exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-04-10

Moxa MX-AOPC UA Server 1.5 XML Injection
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MX-AOPC UA server version 1.5 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-7457
SHA-256 | fddbaa2065c62aecad0a07d6e23c2ad0e44f16c3227860ed21d602dfbc005faa
Apache Tomcat 7.x / 8.x / 9.x Information Disclosure
Posted Apr 10, 2017
Authored by Mark Thomas | Site tomcat.apache.org

While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.

tags | advisory, web
advisories | CVE-2017-5648
SHA-256 | 193ab6114148905ba8825ba1b184c06507caac43be27d616db0d37daee7cc903
Moxa MXView 2.8 Denial Of Service
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MXView version 2.8 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-7456
SHA-256 | ee15ff8c93b9a8b1fad8541acf0ff16c7a615ec4a3eed39ac5fac990068aed38
Code Igniter 3.1.3 HTTP Response Header Injection
Posted Apr 10, 2017
Authored by Guillermo Caminer

Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.

tags | exploit, web
SHA-256 | e52bee02d270e61fcc601feb04ba41a21c63d1351ad0c4f5b84ee7ac4a8b1654
WordPress Tribulant Slideshow Gallery 1.6.5 Cross Site Scripting
Posted Apr 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cf36f49a86ea3f82a1046c388c6f6d17ba5ee7c62071ee2bd4e998f1681cc18f
Apache Tomcat 8.x / 9.x Refactoring Information Disclosure
Posted Apr 10, 2017
Authored by Mark Thomas | Site tomcat.apache.org

The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.

tags | advisory, web
advisories | CVE-2017-5651
SHA-256 | 9e9a2ed68a0484d3c5eedcf6b96e3c1f556c0d256bfd0937b7b5acc81297e9ef
Jobscript4Web 4.5 SQL Injection
Posted Apr 10, 2017
Authored by TurkCyberArmy

Jobscript4Web version 4.5 suffers from a remote SQL injection vulnerability that can be leveraged for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | e3042b7a5235e668d70888481a9699ca205535e70908ebd279fb977de3e90c6d
Moxa MXview 2.8 Private Key Disclosure
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MXview version 2.8 suffers from a remote private key disclosure vulnerability.

tags | exploit, remote
advisories | CVE-2017-7455
SHA-256 | 5986ef93e2d09ab2475fbda2fb170751a1e9f4689785e02af7f737e55b418d01
LastPass Remote Code Execution
Posted Apr 10, 2017
Authored by Tavis Ormandy, Google Security Research

LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.

tags | exploit, remote, code execution
SHA-256 | 9ed079fcb0d244aa6283137999747a3a863596c417d774f11999caccfd2cde18
Xen memory_exchange() Guest Breakout
Posted Apr 10, 2017
Authored by Jann Horn, Google Security Research

Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout.

tags | exploit
advisories | CVE-2017-7228
SHA-256 | 06a65900927d0ae50f499bf381cb1f57f6ac4ce13a285e0843a65faa968b723b
MacOS/iOS fsevents Device Double-Free
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from double free due to bad locking in fsevents device.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2490
SHA-256 | 262850b875faadf8b393c23f94ab67e4e7ce65d2c09fc67f94f884cdd86d1fd1
MacOS audit_pipe_open Off-By-One Memory Corruption
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

MacOS suffers from a kernel memory corruption due to an off-by-one in audit_pipe_open.

tags | exploit, kernel
advisories | CVE-2017-2483
SHA-256 | 21a54047c8b3039a933e7ce82e134cfd26daad4f5ee3621c596b46d11e4ca14c
MacOS/iOS bpf Kernel Heap Overflow
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from a heap overflow in bpf.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2482
SHA-256 | 6b66f0500cb0eaf62440d1831b24b32d2950c87be93216f6251071c3b8466ec2
WebKit Synchronous Page Load UXSS
Posted Apr 10, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a cross site scripting vulnerability via a synchronous page load.

tags | exploit, xss
advisories | CVE-2017-2480
SHA-256 | 92735631e0e061d11a4e9bee27724d113f8e61007a2e2baf066275e4b780138e
WebKit Focus Event UXSS
Posted Apr 10, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.

tags | advisory, xss
advisories | CVE-2017-2479
SHA-256 | 150fd73a684ece855490a6f6c898fd1b32492efd3abf6b355ecf7177e77dc76a
MacOS/iOS necp_open Use-After-Free
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from a use-after-free vulnerability due to bad locking in necp_open.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2478
SHA-256 | d334d5641f00902e731e8078d52aee2b598b18a6157983f48de2e66a278c8cd4
WebKit WebCore::toJS Use-After-Free
Posted Apr 10, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::toJS.

tags | exploit
advisories | CVE-2017-2476
SHA-256 | adb86ce12fcc6e8a86e2e77aaae5414ee3c6f2d62117a441a2dc1b2f81ae2f4d
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close