exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-03

WordPress Landing Pages 2.2.4 Cross Site Scripting
Posted Aug 3, 2016
Authored by Burak Kelebek

WordPress Landing Pages plugin version 2.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e22ab7ef915344af44efee5210b0a05decfe86fd9fd60e328437348384d062f1
WordPress Activity Log 2.3.2 Cross Site Scripting
Posted Aug 3, 2016
Authored by Securify B.V., Edwin Molenaar

WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the search function.

tags | exploit, xss
SHA-256 | b130c22a63ee88f3818d8ab594345285ddd886cffa1bcc2edf0d11d982863e18
Debian Security Advisory 3640-1
Posted Aug 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3640-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code, cross-site scripting, information disclosure and bypass of the same-origin policy.

tags | advisory, web, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265
SHA-256 | d50f0b7ced5758fed27b5a39d77098277d67f6d245b007ad7cb534c225d478e3
HP Security Bulletin HPSBGN03633 1
Posted Aug 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03633 1 - Potential vulnerabilities have been identified in HPE Release Control. The vulnerabilities could be exploited remotely to allow denial of service (DoS), disclosure of information, unauthorized access to files or server-side request forgery (SSRF). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-4374
SHA-256 | 68d84f188e9bdf598b43722893cb31397086d862f7cd42988f4a6f861aed1d3a
Cisco Security Advisory 20160803-rv180_2
Posted Aug 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
SHA-256 | 78a2cea7d0b8290cc2f40413a06c209ffb50d3b1aef2bd81c2e903c386d7de4b
Cisco Security Advisory 20160803-rv180_1
Posted Aug 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal. The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | bcc88b7bb8c4a4333dab9ada7df933907efa223062962cef28af071259daf80b
WorldCIST 17 Call For Papers
Posted Aug 3, 2016
Site worldcist.org

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'17. It will be held on Porto Santo Island, Madeira, Portugal. It will take place April 11th through the 13th, 2017.

tags | paper, conference
SHA-256 | c20b010dbc13fcba33fc5de15774343b90f1e6cfdadb6a420767d91b445c53a1
zFTP 20061220+dfsg3-4.1 Buffer Overflow
Posted Aug 3, 2016
Authored by Juan Sacco

zFTP client version 20061220+dfsg3-4.1 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | b8dc88d41f401a90725d61c4af57f38a54b9ee93b7d5e4353b3e4ef03087821a
Cisco Security Advisory 20160803-rv110_130w2
Posted Aug 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device. The account could incorrectly be granted root privileges at authentication time. The vulnerability is due to improper role-based access control (RBAC) of the default account. The default account should never be allowed root privileges and should, in all cases, be read-only. An attacker could exploit this vulnerability by logging into the targeted device using the default account. An exploit could allow the attacker to authenticate to the device using the default account and be assigned root privileges. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, root
systems | cisco
SHA-256 | dc1cf6111281d30480c84e2af49e85e78fd833867d4ca60c8d5dd60974dffc30
Cisco Security Advisory 20160803-ucm
Posted Aug 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Session Initiation Protocol (SIP) processing functions of the Cisco Unified Communications Manager Instant Messaging (IM) and Presence Service could allow an unauthenticated, remote attacker to cause the Cisco SIP Proxy Daemon (sipd) process to restart unexpectedly, resulting in a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper input validation of SIP packet headers. An attacker could exploit this vulnerability by sending a crafted SIP packet to a targeted system. A successful exploit could allow the attacker to cause the sipd process to restart unexpectedly, resulting in a DoS condition on the system. If the sipd process restarts repeatedly, a successful exploit could also result in a sustained DoS condition and cause high disk utilization due to a large number of sipd core files being written to disk, which could exacerbate the DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 709b72ee108c411b6c7c20133962a815f9a8c96ed786029e5343a7d0c7e9ec05
Atutor 2.2.1 Path Traversal
Posted Aug 3, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Atutor version 2.2.1 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 7d2dc31a94a36d60ffffd314cd5eefeb8657f7e9d1c878147cc716b00e4d2e23
Debian Security Advisory 3639-1
Posted Aug 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3639-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions, obtain sensitive revision-history information, or mount a denial of service.

tags | advisory, remote, web, denial of service, vulnerability, xss
systems | linux, debian
advisories | CVE-2015-8834, CVE-2016-5832, CVE-2016-5834, CVE-2016-5835, CVE-2016-5837, CVE-2016-5838, CVE-2016-5839
SHA-256 | 6d746f8d85a8fd09c80ac5bd87ccad04c42ba4e7a964e13ea6ba7344a8660c7d
Debian Security Advisory 3638-1
Posted Aug 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3638-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
SHA-256 | e04de6812e9e2686a674a0315737bd48ecc81989e51936268323bf64692a8bcc
Red Hat Security Advisory 2016-1552-01
Posted Aug 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1552-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518
SHA-256 | 982f50fa8b97d822ee7769419c9cd525cf7fd9404293efaa3ed43a534a036354
Red Hat Security Advisory 2016-1551-01
Posted Aug 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1551-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265
SHA-256 | eb54700b10a737b6e621e43694174726db913f210ed8f3d9d8f578e2fe5e7b8c
PH.I NFS Scanner
Posted Aug 3, 2016

PHI.I is an effective NFS scanner. It is intended to be left running in a screen session somewhere, scans randomly and requires very little user interaction. It finds large numbers of exported NFS directories, and lists the contents of directories that are exported to everyone. There are very large numbers of completely open NFS shares, despite it being an issue for at least 30 years. Written in bash.

tags | tool, scanner, bash
systems | unix
SHA-256 | 4d49999e7cbd3abdea5d95a215b932ff2d670f5fee5e8283608f5ed63da4d697
WordPress Activity Log 2.3.2 Cross Site Scripting
Posted Aug 3, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Activity Log plugin version 2.3.2 suffers from a cross site scripting vulnerability in the administrator functionality.

tags | exploit, xss
SHA-256 | 21667bded8d0d3482c6b534d3ebe3039accf5360a112babf71727c592ae859f9
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close