exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-08-31

Red Hat Security Advisory 2016-1785-01
Posted Aug 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1785-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.7 release serves as a replacement for JBoss Operations Network 3.3.6, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5422
SHA-256 | 2cc2183f89947a122a8dbcc3d0f918c09c7e9dfb436446ac88bd6b099f31bff0
Cisco Security Advisory 20160831-sps3
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Simple Network Management Protocol (SNMP) functionality in Cisco Small Business 220 Series Smart Plus (Sx220) Switches could allow an unauthenticated, remote attacker to gain unauthorized access to SNMP objects on an affected device. The vulnerability is due to the presence of a default SNMP community string that is added during device installation and cannot be deleted. An attacker could exploit this vulnerability by using the default SNMP community string to access SNMP objects on an affected device. A successful exploit could allow the attacker to view and modify SNMP objects on a targeted device. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, protocol
systems | cisco
SHA-256 | ccf9dfcc97adb138f7d24d75f51d007e71d7f844aae6e82d07c7a188c937bed1
Cisco Security Advisory 20160831-spa
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 899c8995efd36f53e8fcb7f2a34120edfb3bed08afe4753d1cfcd4de9c447c31
Cisco Security Advisory 20160831-meetings-player
Posted Aug 31, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco WebEx Player could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper handling of user-supplied files. An attacker could exploit this vulnerability by persuading a user to open a malicious file using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary
systems | cisco
SHA-256 | 891c13b58be0af0b7350c16216c66fcc911203ae9cc908aa9be3b56343ff46f5
CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
Posted Aug 31, 2016
Authored by Rene Freingruber, M. von Dach | Site sec-consult.com

CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.

tags | exploit
SHA-256 | f6c2bdd62d1577463dc9c79bb653feed9235e44736641fa6d88a9f5d0e6c8af7
ZKTeco ZKBioSecurity 3.0 User Enumeration
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.

tags | exploit
SHA-256 | 06ad2c3b4c30611aed0e5c774dc61cb188d74abaf7f541e5e4b3139d56cfdeb9
ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3bccc49a88d88e46601653c25d793d329adafc5bf1d19a399249c82bcf482577
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.

tags | exploit, local, bypass
SHA-256 | 04dd784bf139529b5896a28748b85b2a46ce19108df60fb6df0bf077057f7fc8
ZKTeco ZKBioSecurity 3.0 File Path Manipulation
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.

tags | exploit
SHA-256 | d07f6d14968a9a3f7d2d3f860e9fda889f7bc5cc53267e6d5800e4b5b82387d9
ZKTeco ZKBioSecurity 3.0 Add Superadmin Cross Site Request Forgery
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2ee4aee490a35905760510df79d8cffc41d9ed01d4dbb2fe00f6ccb3f4fa04f6
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 661201e7c27f788dde650a2d5226bddfa2456cc33d8e22a68d5114c6bd2a7de2
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary
SHA-256 | d831e50b0e0f8def133824f6a6ff536a534dd8c171ffe02320b7362c15ad83f5
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.

tags | exploit
SHA-256 | e51af303de037c193cb718e87876e32f06f7a64a66a90955afc034c4e3dcc236
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.

tags | exploit
SHA-256 | 9cb88adc874e989e21366fdcd577e8bd531dda6ee9584e15f2e77c43ddc2e0d1
HP Security Bulletin HPSBGN03637 1
Posted Aug 31, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03637 1 - A potential vulnerability has been identified in the AdminUI of the HP Operations Manager for Unix, Solaris, and Linux. The vulnerability could be exploited remotely resulting in Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, unix, solaris
advisories | CVE-2016-4380
SHA-256 | 1ce5c760fd7c1301d3a84917c1bc4e1979c54720b9deb0df1356b2c57f517089
Red Hat Security Advisory 2016-1781-01
Posted Aug 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1781-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | 9345dc2c41d8927ec523db65c6d7145025cd5746f563f0a1360ea20e8f699bf1
CactuShop 7 Database Disclosure
Posted Aug 31, 2016
Authored by indoushka

CactuShop version 7 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 82f9d5f5cdea5c187d3baf2aa4449df23005f80f15ba137b46773888b99225ff
Joomla JSJobs 1.0.7.5 SQL Injection
Posted Aug 31, 2016
Authored by xBADGIRL21

Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6baccd3bd0aaecb8b28f8c12bd5480dea2b363c00e69b0fe81fa9e9fda118901
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close