exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-07-27

Keystone 0.9.1
Posted Jul 27, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

Changes: Various updates.
tags | tool, x86, python, ruby
systems | windows, unix
SHA-256 | e9d706cd0c19c49a6524b77db8158449b9c434b415fbf94a073968b68cf8a9f0
Centreon Web Interface 2.5.3 Command Execution
Posted Jul 27, 2016
Authored by h00die, Nicolas Chatelain | Site metasploit.com

Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.

tags | exploit, web, arbitrary, code execution
SHA-256 | 5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16
Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Creds / Remote Access
Posted Jul 27, 2016
Authored by LiquidWorm | Site zeroscience.mk

The Iris ID IrisAccess iCAM4000/7000 series suffer from a use of hard-coded credentials. When visiting the device interface with a browser on port 80, the application loads an applet JAR file 'ICAMClient.jar' into user's browser which serves additional admin features. In the JAR file there is an account 'rou' with password 'iris4000' that has read and limited write privileges on the affected node. An attacker can access the device using these credentials starting a simple telnet session on port 23 gaining access to sensitive information and/or FTP access on port 21 (with EVERYTHING allowed) and uploading malicious content.

tags | exploit
SHA-256 | ad28f751582d4594cec5c55c01bdc1eaae1d58398e82fe87383a507eb30e69ae
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution
Posted Jul 27, 2016
Authored by LiquidWorm | Site zeroscience.mk

The Iris ID IrisAccess ICU 7000-2 device suffers from an unauthenticated remote command execution vulnerability. The vulnerability exist due to several POST parameters in the '/html/SetSmarcardSettings.php' script not being sanitized when using the exec() PHP function while updating the Smart Card Settings on the affected device. Calling the '$CommandForExe' variable which is set to call the '/cgi-bin/setsmartcard' CGI binary with the affected parameters as arguments allows the attacker to execute arbitrary system commands as the root user and bypass the biometric access control in place.

tags | exploit, remote, arbitrary, cgi, root, php
SHA-256 | 9ac64b5f4368e8e636317ddaac6a7d12f9f73b9c06e7360a07239e379b4f1e3d
Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
Posted Jul 27, 2016
Authored by Larry W. Cashdollar

Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2016-1000121, CVE-2016-1000122
SHA-256 | 4de2f91b2188085d1b161495281b6932b70d1cec9be6d62cde8cfe1b2ce6aa59
Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery
Posted Jul 27, 2016
Authored by LiquidWorm | Site zeroscience.mk

Iris ID IrisAccess ICU 7000-2 is prone to multiple reflected cross site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the 'HidChannelID' and 'HidVerForPHP' POST parameters in the 'SetSmarcardSettings.php' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, arbitrary, php, vulnerability, xss
SHA-256 | e7183b03f0ff99292c399fd3826568ee44c2d72211f15de97442670cff6e2a47
DornCMS 1.4 FileManager Cross Site Scripting
Posted Jul 27, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

DornCMS version 1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 35669c12e372953170dc5e6c1bda9a396a80705f3562019600267cd32f3f3c22
Microsoft GDI+ Untrusted Data Filter Bypass
Posted Jul 27, 2016
Authored by Google Security Research, mjurczyk

The GDI+ library can handle bitmaps originating from untrusted sources through a variety of attack vectors, like EMF files, which may embed bitmaps in records such as EMR_PLGBLT, EMR_BITBLT, EMR_STRETCHBLT, EMR_STRETCHDIBITS etc. The GDI+ implementation supports bitmaps compressed with the BI_RLE8 (8-bit Run-Length Encoding) compression algorithm, and performs the actual decompression in the gdiplus!DecodeCompressedRLEBitmap function. The buffer allocated to store the decompressed pixels is not cleared during or directly after the HeapAlloc() call, which causes it contain heap metadata and leftover data of previous allocations. The RLE compression algorithm makes it possible to skip some (in an extreme case: all) bytes in the output buffer; this could be achieved by using escape codes such as "End of line", "End of bitmap" or "Delta". If we start the compressed stream with the "End of bitmap" marker, the entirety of the memory region will remain uninitialized, which will in turn lead to displaying junk bytes as pixels. In the context of GDI+ clients which make it possible to read the rendered pixels back and send them to an attacker or use as part of a larger exploit chain, the bug could result in disclosure of sensitive data or defeat of exploit mitigations such as ASLR.

tags | exploit
SHA-256 | 8d5a33acbf833b3f227700647b9a190c6bda24e4e92617501ec844f76b1b3377
Ubuntu Security Notice USN-3043-1
Posted Jul 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3043-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
SHA-256 | 7672e7429049c3c41db0b4271e098d23ac3c5c001aab2743839df5e0c4371f15
Debian Security Advisory 3631-1
Posted Jul 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3631-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2016-5385, CVE-2016-5399, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
SHA-256 | 38a66d762d614a958d7801c279d78dadb3c6ac4fce34ef4bc800ff8d7a0c22ae
Debian Security Advisory 3630-1
Posted Jul 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3630-1 - Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc() function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.

tags | advisory, remote, overflow
systems | linux, debian
advisories | CVE-2016-6207
SHA-256 | 5da39cc7be7960124d3a3a0b67e4b82259ece63499cc06e95475cdcfd7a14059
HP Security Bulletin HPSBST03603 1
Posted Jul 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03603 1 - HPE StoreVirtual products running LeftHand OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2015-7547
SHA-256 | 7a1938552ec305f40be8a23af07bd878dc473a9a0b00a6ec1d1ad7c762c07075
Red Hat Security Advisory 2016-1504-01
Posted Jul 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1504-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
SHA-256 | ac052e67f91771e8218260f935fcd61f4427a255784dc765554eeb67002ea5b8
Huge IT Joomla Catalog Extension 1.0.4 XSS / SQL Injection
Posted Jul 27, 2016
Authored by Larry W. Cashdollar

Huge IT Joomla Catalog extension version 1.0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2016-1000119
SHA-256 | 9c25166a6b055251167cac9d73f262cb8fdfe462fc610b07ff5ffe47e4f85893
Nusiorung CMS 2016 SQL Injection
Posted Jul 27, 2016
Authored by Vulnerability Laboratory, mr_mask_black | Site vulnerability-lab.com

Nusiorung CMS 2016 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | c535c15366d217bb3f1c5c33ea85a9cd6acd9f8ad66dc8fd16eccf71a77dee0c
Ubuntu Security Notice USN-3042-1
Posted Jul 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3042-1 - Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6232
SHA-256 | 5f7cf77b7f5501688cb173a4207132ce4d544206d68f7befd58ae819acd5d38b
WordPress ColorWay 3.4.1 Cross Site Scripting
Posted Jul 27, 2016
Authored by Yorick Koster, Securify B.V.

WordPress ColorWay theme version 3.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3bcf6e430117f011bfa6bd3a2b25554032fd79f8c9f5f3d375c6a42284fe8437
Red Hat Security Advisory 2016-1489-01
Posted Jul 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1489-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-4565
SHA-256 | 92f448af05fa64277d3b3307da793e54460efff59bc1c9ba1edd08af9ef18f34
Silurus Classifieds 2.0 Cross Site Scripting
Posted Jul 27, 2016
Authored by zhiwei_jiang

Silurus Classifieds version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3fd2dd44592a87fcbb159e569f3987f00637646955585331a581070ae8b20876
Huawei ISM Professional Cross Site Scripting
Posted Jul 27, 2016
Authored by zhiwei_jiang

Huawei ISM Professional suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 46902e937f7c2a0957308e0d1d356d671660c726f3aba4c8df628f882b039e67
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close