what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-01-12

Cisco Firepower Management Console 6.0 Post Authentication UserAdd
Posted Jan 12, 2017
Authored by Matt, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-6433
SHA-256 | 98649baca4e20b64048f59a052bbbb1958604f2558f3e367647487756175a545
Ansible 2.1.4 / 2.2.1 Command Execution
Posted Jan 12, 2017
Site computest.nl

During a summary code review of Ansible, Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to the other hosts controlled by that controller. Versions 2.1.4 and 2.2.1 are affected.

tags | exploit
advisories | CVE-2016-9587
SHA-256 | dad194656bd445e7bccee27069381669672bfa3d39f5a072bb73e2959b371a21
Adobe Flash 24.0.0.186 Code Execution
Posted Jan 12, 2017
Authored by Francis Provencher

This documented vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction visiting a Web page or open a specially crafted SWF file, an attacker is able to create an "out of bound" memory corruption. A file with an "ActionRecord" structure that contains an invalid value in "ActionGetURL2" could lead to remote code execution in the context of the current user. Proof of concept code included.

tags | exploit, remote, web, code execution, proof of concept
advisories | CVE-2017-2930
SHA-256 | a82caebb5c5fc9804ff5b2892d98866fc05cb593b2b4a76497466e64a24e0c5a
Movie Portal Script 7.35 SQL Injection
Posted Jan 12, 2017
Authored by Ihsan Sencan

Movie Portal Script version 7.35 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 52b08327e77a927e5ac53d326fc5dbc373075fb528ef0690182fbea42833bc9a
Travel Portal Script 9.33 SQL Injection
Posted Jan 12, 2017
Authored by Ihsan Sencan

Travel Portal Script version 9.33 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 99cc31218d222cbdc992e1810ebadeea3de4d29d11576521afdb7770f88895c3
Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration
Posted Jan 12, 2017
Authored by Andrea Barisani

The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload (ESP) supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported ciphers that are eventually applied on the IPSec responder of the SIMATIC CP 343-1 Advanced. In fact, regardless of the selected choice for the ESP cipher, it is always possible for the IPSec client to propose, and successfully use, DES, 3DES, AES128 and AES256. This invalidates the potential desire to enforce a stronger cipher, as the client can always decide to use weaker. Siemens SIMATIC CP 343-1 Advanced tested with fw V3.0.44 is affected.

tags | advisory
SHA-256 | 9250759f60c9b83870733f1e01826fa5ac1417d8f1d85e6505d03aeac9bf419c
Cobi Tools 1.0.8 Script Insertion
Posted Jan 12, 2017
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Cobi Tools version 1.0.8 suffers from a malicious script insertion vulnerability that affects the client side application.

tags | exploit
SHA-256 | fa35b790b41ed7e117ea1ef7d553c02dd8194f56bef1f7f1f9a07c21a1f1d869
Boxoft Wav 1.1.0.0 Buffer Overflow
Posted Jan 12, 2017
Authored by Vulnerability Laboratory, SaifAllah benMassaoud | Site vulnerability-lab.com

Boxoft Wav version 1.1.0.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 774cfd268041e05549f9c0e26ca8b96934bfa8494c9c378e40ef9eeb9bccddf1
Huawei Flybox B660 Cross Site Request Forgery
Posted Jan 12, 2017
Authored by Vulnerability Laboratory, SaifAllah benMassaoud | Site vulnerability-lab.com

Huawei Flybox B660 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1d27b6400e9564449202897321f4571ed881c4453df7121e74929b854e451c59
Bit Defender Authentication Token Bypass
Posted Jan 12, 2017
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Bit Defender's website suffered from an authentication token bypass vulnerability.

tags | exploit, bypass
SHA-256 | a7cb14a7774453e2f68dafc2102250ea89501557a432421b02392708cb44acb7
Blackboard LMS 9.1 SP14 Cross Site Scripting
Posted Jan 12, 2017
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Blackboard LMS version 9.1 SP14 suffers from a persistent cross site scripting vulnerability in the title functionality.

tags | exploit, xss
SHA-256 | ff7b4351e36544404e85f4a95edf3f62644b7c829366cc0c64afc9876cf8f674
Blackboard LMS 9.1 SP14 Cross Site Scripting
Posted Jan 12, 2017
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Blackboard LMS version 9.1 SP14 suffers from a persistent cross site scripting vulnerability in the profile functionality.

tags | exploit, xss
SHA-256 | c567dd338ab17b9303c4913ad57a8593e20abe52d5cc6429a7d1a782fea5c300
Responsive File Manager 9.11.0 Cross Site Scripting
Posted Jan 12, 2017
Authored by M.R.S.L.Y

Responsive File Manager version 9.11.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7f7ce38cc78f93242a74a8859b055f73ca4783acbc3403a97eae45a277641f05
Microsoft Windows 8.1 (x64) RGNOBJ Integer Overflow
Posted Jan 12, 2017
Authored by Saif

Microsoft Windows 8.1 (x64) RBNOBJ integer overflow exploit leveraging the vulnerability noted in MS16-098.

tags | exploit, overflow
systems | windows
SHA-256 | 606b9e6dba465c130e83c644bc12a43f60fda0e1656530691abb8389f7110bed
Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr Privilege Escalation
Posted Jan 12, 2017
Authored by Rick Larabee

Microsoft Windows kernel win32k.sys NtSetWindowLongPtr privilege escalation exploit that leverages the vulnerability outlined in MS16-135.

tags | exploit, kernel
systems | windows
advisories | CVE-2016-7255
SHA-256 | 0886e016e70846bd0cec9b33d83b2ba894773f4ecf6a24a7926f387fa80d665c
VideoLan VLC Media Player 2.2.1 Buffer Overflow
Posted Jan 12, 2017
Authored by Patrick Coleman

Proof of concept .mov that demonstrates a DecodeAdpcmImaQT buffer overflow vulnerability in VideoLAN VLC Media Player version 2.2.1.

tags | exploit, overflow, proof of concept
advisories | CVE-2016-5108
SHA-256 | b2140e78e2eafd68a1782f1756831e90e9f5982f5b995cfb92611c9d9ca12f6b
Firejail Privilege Escalation
Posted Jan 12, 2017
Authored by Daniel Hodson

Firejail suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | c685e843415e63d8aeb7bb70240df4de17ccde2223dffc20dc2c1c6717219dfb
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close