Exploit the possiblities
Showing 1 - 25 of 28 RSS Feed

Files Date: 2016-08-02

OpenSSH 7.3p1
Posted Aug 2, 2016
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates including a security fix.
tags | tool, encryption
systems | linux, unix, openbsd
advisories | CVE-2016-6210
MD5 | 4d88194aa227646df970e71a08943de5
Polycom Command Shell Authorization Bypass
Posted Aug 2, 2016
Authored by Paul Haas, h00die | Site metasploit.com

The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.

tags | exploit, remote, arbitrary, shell, root
MD5 | 5148a87c832137fe939461e0ece4695b
TOR Virtual Network Tunneling Tool 0.2.8.6
Posted Aug 2, 2016
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series. The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor's test suite.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | bb8631eacc8d5553d25ed021846d837c
Red Hat Security Advisory 2016-1539-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-2143, CVE-2016-4470
MD5 | 28b59b794bcf9d9cd036e91e6bdb073c
Red Hat Security Advisory 2016-1538-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1538-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang. Security Fix: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.

tags | advisory, web, cgi
systems | linux, redhat
advisories | CVE-2016-5386
MD5 | 77d9d5de16b6046bfc28d4daee82e9dd
WordPress WangGuard 1.7.1 Cross Site Scripting
Posted Aug 2, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WangGuard plugin version 1.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a86b8c7f6f9a7002a42cf2e707b82a32
WordPress Uji Countdown 2.0.6 Cross Site Scripting
Posted Aug 2, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Uji Countdown plugin version 2.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 787b3039dbb23684cc8eec159869be87
Zoll ePCR 2.6.4 Script Insertion
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Zoll ePCR version 2.6.4 suffers from a malicious script insertion vulnerability.

tags | exploit
MD5 | 9373bc652346bba4c103ef14db2d9f59
Docebo LMS 6.9 Remote Code Execution
Posted Aug 2, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

Docebo LMS version 6.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 3ff3cc890318608aa3c5e204bfca43a9
FortiManager Script Insertion
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Multiple versions of FortiManager allows for malicious script insertion attacks.

tags | exploit
MD5 | 8f5678eb802364c2c7b61317e0c2d0c5
HP Security Bulletin HPSBGN03564 2
Posted Aug 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03564 2 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Release Control. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.

tags | advisory, java, code execution
advisories | CVE-2016-1999
MD5 | 696ce82d2c2035b3490ad6ff2f756fff
Red Hat Security Advisory 2016-1532-02
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
MD5 | 1a952ad92b21c26fbfe2d95d275b6ce3
Red Hat Security Advisory 2016-1541-03
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2015-8660, CVE-2016-4470
MD5 | bca655ed040ae1e4a0b48d9f2436be22
Red Hat Security Advisory 2016-1547-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1547-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
MD5 | f712292b816ad6a1e383c3cd825e3aac
Red Hat Security Advisory 2016-1546-01
Posted Aug 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1546-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
MD5 | 2fe0adc2a4b8385f018e2b192bcb187c
Ubuntu Security Notice USN-3045-1
Posted Aug 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3045-1 - It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297
MD5 | 54a16eb16aec56ce0c3290c9605a5c0a
HP Security Bulletin HPSBUX03632 SSRT110194 1
Posted Aug 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03632 SSRT110194 1 - A potential security vulnerability has been identified in the HP-UX Mail Server running Sendmail. This vulnerability could be locally exploited to allow unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2014-3956
MD5 | 998f2fde8bfd301ef59d98e5f9f2adc0
WikWiki 2.1 Cross Site Scripting
Posted Aug 2, 2016
Authored by HaHwul

WikWiki version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9ce91260021896c068c475c49facb173
Packet Storm New Exploits For July, 2016
Posted Aug 2, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 189 exploits added to Packet Storm in July, 2016.

tags | exploit
MD5 | b462896128285686fd4de67f982b20a1
Joomla BreezingForms 1.8.x Arbitrary File Upload
Posted Aug 2, 2016
Authored by xBADGIRL21

Joomla BreezingForms component version 1.8.x suffers from a remote file upload vulnerability. The vendor has contacted Packet Storm and has noted that the default installation does not allow for execution of files with a php extension. Further, the issue related to upload was addressed by Crosstec in February of 2016.

tags | exploit, remote, shell
MD5 | 9235d4bc339664a6ee09a29f4b0672a3
WinSaber Privilege Escalation
Posted Aug 2, 2016
Authored by ZwX | Site vulnerability-lab.com

WinSaber suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 6556b558170359f96cff3cc2c0acd6de
Windows 7/x86 localhost Port Scanner Shellcode
Posted Aug 2, 2016
Authored by Roziul Hasan Khan Shifat

556 bytes large Windows 7/x86 localhost port scanner shellcode.

tags | x86, shellcode
systems | windows, 7
MD5 | 365e00e93798bfa17b0e6db32cefec9e
VUPlayer 2.49 .pls Stack Buffer Overflow
Posted Aug 2, 2016
Authored by vportal

VUPlayer version 2.49 .pls file stack buffer overflow exploit with DEP bypass.

tags | exploit, overflow
MD5 | e4401b7f4278bcb79e93a86c510a6873
Guppy CMS 5.01.03 Cross Site Scripting
Posted Aug 2, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Guppy CMS version 5.01.03 suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9a0c3ef1722cf41b6c303f42f08ab04f
Linux/x86 NetCat Bind Shell With Port Shellcode
Posted Aug 2, 2016
Authored by CripSlick

44, 52 bytes Linux/x86 NetCat bind shell with port shellcode.

tags | shell, x86, shellcode
systems | linux
MD5 | 6953240d9ce7ccf9b7047560b4c20c2b
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close