Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-03-22

Cisco Security Advisory 20170322-iox
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, overflow, root, code execution
systems | cisco
advisories | CVE-2017-3853
MD5 | db1158a1833f92338a1506959e37f3e0
Cisco Security Advisory 20170322-ztp
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
advisories | CVE-2017-3859
MD5 | e1d8a64df5c5d1e4358f2c447f147794
Cisco Security Advisory 20170322-l2tp
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
advisories | CVE-2017-3857
MD5 | 8e211358e033468251f63614e5b2fb40
Cisco Security Advisory 20170322-dhcpc
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
advisories | CVE-2017-3864
MD5 | 93df32052601d328373b0ac491815e96
Ubuntu Security Notice USN-3241-1
Posted Mar 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3241-1 - Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
MD5 | 51f0c43dea8d08e6462e565da84fc38b
SysGauge SMTP Validation Buffer Overflow
Posted Mar 22, 2017
Authored by Chris Higgins, Peter Baris | Site metasploit.com

This Metasploit module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

tags | exploit, shell
MD5 | aed322bf78a942f8e4c4c99cf051ca51
Ubuntu Security Notice USN-3239-2
Posted Mar 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3239-2 - USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5180, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984, CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417, CVE-2016-6323
MD5 | 0933bcea39df0728dfb221f22c712907
Solar-Log CSRF / Information Disclosure / DoS / File Upload
Posted Mar 22, 2017
Authored by T. Weber | Site sec-consult.com

Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, file upload, csrf
MD5 | 3d7da7086a3bee04a402cfd29ba39c1c
Disk Sorter Enterprise 9.5.12 Buffer Overflow
Posted Mar 22, 2017
Authored by Daniel Teixeira

Disk Sorter Enterprise version 9.5.12 GET buffer overflow SEH exploit.

tags | exploit, overflow
MD5 | c9815b57b711c26282745fc67efc9b35
Lynis Auditing Tool 2.4.7
Posted Mar 22, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Minor code cleanups.
tags | tool, scanner
systems | unix
MD5 | d6e6b5410a678ca4bc3ddb0315a73e20
OpenSSH On Cygwin SFTP Client Directory Traversal
Posted Mar 22, 2017
Authored by Google Security Research, jannh

Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names "." and ".." (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.

tags | exploit
systems | windows
MD5 | 2069de5aceb936104c15b6d7d812f974
LastPass websiteConnector.js RPC Command Proxy
Posted Mar 22, 2017
Authored by Tavis Ormandy, Google Security Research

websiteConnector.js content script in LastPass allows for proxying of internal RPC commands.

tags | exploit
MD5 | 50e598e932c325522ceaeac12c4c8f35
Joomla Extra Search 2.2.8 SQL Injection
Posted Mar 22, 2017
Authored by Ihsan Sencan

Joomla Extra Search component version 2.2.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7e6dae9c20c2c4cba67f7e12118477cf
GLink Word Link Script 1.2.3 SQL Injection
Posted Mar 22, 2017
Authored by Ihsan Sencan

GLink Word Link Script version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 404e1f97e3e580bfdeaec44141a48d53
POC OR GTFO 0x14
Posted Mar 22, 2017
Authored by pocgtfo

This is the fourteenth issue of POC || GTFO.

tags | magazine
MD5 | 5eaf00d25c14232555a51a50b126746c
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close