accept no compromises
Showing 1 - 25 of 29 RSS Feed

Files Date: 2016-10-19

SPIP 3.1.2 Cross Site Scripting
Posted Oct 19, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-7981
MD5 | 19ea0f9a054fa2b4f4dad9b9c2ec1e08
SPIP 3.1.2 Cross Site Request Forgery
Posted Oct 19, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-7980
MD5 | 2507f46ecb88e872b16a350dcfd71b5d
POC OR GTFO 0x13
Posted Oct 19, 2016
Authored by pocgtfo

This is the thirteenth issue of POC || GTFO.

tags | magazine
MD5 | 1f019532beb6db4b234b3f328d4fa68e
Windows Edge/IE Isolated Private Namespace Insecure DACL Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has a insecure DACL which allows any appcontainer process to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3388
MD5 | 3a58a4a032f194f64df76ef97f1864dd
Windows Edge/IE Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

The isolated private namespace created by ierutils has an insecure boundary descriptor which allows any non-appcontainer sandbox process (such as chrome) or other users on the same system to gain elevated permissions on the namespace directory which could lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3387
MD5 | 04ae222ed5d576af27590135025693ee
Windows NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation
Posted Oct 19, 2016
Authored by Google Security Research, forshaw

NtLoadKeyEx takes a flag to open a registry hive read only, if one of the hive files cannot be opened for read access it will revert to write mode and also impersonate the calling process. This can leading to elevation of privilege if a user controlled hive is opened in a system service.

tags | exploit, registry
advisories | CVE-2016-0079
MD5 | 1df9217976f58a92f0a890a61a8508f2
XhP CMS 0.5.1 Cross Site Request Forgery / Cross Site Scripting
Posted Oct 19, 2016
Authored by Ahsan Tahir

XhP CMS version 0.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | e56c4d1c34caa6a215730477621b92d8
Cisco Security Advisory 20161019-asa-idfw
Posted Oct 19, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, overflow, arbitrary
systems | cisco
MD5 | 797b6f8f7813d0900195378134022881
Red Hat Security Advisory 2016-2082-01
Posted Oct 19, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2082-01 - Red Hat Storage Console is a new Red Hat offering for storage administrators that provides a graphical management platform for Red Hat Ceph Storage 2. Red Hat Storage Console allows users to install, monitor, and manage a Red Hat Ceph Storage cluster. Security Fix: A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2016-7062
MD5 | 6ead3a49cd89db8d09c7103162a96af3
Red Hat Security Advisory 2016-2079-01
Posted Oct 19, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2079-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
MD5 | 624bc5bdcd32a7488c71552f1bcb2dbf
Yasir Portal 5.0 Portal Scripti Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

Yasir Portal version 5.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 2e38090bf2cbef2c5922f29f2b9d10ab
Redkod 3.0 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

Redkod version 3.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d874ec850c77154d41040a47c3d626b1
KonyaSoft 2.3 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

KonyaSoft version 2.3 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | f9250a953d7b99ac9871e316684601cd
OneBlog 2.0 Cross Site Scripting
Posted Oct 19, 2016
Authored by Nassim Asrir

OneBlog version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 63af82a3a5dfaaf737386ec3b0001320
VBScan Vulnerability Scanner 0.1.7
Posted Oct 19, 2016
Authored by Mohammad Reza Espargham | Site owasp.org

VBScan is a black box vBulletin vulnerability scanner written in perl.

Changes: Updated exploit database. Compatible With Windows. Added Full Path Disclosure (FPD) module. Added firewall detect/bypass module. Optimized version checker module engine. Upgraded config finder module. Random user agent module set as default setting. Added HTML Report.
tags | tool, scanner, perl
systems | unix
MD5 | ab8f36c6254b92a9bcade76be6484200
Cgiemail 1.6 Source Code Disclosure
Posted Oct 19, 2016
Authored by Finbar Crago

Cgiemail version 1.6 suffers from a source code disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 2e25f8a97d56ec5d9dab5057c4685609
IObit Advanced SystemCare 10.0.2 Privilege Escalation
Posted Oct 19, 2016
Authored by Amir.ght

IObit Advanced SystemCare version 10.0.2 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | df0362d005bbbe3422ac203b65e9a950
EZGallery Resim Galerisi Scripti 2.0 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

EZGallery Resim Galerisi Scripti version 2.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 09a7a48701824bd1be7a1de239a80dfb
MyDesign Haber Scripti 7 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

MyDesign Haber Scripti version 7 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 5b5467d858d1ba522922fe85171d2501
PC Toplama 2.0 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

PC Toplama version 2.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e575f64a2d21c997960ffb3422b8fc00
MyDesign Defter 1.7 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

MyDesign Defter version 1.7 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 828734b30df7bb9ec90d92fdb70dacc8
Besni Okul Portal 2.0 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

Besni Okul Portal version 2.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 740574f0b4606674601a7bfd500e4d6e
Simge 1.0 / 2.0 Database Disclosure
Posted Oct 19, 2016
Authored by indoushka

Simge versions 1.0 and 2.0 suffer from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | fbea5359fb61c51d1602a495a41cd205
CloudShare 1.6 Shell Upload
Posted Oct 19, 2016
Authored by indoushka

CloudShare version 1.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | bf1245fb3713d11a5b556e508d980e8d
Hak5 WiFi Pineapple Preconfiguration Command Injection 2
Posted Oct 19, 2016
Authored by catatonicprime | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.

tags | exploit, worm
advisories | CVE-2015-4624
MD5 | 6decdeddc87bc1b4e2eab5e2ce78b412
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close