Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-08-31

Red Hat Security Advisory 2016-1785-01
Posted Aug 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1785-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.7 release serves as a replacement for JBoss Operations Network 3.3.6, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5422
MD5 | 2eb89e2ba5cf2a71b17536b9dd250ae6
Cisco Security Advisory 20160831-sps3
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, protocol
systems | cisco
MD5 | 79bc356eab9693dda2a3fb46872b7ab7
Cisco Security Advisory 20160831-spa
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, denial of service
systems | cisco
MD5 | 290e9c77d0c752fbf0263ed2d49c847e
Cisco Security Advisory 20160831-meetings-player
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 7797b2c7a52dd63af82ca809091e22fa
CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
Posted Aug 31, 2016
Authored by Rene Freingruber, M. von Dach | Site sec-consult.com

CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.

tags | exploit
MD5 | fa3e0983e05e19b0dfcc2b70f17ffa3d
ZKTeco ZKBioSecurity 3.0 User Enumeration
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.

tags | exploit
MD5 | 84b96eb656c1af18652dad06c91b1a27
ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d8bd7463fd5989edb979e3ef6053653c
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.

tags | exploit, local, bypass
MD5 | 4ecb8c492cf6713ab277cdecf8bad926
ZKTeco ZKBioSecurity 3.0 File Path Manipulation
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.

tags | exploit
MD5 | f4f1ac3b6303590393a13abe9fdebe21
ZKTeco ZKBioSecurity 3.0 Add Superadmin Cross Site Request Forgery
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 16b0a2b5a8003afbb3065920efbd101e
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 412234f22c7a93e0ceae359b0e42a0ca
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary
MD5 | 372cf1b9b006b5525bd170c507681162
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.

tags | exploit
MD5 | 05cfd802f588536de977ba624823c2ce
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.

tags | exploit
MD5 | a5214c3e7c6c4b35eb1264aa4ddc5e7c
HP Security Bulletin HPSBGN03637 1
Posted Aug 31, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03637 1 - A potential vulnerability has been identified in the AdminUI of the HP Operations Manager for Unix, Solaris, and Linux. The vulnerability could be exploited remotely resulting in Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, unix, solaris
advisories | CVE-2016-4380
MD5 | 944bb798ff3152a48b7464651c6a3862
Red Hat Security Advisory 2016-1781-01
Posted Aug 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1781-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
MD5 | d984c87f8aa64fb9c2060ef07a3e179c
CactuShop 7 Database Disclosure
Posted Aug 31, 2016
Authored by indoushka

CactuShop version 7 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 49d08fa0cb6c4c055196ac893afde53f
Joomla JSJobs 1.0.7.5 SQL Injection
Posted Aug 31, 2016
Authored by xBADGIRL21

Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bf66100aee7e4f7eb6e655db3ed5d891
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close