what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-07-28

Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (3)
Posted Jul 28, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, root
SHA-256 | ada1acb74888da1ee068093d1bfd8b3f3fa7cbe886c53bffebec80de7451a35e
WordPress Ultimate Product Catalog 3.9.8 SQL Injection
Posted Jul 28, 2016
Authored by Joaquin Ramirez Martinez

WordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bacab668e9242da4ccd6ac7578697bc74b3ca2afbaf088e2ffe1dba9f652000
Linux ARM/ARM64 perf_event_open() Arbitrary Memory Read
Posted Jul 28, 2016
Authored by Jann Horn, Google Security Research

Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().

tags | exploit, arbitrary
systems | linux
SHA-256 | d93d6ea3ad561c8f7d1736c08ffd738028f0f1563210cd2723d3dd9167a9b0bc
Exponent CMS 2.3.9 XSS / User Injection
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability that allows for user account addition.

tags | exploit, xss
SHA-256 | 423cf5f16e0bc3e2b68f98c0ffbfb9ff0056a53477952e4c8a5336cbd334fcf1
Zortam Media Studio 20.60 Buffer Overflow
Posted Jul 28, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

Zortam Media Studio version 20.60 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 60f4ac036146a9137d475523420c506dc7dcbe9ef06f4a36f384d1f5d5bb0db1
Debian Security Advisory 3633-1
Posted Jul 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3633-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-8338, CVE-2016-4480, CVE-2016-4962, CVE-2016-5242, CVE-2016-6258
SHA-256 | 69e2b39b3913e68cc3897dadfc8422de8be200cf50452bcb270d6b48048d7d24
Saveya Script Insertion
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Saveya suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | 5551173a26e0ebd8d02b44aefec2da15f69c5fefb72772e0228d85ebfaa58bcc
Zoll Checklist 1.2.2 Script Insertion
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Zoll Checklist version 1.2.2 suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | eded9a2d4136f497a7b8aa4fc8fae14d8f6c7b0c761dd5482b1e3db648ac5264
AppArmor aa_fs_seq_hash_show Reference Count Leak
Posted Jul 28, 2016
Authored by Google Security Research, Mark Brand

AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.

tags | exploit, overflow, kernel
SHA-256 | aeb4adc2c9454e00e280467d5afe605088bc235c957b16c9ba2883396aeb3993
Wireshark Analyzer 2.0.5
Posted Jul 28, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 0ce0241330828973f5b4efee422a3760cab8ce0b41e7721c4b9fd185be1bb10b
AXIS Authenticated Remote Command Execution
Posted Jul 28, 2016
Authored by OrwellLabs | Site orwelllabs.com

Multiple products from AXIS suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2015-8257
SHA-256 | 5d3626abb1ca74ae36c7f97673ca1ac0fa4274ea3398a978924fd38256827c7b
Avaya VOSS 4.1.0.0 SPB Traffic Traversal
Posted Jul 28, 2016
Authored by Jason Ostrom, Samuel Neves, Salim Neino

Avaya Fabric Connect VSP, under specific conditions, can accept and process specially crafted and spoofed Ethernet frames, which can lead to unauthorized access to devices intended to be secured from untrusted traffic sources. The vulnerability is caused by mishandling VLAN and I-SID indexes within the Fabric infrastructure. Version 4.1.0.0 is affected.

tags | advisory, spoof, file inclusion
advisories | CVE-2016-2783
SHA-256 | febf9c8d06e60cb5763c39467e3b800a3a47afa1bfb25a99e6dbc40ebfbb1519
Red Hat Security Advisory 2016-1519-01
Posted Jul 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1519-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.6 release serves as a replacement for JBoss Operations Network 3.3.5, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5220, CVE-2016-0800, CVE-2016-3737
SHA-256 | 9e8eda7cc87b09b7d965a2368ef110c52ca58a71169b633cc43b9d107529ee95
Debian Security Advisory 3632-1
Posted Jul 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3632-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
SHA-256 | 1034107a2809d4f21af57f0bbc38fd4ea778e2457506a9b747c59bfab574464b
LastPass 4.1.20a Communication Design Flaw
Posted Jul 28, 2016
Authored by Tavis Ormandy, Google Security Research

LastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.

tags | exploit, proof of concept
systems | windows
SHA-256 | 251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close