what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-04-06

Samhain File Integrity Checker 4.2.1
Posted Apr 6, 2017
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 40d446e66e56614a51ff2d231b30ec0df275e4c17e0a65e2e1c618ab394e1d70
Apple Security Advisory 2017-04-04-1
Posted Apr 6, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-04-04-1 - Apple Music 2.0 for Android is now available and addresses a certificate validation issue.

tags | advisory
systems | apple
advisories | CVE-2017-2387
SHA-256 | e2d4a49ec8aa12899165073f8d711b115f575439dfdded9070be8dcfe447ab51
Cambium SNMP Access Controls
Posted Apr 6, 2017
Authored by Karn Ganeshen

Cambium products suffer from SNMP access control issues that may allow for unauthorized changes to the device configuration. Models affected include Cambium ePMP 1000, Cambium ePMP 2000, Cambium PMP XXX, and Cambium ForceXXX models.

tags | exploit, bypass
SHA-256 | 83af628b8ca5f9c6f13937f56b1da567235978f7f6485f3db1c03008ecf2e6d5
From Zero to ZeroDay Journey: Router Hacking
Posted Apr 6, 2017
Authored by Leon Juranic

Whitepaper called From Zero to ZeroDay Journey: Router Hacking (WRT54GL Linksys Case).

tags | paper
SHA-256 | 66c928dae742c5b1f66c19385575361b4ebbbe5aef56979b8945aa3f1562cf31
Asterisk Project Security Advisory - AST-2017-001
Posted Apr 6, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

tags | advisory, remote
SHA-256 | 4f394dc143a808e8b1929549291dac026ba69e8dc9fd92c43b3dff47220e1290
SenNet Data Logger / Electricity Meter Code Execution
Posted Apr 6, 2017
Authored by Karn Ganeshen

SenNet data logger and electricity meter appliances suffer from insecure configuration and OS command injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | af974497ffb69114fb44715f152d81b4463d76f11a1ae74ed3a4e791dae40a58
Sistemi Winlog SCADA Software DLL Hijacking
Posted Apr 6, 2017
Authored by Karn Ganeshen

Sielco Sistemi Winlog SCADA Software versions prior to 3.02.01 suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-5161
SHA-256 | eb28553774404c4a0961a9210b37b0374aff6513679b76880d96e42e9441d27b
VMU-C CSRF / XSS / Access Control
Posted Apr 6, 2017
Authored by Karn Ganeshen

The VMU-C webserver suffers from cross site request forgery, cross site scripting, access control, weak credential management, and insecure storage vulnerabilities. VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17 are affected.

tags | advisory, vulnerability, xss, info disclosure, csrf
advisories | CVE-2017-5144, CVE-2017-5145, CVE-2017-5146
SHA-256 | 1582c6722bcf37eb3cd5c16f529748ff9d4b17c5c7e4c15f8293942e38016191
WordPress Firewall 2 1.3 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 6, 2017
Authored by Tom Adams

WordPress Firewall 2 version 1.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | e931376033f97633c8fcb5a60100c1bfabead9f74477b8421f59aa6b4043e110
QNAP QTS Remote Command Injection
Posted Apr 6, 2017
Authored by Harry Sintonen

QNAP QTS suffers from multiple command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-6359, CVE-2017-6360, CVE-2017-6361
SHA-256 | 343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005
Apache Tomcat 7.0.76 Directory Traversal
Posted Apr 6, 2017
Authored by DefenseCode

Apache Tomcat version 7.0.76 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | a1268dc6c01e23eaa3d4d609b9d4371d8072dc5aeae66cfb4b18621936d4b05c
LAquis SCADA 4.1 Access Control
Posted Apr 6, 2017
Authored by Karn Ganeshen

LAquis SCADA version 4.1 suffers from access control issues.

tags | advisory, bypass
advisories | CVE-2017-6016
SHA-256 | 86fbbd5516820667a46d0ba5ad09fd19f5f20c2b0184e3600ed71fd84482b636
DragonWave Horizon 1.01.03 Hardcoded Credentials
Posted Apr 6, 2017
Authored by Ian Ling

DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.

tags | advisory
SHA-256 | 07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437
Apple Music Android Application Man-In-The-Middle
Posted Apr 6, 2017
Authored by David Coomber

The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.

tags | advisory
systems | apple
advisories | CVE-2017-2387
SHA-256 | 1422d48bcd8eed64fc465a014de8e359bdf5f4adb5d983d4dc5bc3f09063b2b3
iPlatinum iOneView Cross Site Scripting
Posted Apr 6, 2017
Authored by Patrick Webster

iPlatinum iOneView suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0748c764b11fe8653d8bdf660e05509be0b81f6592585f84e66a264607caccd8
Moodle 2.4.10 / 2.5.6 / 2.6.3 / 2.7 Account Information Disclosure
Posted Apr 6, 2017
Authored by Patrick Webster

Moodle versions 2.7 and earlier suffer from a vulnerability that discloses the account name for a specified profile ID.

tags | exploit, info disclosure
SHA-256 | 4f976a974fdadab3348c916dd40c13ac770e58b386f43d58b4af5a65ee162dda
DAVOSET 1.3.1
Posted Apr 6, 2017
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: New services added into list of zombies. Non-working services removed. Security bypass added by using cookies are appropriate sites.
tags | tool, denial of service
SHA-256 | 66a98e70a144fe9899d8fd9fd517199c71cec492e3975c6c06cc8252d0d5a2bc
Schneider Hardcoded Password
Posted Apr 6, 2017
Authored by Ralf Spenneberg, Hendrik Schwartke, Simon Heming, Maik Bruggemann

The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.

tags | exploit
SHA-256 | 4621c0044c5a24d96d1788203f448b2efd0583ce750a71e293fd82e80739c88c
Windows 10 x64 Egghunter Shellcode
Posted Apr 6, 2017
Authored by Peter Baris

45 bytes small Windows 10 x64 egghunter shellcode.

tags | shellcode
systems | windows
SHA-256 | bdafa19400362a61aa6382dc9ee25a8519098934deb157b8bdb8739bf5df3f7e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close