what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2017-02-02

tcpdump 4.9.0
Posted Feb 2, 2017
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Improved separation frontend/backend (tcpdump/libnetdissect). No longer requires IPv6 library support in order to support IPv6 addresses. Various other bug fixes and additions.
tags | tool, sniffer
systems | unix
SHA-256 | eae98121cbb1c9adbedd9a777bf2eae9fa1c1c676424a54740311c8abcee5a5e
WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution
Posted Feb 2, 2017
Authored by Harsh Jaiswal

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.

tags | exploit, arbitrary, code execution
SHA-256 | 232e4017e6444aa64706da95f3acbbd009ec70edd74978bac9795aa0ad3aaca5
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
Posted Feb 2, 2017
Authored by Tim Herres | Site foxmole.com

Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 04dd869096df8857a51976f38fb0764055eba720300d412a999ef376fb6081d5
Ghostscript 9.20 Command Execution
Posted Feb 2, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Ghostscript version 9.20 suffers from a local command execution vulnerability due to trusting unsanitized filenames.

tags | exploit, local
SHA-256 | cd512def089ae039535a0ff91f2847be846b37050c9ff6cfa421fe512d16bba9
Red Hat Security Advisory 2017-0238-01
Posted Feb 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396
SHA-256 | 02cc3271b41418bdf6c452b3df794dca967b430e36eedfeb0186983ce94f3c2d
WordPress 4.7.0 / 4.7.1 Content Injection Proof Of Concept
Posted Feb 2, 2017
Authored by leonjza

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | a85d2d596c6cdf62b7ccf464b4ae1844c836271401326bfa305b721c24235129
Microsoft Windows 10 SMBv3 Tree Connect
Posted Feb 2, 2017
Authored by laurent gaffie

Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.

tags | exploit, proof of concept
systems | windows
SHA-256 | 343da4ee047ee5f258a982c57d4135b6f38f56c8423e847bc62819ca100b5eaa
Linux Multi/Dual Mode Reverse Shell Shellcode
Posted Feb 2, 2017
Authored by odzhancode

129 bytes small Linux multi/dual mode reverse shell shellcode.

tags | shell, shellcode
systems | linux
SHA-256 | 8ebb0b251f9768ff93502f0d5f19bb8a0d5493ef5ee14002fd92ec841d336a2c
Android RKP rkp_set_init_page_ro Memory Corruption
Posted Feb 2, 2017
Authored by Google Security Research, laginimaineb

Android suffers from an RKP related memory corruption vulnerability in rkp_set_init_page_ro.

tags | exploit
SHA-256 | e5c59c78302f977cd29039800c6949a70eb5630d466ed6540a65555c3533cf63
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
Posted Feb 2, 2017
Authored by Dustin Warren

WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. Originally vulnerability discovered by Sucuri's research team.

tags | exploit
SHA-256 | bd58209139b43f7c9b7d2e53c961dfc5458fe627f7b590f162c4620fa054b329
EMC Network Configuration Manager (NCM) 9.x Code Execution
Posted Feb 2, 2017
Site emc.com

EMC Network Configuration Manager (NCM) versions 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x suffer from code execution and improper authentication vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-2767, CVE-2017-2768
SHA-256 | 0f26d30c5898b380a7503c6be0e506ff6fa3d12c4b250255cd0f6e42a226f86f
Ubuntu Security Notice USN-3185-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3185-1 - It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10164
SHA-256 | 17a2c71627e7cea12aef70673bc1567cdd4d4769169668dde3a945c7a5343c04
Ubuntu Security Notice USN-3183-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-1 - Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
SHA-256 | 035914142c4ddafee94b71aaabdb111a04a8be64edf6d0cf13cb9129c4828f7b
Ubuntu Security Notice USN-3184-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3184-1 - It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-7553, CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356
SHA-256 | 8fffde546749a146e440119761742c9054a80582cb3f6cf8fcecc6028e307fd3
Ubuntu Security Notice USN-3186-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3186-1 - It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-0357
SHA-256 | 2a283f87c0c3fc55613e7c8182cc0b0d4799a908c82e6514a23e5d63635df2bb
HP Security Bulletin HPSBST03588 1
Posted Feb 2, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03588 1 - A potential security vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS. The vulnerability could be remotely exploited resulting in arbitrary command execution. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-8529
SHA-256 | 782dd5732ac7acd5e00984a08a61b8bf153e990e7fe953e554739b420e1b2abb
Cisco Security Advisory 20170201-prime-home
Posted Feb 2, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
SHA-256 | 2b2b37f518d4ccc6b7169be17a2c17c139547bd38148a33f01b2283bdda1b7b5
Ubuntu Security Notice USN-3182-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3182-1 - Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0358
SHA-256 | d7e87d437e6c386c7a2fd8dbb3bb71070101b552c0748efb494d4cea9373ca4b
Red Hat Security Advisory 2017-0226-01
Posted Feb 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0226-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | e52ae8f1d7a3ae0c5f62184851716b5e95bb31c806d817f33e959ffd73054384
Debian Security Advisory 3779-1
Posted Feb 2, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3779-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims' credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-5488, CVE-2017-5489, CVE-2017-5490, CVE-2017-5491, CVE-2017-5492, CVE-2017-5493, CVE-2017-5610, CVE-2017-5611, CVE-2017-5612
SHA-256 | 09295a4c4e63cd48aa58a0144f1e422d2cddb696e50f6c667deaa4cda3ab03d2
Bitrix Site Manager Cross Site Scripting
Posted Feb 2, 2017
Authored by MustLive

Bitrix Site Manager suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b4e8a85304c515293bfd60d6515e0c85187971f7175192a707017c5b3c76cd37
Property Listing Script Blind SQL Injection
Posted Feb 2, 2017
Authored by Kaan KAMIS

Property Listing Script suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d2804666c079d5d2c5f1d6d38998755cebde29a17d807828ebd5dfe3ae0f4eac
LogoStore SQL Injection
Posted Feb 2, 2017
Authored by Kaan KAMIS

LogoStore suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b958a67f93c267bb44bc15716cbd2787122bbd1e138ebbe08a4355b351c5f3b8
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close