Exploit the possiblities
Showing 1 - 25 of 32 RSS Feed

Files Date: 2016-08-12

WebNMS Framework Server 5.2 Arbitrary File Upload
Posted Aug 12, 2016
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution under the user which the WebNMS server is running. This Metasploit module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.

tags | exploit, code execution
systems | linux, windows
MD5 | 603fc189cd0d143b775250d52f85f13d
Hydra Network Logon Cracker 8.3
Posted Aug 12, 2016
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Support for upcoming OpenSSL 1.1 added. Fixed hydra redo bug. Updated xhydra for new hydra features and options. Some more command line error checking added. Ensured unneeded sockets are closed.
tags | tool, web, imap
systems | cisco, unix
MD5 | 481e842e141da7ef7e2250a1b0f5da5e
Ubuntu Security Notice USN-3047-2
Posted Aug 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3047-2 - USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. Various other issues were addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4952, CVE-2016-5107, CVE-2016-5126, CVE-2016-5337, CVE-2016-5403
MD5 | cae358870aa7d20ee999c525f0efb8dc
FreePBX 13 / 14 Remote Command Execution
Posted Aug 12, 2016
Authored by pgt | Site nullsecurity.net

FreePBX versions 13 and 14 remote command execution exploit.

tags | exploit, remote
MD5 | 1bbf97b2ef8e7ebce001f0932fa0119f
HP Security Bulletin HPSBGN03630 2
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03630 2 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.

tags | advisory, java, remote, code execution
systems | linux, unix, solaris
advisories | CVE-2016-4373
MD5 | 02d34eec118d8007e5058c6b46cc290c
HP Security Bulletin HPSBHF03440 1
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03440 1 - A potential security vulnerability in JQuery was addressed by HPE Integrated Lights-Out 3. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2011-4969
MD5 | 438573c83e09f7564bb6309c2869f692
Apache OpenMeetings 3.1.0 Cross Site Scripting
Posted Aug 12, 2016
Authored by Matthew Daley

Apache OpenMeetings version 3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e28050a7e90ef7625618abfdb6128b5d
Zabbix 3.0.3 SQL Injection
Posted Aug 12, 2016
Authored by 1N3

Zabbix version 3.0.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cf04a575fab19057d2c4dfd7569e48b2
ColoradoFTP 1.3 Prime Edition (Build 8) Directory Traversal
Posted Aug 12, 2016
Authored by Christian Catalano, Rv3Lab, Marco Fornaro

ColoradoFTP version 1.3 Prime Edition (Build 8) suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | eaa2fb18b9facfba67ef8d026dcdf630
QuickerBB 0.7.0 Cross Site Scripting
Posted Aug 12, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

QuickerBB version 0.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5a81631467fcf69c3993943e44d028b8
Microsoft Education Cross Site Scripting
Posted Aug 12, 2016
Authored by SaifAllah benMassaoud, Zahid Mehmood | Site vulnerability-lab.com

Microsoft's Education site suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8563217845502478de8b140efc0fac12
Joomla Registration Pro 3.2.12 SQL Injection
Posted Aug 12, 2016
Authored by xBADGIRL21

Joomla Registration Pro component versions 3.2.10 through 3.2.12 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 75d02e3c8ebfd773cbc776ceb0927794
Teamspeak 3 Use-After-Free / Information Disclosure / DoS
Posted Aug 12, 2016
Authored by ff214370685e536b9ee021c7ff6b7680bfbe6008bc29f87511b6b90256043536

Teamspeak 3 suffers from multiple vulnerabilities including denial of service, a race condition that leads to a use-after-free, and various other issues.

tags | exploit, denial of service, vulnerability
MD5 | 82eea257468d7c639e9094f9637d0f33
VMware Security Advisory 2016-0011
Posted Aug 12, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0011 - vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead to a partial information disclosure. There are no known workarounds for this issue.

tags | advisory, info disclosure
advisories | CVE-2016-5332
MD5 | 6a241aab5dee9f705fe9f2e451a33023
Red Hat Security Advisory 2016-1604-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1604-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
MD5 | 40903b5597f1a5dc67847f5864678d09
Red Hat Security Advisory 2016-1602-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1602-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444
MD5 | a46dba614fee681ab3779c45de112831
Red Hat Security Advisory 2016-1601-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1601-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3614, CVE-2016-3615, CVE-2016-5439, CVE-2016-5440
MD5 | f55379aba74074b7e5ac83850d4ee2f0
Red Hat Security Advisory 2016-1603-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1603-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
MD5 | 73fc108c6e1e5a73d48a85ed3005b068
Red Hat Security Advisory 2016-1607-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1607-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
MD5 | c65ddad6fae38e5f2728e9fdc763cc96
Debian Security Advisory 3647-1
Posted Aug 12, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3647-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2016-2818
MD5 | c6dbae96fad739cda127cfc51ea9de4f
Red Hat Security Advisory 2016-1606-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1606-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
MD5 | 3a9f9e1740a4284b945d38314f51104d
Red Hat Security Advisory 2016-1613-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1613-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
MD5 | 289ff00da63f8e749ba834d15f07d384
Red Hat Security Advisory 2016-1612-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1612-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
MD5 | ba5f2341457a4e30030d68c7b2d2e135
Red Hat Security Advisory 2016-1611-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1611-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
MD5 | 3c53c53e5a92e184ddc41135822b0346
Red Hat Security Advisory 2016-1610-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1610-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
MD5 | 13b68d417bcf516001f41033fa0623d1
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close