Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-04-10

Moxa MX-AOPC UA Server 1.5 XML Injection
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MX-AOPC UA server version 1.5 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2017-7457
MD5 | 55d6b8c4a9c9686a2c9d942fc05c6018
Apache Tomcat 7.x / 8.x / 9.x Information Disclosure
Posted Apr 10, 2017
Authored by Mark Thomas | Site tomcat.apache.org

While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.

tags | advisory, web
advisories | CVE-2017-5648
MD5 | edf987c7d7f59ee5f0bb2cacdb6d0c4c
Moxa MXView 2.8 Denial Of Service
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MXView version 2.8 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-7456
MD5 | f3e8a984c7ff2ba005faeacc03b91ca6
Code Igniter 3.1.3 HTTP Response Header Injection
Posted Apr 10, 2017
Authored by Guillermo Caminer

Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.

tags | exploit, web
MD5 | 1d571b1f6f9fe1379d1aac0ac6113990
WordPress Tribulant Slideshow Gallery 1.6.5 Cross Site Scripting
Posted Apr 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5741ae5fa8e37ddb93b6ee5632cf37d8
Apache Tomcat 8.x / 9.x Refactoring Information Disclosure
Posted Apr 10, 2017
Authored by Mark Thomas | Site tomcat.apache.org

The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.

tags | advisory, web
advisories | CVE-2017-5651
MD5 | e9f6d09a47719cc3fefeacc7e674ddb0
Jobscript4Web 4.5 SQL Injection
Posted Apr 10, 2017
Authored by TurkCyberArmy

Jobscript4Web version 4.5 suffers from a remote SQL injection vulnerability that can be leveraged for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 2ea45718e639c59e6546d77e070e2a9e
Moxa MXview 2.8 Private Key Disclosure
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MXview version 2.8 suffers from a remote private key disclosure vulnerability.

tags | exploit, remote
advisories | CVE-2017-7455
MD5 | 58755d040704843cdd61e355a5843087
LastPass Remote Code Execution
Posted Apr 10, 2017
Authored by Tavis Ormandy, Google Security Research

LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.

tags | exploit, remote, code execution
MD5 | 50eb651f9e9bdc8f3916e6eac9c5558e
Xen memory_exchange() Guest Breakout
Posted Apr 10, 2017
Authored by Google Security Research, jannh

Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout.

tags | exploit
advisories | CVE-2017-7228
MD5 | aa31f251ac964d32a781e52a20d3824f
MacOS/iOS fsevents Device Double-Free
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from double free due to bad locking in fsevents device.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2490
MD5 | 6a929aa0a7b4639ae693d1a0f4bab543
MacOS audit_pipe_open Off-By-One Memory Corruption
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

MacOS suffers from a kernel memory corruption due to an off-by-one in audit_pipe_open.

tags | exploit, kernel
advisories | CVE-2017-2483
MD5 | f7c8eaf4961bb3e6fe865f39da591668
MacOS/iOS bpf Kernel Heap Overflow
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from a heap overflow in bpf.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2482
MD5 | 04a0b478366f9dac50b1c4da133e3773
WebKit Synchronous Page Load UXSS
Posted Apr 10, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a cross site scripting vulnerability via a synchronous page load.

tags | exploit, xss
advisories | CVE-2017-2480
MD5 | fdf9dcb26a4c3fe75f6a4e5f72ae0bdd
WebKit Focus Event UXSS
Posted Apr 10, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.

tags | advisory, xss
advisories | CVE-2017-2479
MD5 | c8b52cd89456bb82333d2fb8bc906995
MacOS/iOS necp_open Use-After-Free
Posted Apr 10, 2017
Authored by Google Security Research, ianbeer

The MacOS/iOS kernel suffers from a use-after-free vulnerability due to bad locking in necp_open.

tags | exploit, kernel
systems | ios
advisories | CVE-2017-2478
MD5 | d17fc3625074faceadc01a944d5d1b46
WebKit WebCore::toJS Use-After-Free
Posted Apr 10, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::toJS.

tags | exploit
advisories | CVE-2017-2476
MD5 | f5d7f967b5751e9306026b2d038fc34f
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close