exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2017-02-25

Packet Fence 6.5.1
Posted Feb 25, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: 593 new code commits added.
tags | tool, remote
systems | unix
SHA-256 | b1844764d7aaf61ed5f0215be657498d28a24c297cebe10c2fa3753f2b3deb4a
Ansvif 1.6.2
Posted Feb 25, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release has lots of code cleanup, bug fixes, and includes a -y or -b 0 option for zero buffer size (useful with -A and -B when in use with other fuzzers), and a -K option to keep going after a crash (usually only useful when logging).
tags | tool, fuzzer
systems | unix
SHA-256 | fe07ede744275e79f00a3a21f07bc10a3f99cfcb3d440819651a51f0048d0d2b
Mandos Encrypted File System Unattended Reboot Utility 1.7.15
Posted Feb 25, 2017
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | f33bbf2c895e2410d4ecb153c69129d46708c8a724eaa8535ed8e37688c033a4
MVPower DVR Shell Unauthenticated Command Execution
Posted Feb 25, 2017
Authored by Brendan Coles, Andrew Tierney, Paul Davies | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.

tags | exploit, remote, web, arbitrary, shell
SHA-256 | f4244a1e72f87921eab5c56221de1ab5d42d1ffd35789a5298618d85c3223c83
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
SHA-256 | ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes several user inputs and performs blacklisting. After that it use them as argument of predefined operating system command without proper sanitation. However,due to improper blacklisting rule it's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue. This Metasploit module was tested against IMSVA 9.1-1600.

tags | exploit, web, arbitrary, root
SHA-256 | 11e69f1f14c7fda2a5c79709f1ef54202402550d7f061eab772393f32c945aea
Red Hat Security Advisory 2017-0323-01
Posted Feb 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0323-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-2634, CVE-2017-6074
SHA-256 | 056578c1ba769d6ac2dcce94e9e76988a68b5db1def1c44c336d2cf676e7cda7
Red Hat Security Advisory 2017-0324-01
Posted Feb 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
SHA-256 | f14e2b46c2b71cef1afb04a771220b5372f199e76244ba0af668358a52b9f888
Debian Security Advisory 3792-1
Posted Feb 25, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3792-1 - Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2017-3157
SHA-256 | 54bbcab9a611638d54637eac6c3d32a3d276c790c825d076deb406e2defa354f
Joomla Community Quiz 4.3.5 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla Community Quiz component version 4.3.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 70af9012b0302fa389b253a9d33305694a58d13e8caa91b1f02a74cafccc3b72
Joomla Intranet Attendance Track 2.6.5 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla Intranet Attendance Track component version 2.6.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0679fd2dc93ff3a5aaee24154ec5dbefe722d8de41a027f4cd57bfcb61e1dd6f
Joomla Wisroyq 1.6 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Wisroyq component version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f06eb5a40e3459b489d7a895b86931ff2fbba45a3fca42091679f59483739469
Joomla JO Facebook Gallery 4.5 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla JO Facebook Gallery component version 4.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 879a4eac35de9169bb3d03344a4d24d3248f1f2de3b4e4ac87f10a883385c770
Joomla JooDatabase 3.1.0 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla JooDatabase component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 131237df7444861694a95a072f0fd2892467a95371d3c44bf3b7b4f9f1b7a0e5
Joomla Community Polls 4.5.0 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla Community Polls component version 4.5.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f39ba5d2b35b140ed8de3e4c3f686a2aef360d6aba02604a9ec278f0a59aae24
Joomla Fabrik 1.4 / 1.5 Cross Site Scripting
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Fabrik component versions 1.4 and 1.5 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4d5229736a360e38ce56e6f366dab88b3d114f205379ed40f734338ff6877ff8
Joomla Digistore 1.5 / 1.6 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Digistore component versions 1.5 and 1.6 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 213c4323a77bcb2aa2be696429dfcc670869405f1bd1d889b9d119c76cdc514f
Joomla Sgpprojects 3.1 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Sgpprojects component version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2d70c609ee6c39d7e67e653c17e9596d91ab6455beef5398f399ed21a4c6fd09
Joomla Profiler 1.4 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Profiler component version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b6d7a46801e81db7816458ace4dbe7d359627783d5a99c6bf578f5166307e42c
Joomla Community Surveys 4.3 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla Community Surveys component version 4.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7003f566153681a8f4e8843ddcde9ff4af6dee27eb63442a31e8e96eb9c35f73
Joomla AJAX Search For K2 2.2 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla AJAX Search for K2 component version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0e23d1908095ad8d1554c9fe5412bc230a87bc00eef4bf3371639ae55d361652
Joomla Civicrm 1.6 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Civicrm component version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 63c15ade491d2d63959355d82ce7f84dc1960ab516396fc7c81f426fb0f10de6
Joomla Glossary 1.6 SQL Injection
Posted Feb 25, 2017
Authored by Song-Dl Team

Joomla Glossary component version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 30d88979ba4847864bc8a7723b8f773a6e45b441a36b98174c086e1724f2639b
Joomla GPS Tools 4.0.1 SQL Injection
Posted Feb 25, 2017
Authored by Ihsan Sencan

Joomla GPS Tools component version 4.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e37dce21855dc4b3b644d72fe287fbe7c9c31ea7d021903cfaacd4c2390cb848
memcache-viewer Cross Site Scripting
Posted Feb 25, 2017
Authored by HaHwul

memcache-viewer suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a97231410e7a5dfbff21215ff23683c7d5f2e9d76d7289d1d42f989e31bd0e0
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close