exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-03-22

Cisco Security Advisory 20170322-iox
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, overflow, root, code execution
systems | cisco
advisories | CVE-2017-3853
SHA-256 | 5690117646d6b3517de249b639b84ad6009dd63bbb933633ae322ba51a01b44e
Cisco Security Advisory 20170322-ztp
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
advisories | CVE-2017-3859
SHA-256 | 2758392fd2285e59de5765f4ed70e192889eb0b4cc11290f2945bbbaffd07401
Cisco Security Advisory 20170322-l2tp
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
advisories | CVE-2017-3857
SHA-256 | 8bea2ddcb93ad10635670df2af50464d0f21871575a44f527c5534396ab6f63d
Cisco Security Advisory 20170322-dhcpc
Posted Mar 22, 2017
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
advisories | CVE-2017-3864
SHA-256 | 9128134a4778e4b6128fd57912ce670d99b70dd87d2acfe189b66ebf145284ce
Ubuntu Security Notice USN-3241-1
Posted Mar 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3241-1 - Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839
SHA-256 | b58272bfc3b0c172a9d0f539a3283b0b6ea1615b24f343b4755033ddb00b102d
SysGauge SMTP Validation Buffer Overflow
Posted Mar 22, 2017
Authored by Chris Higgins, Peter Baris | Site metasploit.com

This Metasploit module will setup an SMTP server expecting a connection from SysGauge 1.5.18 via its SMTP server validation. The module sends a malicious response along in the 220 service ready response and exploits the client, resulting in an unprivileged shell.

tags | exploit, shell
SHA-256 | 4baa08befe8f7e2bbccdcae8c675d729f0222bafa9e6eadc97b5a044bd54592c
Ubuntu Security Notice USN-3239-2
Posted Mar 22, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3239-2 - USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5180, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984, CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417, CVE-2016-6323
SHA-256 | ff39913b27c4b2e011da5475a874c94850d6e1838b156178666e0c258fee9303
Solar-Log CSRF / Information Disclosure / DoS / File Upload
Posted Mar 22, 2017
Authored by T. Weber | Site sec-consult.com

Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, file upload, csrf
SHA-256 | 2d4ea59b67a6e2e050f10517f0354018d7194b9a69fe3ed5b13cfef0aeab7eeb
Disk Sorter Enterprise 9.5.12 Buffer Overflow
Posted Mar 22, 2017
Authored by Daniel Teixeira

Disk Sorter Enterprise version 9.5.12 GET buffer overflow SEH exploit.

tags | exploit, overflow
SHA-256 | 9bcbe319bc61fad1c46803139c12a81d49aef3ac226ad042a33e2cd8d25b179c
Lynis Auditing Tool 2.4.7
Posted Mar 22, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Minor code cleanups.
tags | tool, scanner
systems | unix
SHA-256 | 9eefc56f1cb21df77e0b7d63b294a213f45a9ed360107c30ddc9687ca1bfe940
OpenSSH On Cygwin SFTP Client Directory Traversal
Posted Mar 22, 2017
Authored by Jann Horn, Google Security Research

Portable OpenSSH supports running on Cygwin. However, the SFTP client only filters out forward slashes (in do_lsreaddir()) and the directory names "." and ".." (in download_dir_internal()). On Windows, including in Cygwin, backslashes can a lso be used for directory traversal.

tags | exploit
systems | windows
SHA-256 | 653080ead75f1a09ebf8449dc6271901603c629ff1cecc6eeb9ae0c1a78ce3da
LastPass websiteConnector.js RPC Command Proxy
Posted Mar 22, 2017
Authored by Tavis Ormandy, Google Security Research

websiteConnector.js content script in LastPass allows for proxying of internal RPC commands.

tags | exploit
SHA-256 | c01b74d3513ae36c123c2c3bd27e5429944df7d35416e37f930ce4fb1b95e591
Joomla Extra Search 2.2.8 SQL Injection
Posted Mar 22, 2017
Authored by Ihsan Sencan

Joomla Extra Search component version 2.2.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5be2f98138805bf2cc9f1d2224fed71b68edd376c41d767b3a824ec1ae04d21d
GLink Word Link Script 1.2.3 SQL Injection
Posted Mar 22, 2017
Authored by Ihsan Sencan

GLink Word Link Script version 1.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 747e4c63b964c0b2248900a592b92907cc45965bc58ebbc6f8bf03f0e3e21876
POC OR GTFO 0x14
Posted Mar 22, 2017
Authored by pocgtfo

This is the fourteenth issue of POC || GTFO.

tags | magazine
SHA-256 | b9db617dcc146cc99f4379b3162a35818d884bf4032ab854b6ec00b5ec98138d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close