Exploit the possiblities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2017-02-02

tcpdump 4.9.0
Posted Feb 2, 2017
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Improved separation frontend/backend (tcpdump/libnetdissect). No longer requires IPv6 library support in order to support IPv6 addresses. Various other bug fixes and additions.
tags | tool, sniffer
systems | unix
MD5 | 2b83364eef53b63ca3181b4eb56dab0c
WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution
Posted Feb 2, 2017
Authored by Harsh Jaiswal

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.

tags | exploit, arbitrary, code execution
MD5 | 9b423351fc845e3ccf431d3883a48a82
Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation
Posted Feb 2, 2017
Authored by Tim Herres | Site foxmole.com

Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | d9a6dc50b238332944dc1fdc3284194f
Ghostscript 9.20 Command Execution
Posted Feb 2, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Ghostscript version 9.20 suffers from a local command execution vulnerability due to trusting unsanitized filenames.

tags | exploit, local
MD5 | 53e546b182080ed24aab6da890276a43
Red Hat Security Advisory 2017-0238-01
Posted Feb 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396
MD5 | bfb297226ef68bc6f22a88b481462ebc
WordPress 4.7.0 / 4.7.1 Content Injection Proof Of Concept
Posted Feb 2, 2017
Authored by leonjza

WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.

tags | exploit, proof of concept
MD5 | 03139864fb5787e9961aca601390dcc2
Microsoft Windows 10 SMBv3 Tree Connect
Posted Feb 2, 2017
Authored by laurent gaffie

Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.

tags | exploit, proof of concept
systems | windows
MD5 | 9c6a3b717fefb0568bc92f9e4261b766
Linux Multi/Dual Mode Reverse Shell Shellcode
Posted Feb 2, 2017
Authored by odzhancode

129 bytes small Linux multi/dual mode reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 54e23ca8ff9c6f051550dc5b3c24c7a1
Android RKP rkp_set_init_page_ro Memory Corruption
Posted Feb 2, 2017
Authored by Google Security Research, laginimaineb

Android suffers from an RKP related memory corruption vulnerability in rkp_set_init_page_ro.

tags | exploit
MD5 | e9ced71e9d2e9e92f8f0acc93031a2bc
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
Posted Feb 2, 2017
Authored by Dustin Warren

WordPress versions 4.7.0 and 4.7.1 REST API post privilege escalation and defacement exploit. Originally vulnerability discovered by Sucuri's research team.

tags | exploit
MD5 | 0bf4eb01dd13b6e3105ee9871200769a
EMC Network Configuration Manager (NCM) 9.x Code Execution
Posted Feb 2, 2017
Site emc.com

EMC Network Configuration Manager (NCM) versions 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x suffer from code execution and improper authentication vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-2767, CVE-2017-2768
MD5 | 15ac4a0e323c73db45b8f3bd82e1438b
Ubuntu Security Notice USN-3185-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3185-1 - It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause libXpm to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10164
MD5 | a8b866a5d3ce24fa9db453dd25b805e5
Ubuntu Security Notice USN-3183-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3183-1 - Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-7444, CVE-2016-8610, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
MD5 | 2cc5efe59d2477e19930f66c4a862855
Ubuntu Security Notice USN-3184-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3184-1 - It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-7553, CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356
MD5 | 145a67b6d0aa3611c29b2f3e9defc831
Ubuntu Security Notice USN-3186-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3186-1 - It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-0357
MD5 | 82c40c8c23f48d1e3113f11b4144a885
HP Security Bulletin HPSBST03588 1
Posted Feb 2, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03588 1 - A potential security vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS. The vulnerability could be remotely exploited resulting in arbitrary command execution. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-8529
MD5 | bf0559b742099284a29a54e3359b8f4b
Cisco Security Advisory 20170201-prime-home
Posted Feb 2, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | f5338e30e3ad4b926849dfe222bde208
Ubuntu Security Notice USN-3182-1
Posted Feb 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3182-1 - Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0358
MD5 | e63f80598199765045623b4fa7fb6622
Red Hat Security Advisory 2017-0226-01
Posted Feb 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0226-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
MD5 | a8492eabe85e29081d083743011b67ce
Debian Security Advisory 3779-1
Posted Feb 2, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3779-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims' credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-5488, CVE-2017-5489, CVE-2017-5490, CVE-2017-5491, CVE-2017-5492, CVE-2017-5493, CVE-2017-5610, CVE-2017-5611, CVE-2017-5612
MD5 | e2b98373a3d26468cd106c9d01bf69f2
Bitrix Site Manager Cross Site Scripting
Posted Feb 2, 2017
Authored by MustLive

Bitrix Site Manager suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bc7fc3eff843745c2196d4e079376fec
Property Listing Script Blind SQL Injection
Posted Feb 2, 2017
Authored by Kaan KAMIS

Property Listing Script suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b0d4229e19850796218bfe9855953ae4
LogoStore SQL Injection
Posted Feb 2, 2017
Authored by Kaan KAMIS

LogoStore suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | aa0a9b60182ccf49f6731ffc43d04763
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close