accept no compromises
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-06

NUUO 3.0.8 strong_user.php Backdoor Remote Shell Access
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO NVRmini, NVRmini2, Crystal and NVRSolo devices have a hidden PHP script that when called, a backdoor user is created with poweruser privileges that is able to read and write files on the affected device. The backdoor user 'bbb' when created with the password '111111' by visiting 'strong_user.php' script is able to initiate a secure shell session and further steal and/or destroy sensitive information.

tags | exploit, shell, php
MD5 | 9e5ca7496b9bacd01a8225e0787a09ee
NUUO 3.0.8 Arbitrary File Deletion
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO versions 3.0.8 and below suffer from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
MD5 | bcb4a235810a299f5617f77f148b65db
NUUO NVRmini 2 NE-4160 ShellShock Remote Code Execution
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO NVRmini, NVRmini2, Crystal, NVRSolo suffer from an authenticated ShellShock vulnerability. This could allow an attacker to gain control over a targeted computer if exploited successfully. The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix.

tags | exploit, shell, bash
systems | linux, unix
MD5 | bb960d175fc981dc81fdb39cbdef56df
NUUO 3.0.8 OS Command Injection
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO versions 3.0.8 and below suffer from OS command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 7241b66bb2f492a730ca577416a2186a
NUUO 3.0.8 Local File Disclosure
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO versions 3.0.8 and below suffer from a file disclosure vulnerability.

tags | exploit
MD5 | ad347ed947792e94fcb6134c12087210
NUUO 3.0.8 Add Admin Cross Site Request Forgery
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | f6f0042aed61b580ad849d86f2b761c0
NUUO 3.0.8 Remote Root
Posted Aug 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffer from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as the root user via the 'log' GET parameter in the '__debugging_center_utils___.php' script. Included is a remote root exploit and an nse file. Versions 3.0.8 and below are affected.

tags | exploit, remote, arbitrary, root, php
MD5 | 8e2e9311ff79fdbe9c573e7cd1968dbd
WordPress Ecwid Ecommerce Shopping Cart 4.4 / 4.4.3 PHP Object Injection
Posted Aug 6, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Ecwid Ecommerce Shopping Cart plugin versions 4.4 and 4.4.3 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | ec491116ddc82e47f4cc10e038fc6fe2
WordPress Welcome Announcement 1.0.5 Cross Site Scripting
Posted Aug 6, 2016
Authored by bl4ck_MohajeM

WordPress Welcome Announcement plugin version 1.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7763f2b857c0b29bf12c02bfc4cd8d8a
Stegano 0.6
Posted Aug 6, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Command-line improvements.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 415139dd6d32bb34fc92dbda1c81e7c7
WordPress Selected Text Sharer 1.0 CSRF / XSS
Posted Aug 6, 2016
Authored by bl4ck_MohajeM

WordPress Selected Text Sharer plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7b48c99d6c77d9c5c54e285e4b5f0847
Web-Based Firewall Logging Tool 1.1.0
Posted Aug 6, 2016
Authored by Bob Hockney | Site webfwlog.sourceforge.net

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Changes: Added support for MaxMind geoip version 2 location databases. Added config option for postgresql join_collapse_limit for query planner. Various other updates.
tags | tool, web, firewall
systems | linux, windows, xp
MD5 | 4e85d44a434412766e0ac4d1ffd5cfd8
Falco 0.3.0
Posted Aug 6, 2016
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Significantly improved performance, involving changes in the falco and sysdig repositories. Several sets of rule cleanups to reduce false positives. Various other updates.
tags | tool, intrusion detection
systems | unix
MD5 | 4e4cbc354550fa7a2c0c4ac038e20bd7
WordPress Store Locator Plus 4.5.09 Cross Site Scripting
Posted Aug 6, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Store Locator Plus plugin version 4.5.09 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 761526964c914bf26bb05da5e6c1d648
VMware Host Guest Client Redirector DLL Hijacking
Posted Aug 6, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

tags | advisory, arbitrary
systems | windows
MD5 | febccfe9fd28c2f07d7faae1b5643910
Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution
Posted Aug 6, 2016
Authored by mr_me | Site metasploit.com

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.

tags | exploit, remote, code execution
advisories | CVE-2015-3435
MD5 | 12c0fc1de9392964d1fb7e3d45109b2d
Internet Explorer 11 VBScript Engine Memory Corruption
Posted Aug 6, 2016
Authored by Theori | Site metasploit.com

This Metasploit module exploits the memory corruption vulnerability (CVE-2016-0189) present in the VBScript engine of Internet Explorer 11.

tags | exploit
advisories | CVE-2016-0189
MD5 | 55d9615c6b78afbad0a5d03e514a2b29
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close