow, buffer overflow, memory corruption, and format string vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2016-3477
MD5 | 9ff046aa258bd477bb9020f04cba4c41
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    1 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close