Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-11-17

DCFM Blog 0.9.7 Cross Site Scripting
Posted Nov 17, 2016
Authored by N_A

DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 21bf1f64907cfb8a12fe6ae58ccb774c
DCFM Blog 0.9.7 Blind SQL Injection
Posted Nov 17, 2016
Authored by N_A

DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fd61b66a2e47b5787f7e72ec20b2a360
Ubuntu Security Notice USN-3130-1
Posted Nov 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3130-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
MD5 | 6a3cdb79e8cc3cb030e6cafeb2d5d694
Red Hat Security Advisory 2016-2807-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
MD5 | 59ee23a6b963dac94a9705e7751ca1ca
Red Hat Security Advisory 2016-2808-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
MD5 | e6eedfc380324ddb869900976a7b4192
Red Hat Security Advisory 2016-2802-01
Posted Nov 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-6304
MD5 | 8e56b0c67a64377b482aced9ec3d90a9
WordPress Answer My Question 1.3 SQL Injection
Posted Nov 17, 2016
Authored by Lenon Leite

WordPress Answer My Question plugin version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 75fa34690622e4adb68a1b0133b3555a
WordPress Sirv 1.3.1 SQL Injection
Posted Nov 17, 2016
Authored by Lenon Leite

WordPress Sirv plugin version 1.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 998b481224354bc1e95d6cfb4915e569
PoisonTap Backdoor Network Sniffer
Posted Nov 17, 2016
Authored by Samy | Site github.com

PoisonTap exploits locked/password protected computers over USB, drops a persistent WebSocket-based backdoor, exposes an internal router, and siphons cookies using Raspberry Pi Zero and Node.js.

tags | tool
systems | unix
MD5 | 3214ae89132584015fd98d7f9bbec634
USBKill Anti-Forensic Kill Switch
Posted Nov 17, 2016
Authored by hephaest0s | Site github.com

USBKill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

tags | tool
systems | unix
MD5 | 463779142f659c878ae21660ae81fce5
Wireshark Analyzer 2.2.2
Posted Nov 17, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 88bb55bcbc5249fee10bcea332a4fece
OpenSCAP Libraries 1.2.12
Posted Nov 17, 2016
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
MD5 | 870b59ec4da4ab90815c5cd54a93768c
Authenticated WMI Exec Via Powershell
Posted Nov 17, 2016
Authored by RageLtMan | Site metasploit.com

This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.

tags | exploit, remote
MD5 | c1279e25862f96c8698755708c8a395d
Debian Security Advisory 3716-1
Posted Nov 17, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3716-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9074
MD5 | f8e78fc16f9cf46208bc2fb16cf34b76
Gentoo Linux Security Advisory 201611-10
Posted Nov 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-10 - A vulnerability in libuv could lead to privilege escalation. Versions less than 1.4.2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2015-0278
MD5 | 663f045ee32ac65874529f305b0ca950
Emsisoft Privilege Escalation
Posted Nov 17, 2016
Authored by Stefan Kanthak

In an attempt to address DLL hijacking issues, Emsisoft has introduced additional security issues.

tags | advisory
systems | windows
MD5 | fc7126a8f516fd1442b1210005935b72
SpaceHack Satellite Terminal Scanner
Posted Nov 17, 2016
Authored by Nicholas Lemonias

This tool can be used to find insecure satellite terminals and "Telecommand and Control" terminals in a network.

tags | tool, scanner
systems | unix
MD5 | b7d56025d18986f06f0994da75107cfc
Packet Fence 6.4.0
Posted Nov 17, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Bug fixes and updates to translations.
tags | tool, remote
systems | unix
MD5 | 44c9effe1168cae62300e3a595ec5018
Microsoft Security Bulletin Revision Increment For November, 2016
Posted Nov 17, 2016
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
MD5 | e53dd00179e2926b7815501a4c835285
Microsoft Edge Eval Type Confusion
Posted Nov 17, 2016
Authored by Google Security Research, natashenka

In Chakra, function calls can sometimes take an extra internal argument, using the flag CallFlags_ExtraArg. The global eval function makes assumptions about the type of this extra arg, and casts it to a FrameDisplay object. If eval is called from a location in code where an extra parameter is added, for example, a Proxy function trap, and the extra parameter is of a different type, this can lead to type confusion.

tags | exploit
advisories | CVE-2016-7240
MD5 | 1009de3c3511038569b15236b1a629de
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    7 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close