accept no compromises
Showing 1 - 25 of 26 RSS Feed

Files Date: 2017-03-15

Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting
Posted Mar 15, 2017
Authored by Pralhad Chaskar

Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8855
MD5 | 1c19a6c6d41b3ff7df01d183403b7fae
Steam Profile Integration 2.0.11 SQL Injection
Posted Mar 15, 2017
Authored by DrWhat

Steam Profile Integration version 2.0.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 17ca18f3aa52e42a72609983b0d511f2
GitHub Enterprise 2.8.x Remote Code Execution
Posted Mar 15, 2017
Authored by iblue

GitHub Enterprise versions 2.8.x prior to 2.8.6 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | e6b72b7263b1c9c365dee8ded6914b89
USB Pratirodh XXE Injection
Posted Mar 15, 2017
Authored by Sachin Wagh

USB Pratirodh suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2017-6895
MD5 | ebf302ff3956b3215e010fe652b006b1
Skype 7.16.0.102 DLL Hijacking
Posted Mar 15, 2017
Authored by Sachin Wagh

Skype version 7.16.0.102 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-6517
MD5 | 0c2735dbf296d1cf5c47a33dccb561cf
Ubuntu Security Notice USN-3234-1
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-1 - Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
MD5 | b139d038afe426f432e9d1235d91775c
Ubuntu Security Notice USN-3234-2
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-2 - USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
MD5 | 33267d043392c769a7725256a727de6c
Microsoft Windows LoadUvsTable() Buffer Overflow
Posted Mar 15, 2017
Authored by Hossein Lotfi

Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2016-7274
MD5 | d9077fb6cc4b0aae1bcc3f705cb69e2c
Readymade Job Site Script 3.0.1 SQL Injection
Posted Mar 15, 2017
Authored by Bilal Kardadou

Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 393347bc6a4d213eb70c287e225a3387
Attacking RDP - How To Eavesdrop On Poorly Secured RDP Connections
Posted Mar 15, 2017
Authored by Dr. Adrian Vollmer

Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.

tags | paper
MD5 | 08c726c194f04ec842f3c33ac2386895
Red Hat Security Advisory 2017-0536-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0536-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
MD5 | 3a565286e1f9bfdac40c3fb10782ff78
Red Hat Security Advisory 2017-0533-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0533-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
MD5 | 09210777ca888c90d8ec9a69ac0a826d
Red Hat Security Advisory 2017-0527-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0527-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
MD5 | 669e5602ebd142296bc284d8dfca2810
Red Hat Security Advisory 2017-0535-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0535-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
MD5 | 5d11b5f9a7e18d739c47d4faed69c20e
Red Hat Security Advisory 2017-0532-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0532-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
MD5 | b8829fac8fb1ff8dd620fb3d75d39f48
Red Hat Security Advisory 2017-0526-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0526-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.127. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
MD5 | 65d5b9adb9ccb9df4c9a876c8012bd3a
Red Hat Security Advisory 2017-0531-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0531-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
MD5 | f6bd94a9f6ecb3c313185f14f38893ff
Red Hat Security Advisory 2017-0530-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0530-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
MD5 | 80db3a37779c612bc1038d99c43c59be
Freelancer Script 4.0.1 SQL Injection
Posted Mar 15, 2017
Authored by Bilal Kardadou

Freelancer Script version 4.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 04d72731feaa44a8b1ab4b7e23c07702
Lynis Auditing Tool 2.4.6
Posted Mar 15, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added FileInstalledByPackage function (dpkg and rpm supported). Mark Arch Linux version as rolling release (instead of unknown). Support for Manjaro Linux. Escape files when testing if they are readable. Code cleanups.
tags | tool, scanner
systems | unix
MD5 | e8c06963e079b8fa39517883d3da2bcc
USB Pratirodh Insecure Password Storage
Posted Mar 15, 2017
Authored by Sachin Wagh

USB Pratirodh suffers from an insecure password storage vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-6911
MD5 | 6a99ce87db83041174f30ed5740fe462
FTPShell Client 6.53 Buffer Overflow
Posted Mar 15, 2017
Authored by N_A, Peter Baris

FTPShell Client version 6.53 buffer overflow exploit written in python.

tags | exploit, overflow, python
advisories | CVE-2017-6465
MD5 | e7d79e3cd3d9610a2af3cdb7c741761e
PCAUSA Rawether For Windows Local Privilege Escalation
Posted Mar 15, 2017
Authored by ReWolf

ASUS PCE-AC56 WLAN card utilities (PCAUSA Rawether Windows 10 x64) local privilege escalation exploit.

tags | exploit, local
systems | windows
MD5 | 4af087e4488eea64bfa6cd34567d7212
Joomla Vik Appointments 1.5 SQL Injection
Posted Mar 15, 2017
Authored by Ihsan Sencan

Joomla Vik Appointments component version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec11ed4c703fb541e0692cd8f428fddc
Joomla Vik Rent Items 1.3 SQL Injection
Posted Mar 15, 2017
Authored by Ihsan Sencan

Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b5f44abbba4e6402327958ce9e9853f5
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close