exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2016-09-13

EMC Documentum D2 Authentication Bypass
Posted Sep 13, 2016
Site emc.com

EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.

tags | advisory, remote
advisories | CVE-2016-6644
SHA-256 | f8b711fb3cd37acdb19b7ded0e6ffaa24fa21db48de448f259119829f69c42cd
EMC ViPR SRM XSS / CSRF / File Upload / Brute Force
Posted Sep 13, 2016
Site emc.com

EMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload, csrf
advisories | CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643
SHA-256 | c4c3f37a7b7355ed7a0f1f84276bb201809cad149d6a71b93db2e99a89a30789
Microsoft Security Bulletin Summary For September, 2016
Posted Sep 13, 2016
Site microsoft.com

This bulletin summary lists fourteen released Microsoft security bulletins for September, 2016.

tags | advisory
SHA-256 | 24e69cf37393fa5d0b669a91818d9a0355ca984bcced40a8c16cbe8fbbefe726
Apache Shiro Filter Bypass
Posted Sep 13, 2016
Authored by Brian Demers

Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.

tags | advisory, root, bypass
advisories | CVE-2016-6802
SHA-256 | 922a5e1fd7a8d3e74cc2b4e09d237b3dd41e4acc621099a0adf20ff10239e9c8
HP Security Bulletin HPSBST03640 1
Posted Sep 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03640 1 - A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-4381
SHA-256 | 4af49f4c877c915fbebd9055f890d3255a1bd47b5b7e508f79f17ad85d1ccdd8
HP Security Bulletin HPSBGN03572 1
Posted Sep 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03572 1 - A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2016-4382
SHA-256 | 714f9dc1cb140c3e1a6781191341cb64eb8d677cd760040a74a5a00bc543878f
Ubuntu Security Notice USN-3078-1
Posted Sep 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2016-6662
SHA-256 | 70fb5a6644f34b6d550d78bb097b4a44cfd9878ed35cb234d7e3bd0d2a2d75a8
Android getpidcon Binder Service Replacement
Posted Sep 13, 2016
Authored by Jann Horn, Google Security Research

Android has an issue where racy getpidcon usage permits binder service replacement.

tags | exploit
SHA-256 | 644ba9d887dcdf537c7493e2bd3450f2d0cef598b6d99e9c8bc785a796ac86e5
Battle.Net 1.5.0.7963 Privilege Escalation
Posted Sep 13, 2016
Authored by Tulpa

Battle.Net version 1.5.0.7963 suffers from an insecure file permissions privilege escalation vulnerability.

tags | exploit
SHA-256 | 229507ab5122db9b52ff5ed3b2d17270b0cc767b52dbde35844b0c9e61f43744
Open-Xchange Guard 2.4.2 Cross Site Scripting
Posted Sep 13, 2016
Authored by Martin Heiland, Benjamin Daniel Mussler

Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2016-6851, CVE-2016-6853, CVE-2016-6854
SHA-256 | b6b00b94ecd8a6eb1ccee7f194f7bf72d2f3738376ca2774dec5ff0fb5b81020
Open-Xchange App Suite 7.8.2 Cross Site Scripting
Posted Sep 13, 2016
Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2016-5740
SHA-256 | 357ca5858f8f3f0f5e8af6faa2268fb1efd131b5eada5dfc41eb2ddb9239f572
ASUS DSL-X11 ADSL Router Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | 93f34477ca80d1b371bd59eec1b073b39526d51e18f1d4b32ba199d040c8d367
Antisip libosip2 4.1.0 Heap Buffer Overflow / Denial Of Service
Posted Sep 13, 2016
Authored by bshastry

Antisip libosip2 version 4.1.0 suffers from heap buffer overflow vulnerabilities that can lead to a denial of service.

tags | exploit, denial of service, overflow, vulnerability
SHA-256 | 4fb1846a03b8c8aac79c1ed6aff112685708fcfd67c525b4cfa54053a3f4db3a
Red Hat Security Advisory 2016-1856-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1856-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
SHA-256 | b0341ca2ab1e5f356ac596459438c2dfa0c9b08c3f6fa314e3310209d709e77a
Red Hat Security Advisory 2016-1855-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1855-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316, CVE-2016-6317
SHA-256 | 70bb64dcf8c9353bcb21bba544ed3251626be8563e6c58b30053f444f633ede9
Red Hat Security Advisory 2016-1857-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
SHA-256 | ff94a8072670dd5e02057584a6ffb4f6febe917dd05953502954fe95f960dfe7
Red Hat Security Advisory 2016-1858-01
Posted Sep 13, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

tags | advisory, remote, web, xss, ruby
systems | linux, redhat
advisories | CVE-2016-6316
SHA-256 | 9d3e8c4dd25e586408c85a6de8a2a349896b9f80ce49b91e648a10f476e7e84f
wdCalendar 2 SQL Injection
Posted Sep 13, 2016
Authored by Alfonso Castillo Angel

wdCalendar version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | eda360a51a243d20689bf0175cc89da0fbc62420b76917350111b67ae7b0a19c
Cherry Music 0.35.1 Arbitrary File Disclosure
Posted Sep 13, 2016
Authored by feedersec

Cherry Music version 0.35.1 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 96b710d58bf275eab928be65aea31eae56eac18aee876021c06ecb76c47164df
Windows x86 Password Protected TCP Bind Shell
Posted Sep 13, 2016
Authored by Roziul Hasan Khan Shifat

637 bytes small Microsoft Windows x86 password protect TCP bind shell shellcode.

tags | shell, x86, tcp, shellcode
systems | windows
SHA-256 | 3ed580d8b755dbbf3ed35188735814aff589ee052051b98152bc9af672d25a2c
CodeWarrior 0.3
Posted Sep 13, 2016
Authored by coolervoid

CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.

tags | tool, php, javascript, asp, ruby
systems | unix
SHA-256 | 82753c89cb961457842b407e2a28042ca4dfbd896b15eb1555371fa0f3628dce
COMTREND ADSL Router CT-5624 C01_R03 Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

COMTREND ADSL router CT-5624 C01_R03 unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | 3f980e48cba96dc8f106f0e6c0a75038a0ee785b217fe44545a3d7abc69d1231
COMTREND ADSL Router CT-5367 C01_R12 Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

COMTREND ADSL router CT-5367 C01_R12 unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | e480d4507c963ac594953ced80b3a31a9b8aab94fa5113694da85cd569cd31be
Tenda ADSL2/2+ Modem 963281TAN Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

Tenda ADSL2/2+ modem version 963281TAN unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | 7a8d3c4dbd3667e98cf6bb464cb26347ffbb09d2667a28fd71f9f5506df04ea4
PLANET VDR-300NU ADSL Router Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

PLANET VDR-300NU ADSL Router unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | 8197ee2306f964cdd22efee0d369aace2490e04ef7b237eaf2035d705b1e7e58
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close