Exploit the possiblities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2017-04-26

Mercurial Custom hg-ssh Wrapper Remote Code Execution
Posted Apr 26, 2017
Authored by claudijd | Site metasploit.com

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

tags | exploit, arbitrary, code execution, python
MD5 | 84d44fdb3c43165b047bb08d12580e29
Confluence 6.0.x Information Disclosure
Posted Apr 26, 2017
Authored by David Black | Site atlassian.com

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.

tags | advisory, web, info disclosure
advisories | CVE-2017-7415
MD5 | 38ca5d2e34e97c50ec379da3ed758169
Apache Hadoop DataNode Missed Validation
Posted Apr 26, 2017
Authored by Sunil Yadav

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected.

tags | advisory
advisories | CVE-2017-3162
MD5 | 669dccbc616f846fb3c469d4fda3b463
Red Hat Security Advisory 2017-1162-01
Posted Apr 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1162-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27 Software Collection has been upgraded to version 2.7.13, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-9365
MD5 | f80bdf1620ac051ab16e8406ef77c927
Red Hat Security Advisory 2017-1161-01
Posted Apr 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1161-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-1546, CVE-2016-2161, CVE-2016-8740, CVE-2016-8743
MD5 | d2cdbfc49ae3b71b875790f9786780d9
Debian Security Advisory 3834-1
Posted Apr 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3834-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600
MD5 | 8f751a9db7d285ea320ff93835b91662
LightDM (Ubuntu 16.04/16.10) Privilege Escalation
Posted Apr 26, 2017
Authored by G. Geshev

This advisory describes a local privilege escalation via guest-account in LightDM found in Ubuntu versions 16.10 / 16.04 LTS.

tags | exploit, local
systems | linux, ubuntu
advisories | CVE-2017-7358
MD5 | b35987d1c375a794afa81e4d246b7833
Revive Ad Server 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2017
Authored by Cyril Vallicari

Revive Ad Server version 4.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6c840719116c4524856ae14367977595
WordPress KittyCatfish 2.2 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress KittyCatfish plugin version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ee349d5626e65bb67f72226960c29ec0
WordPress Car Rental System 2.5 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Car Rental System plugin version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 410c8655e6260bbdbbfe46359f415cb9
WordPress Wow Viral Signups 2.1 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Wow Viral Signups plugin version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f9939f78c5d524472687755af0b5e6a
Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure
Posted Apr 26, 2017
Authored by Mojtaba MobhaM

Joomla jDBexport component version 3.2.10 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 2723a152193a0bca3bebed06e7adad35
WordPress Wow Forms 2.1 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Wow Forms plugin version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0e2deca3be8f08e52ee6a0c7adde4439
How FlexiSpy Was Hacked
Posted Apr 26, 2017
Authored by fleximinx

A write up by the hacker who hacked FlexiSpy.

tags | paper
MD5 | 749511fa1b92d7722d352af8137558ce
HackBack - A DIY Guide For Those Without The Patience To Wait For Whistleblowers
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide for those without the patience to wait for whistleblowers.

tags | paper
MD5 | b557eab1296015871663c2a205da3ccd
HackBack - A DIY Guide, Spanish Version
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide. Written in Spanish.

tags | paper
MD5 | 1e4a3a38e424f1f49d5678019db173bd
HackBack - A DIY Guide
Posted Apr 26, 2017
Authored by Phineas Fisher

Whitepaper entitled HackBack - A DIY Guide.

tags | paper
MD5 | cb504760265cc4bebfc1f9114b25fef9
Microsoft Windows 2003 SP2 ERRATICGOPHER SMB Remote Code Execution
Posted Apr 26, 2017
Authored by vportal

Microsoft Windows 2003 SP2 ERRATICGOPHER SMB remote code execution exploit.

tags | exploit, remote, code execution
systems | windows
MD5 | 90e2c6e168f2b59c29896b9e07ce183f
Portrait Display SDK Service Privilege Escalation
Posted Apr 26, 2017
Authored by W. Schober | Site sec-consult.com

Portrait Display SDK Service suffers from a privilege escalation vulnerability due to an insecure service configuration.

tags | exploit
advisories | CVE-2017-3210
MD5 | 25ef94ac7f0003443e5874c6fdf858c3
Joomla MyPortfolio 3.0.2 SQL Injection
Posted Apr 26, 2017
Authored by Mojtaba MobhaM

Joomla MyPortfolio component version 3.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f91831b468e51ab5ad414336fb2b33ff
Flyspray 1.0-rc4 Cross Site Scripting
Posted Apr 26, 2017
Authored by Cyril Vallicari

Flyspray version 1.0-rc4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 92e3d345514263af199f4551b81afa80
Samsung Smart TV Wi-Fi Direction Improper Authentication
Posted Apr 26, 2017
Authored by Neseso Research Team

Samsung Smart TV Wi-Fi allows for unfettered access to rogue devices by strictly whitelisting access via a mac address.

tags | advisory
MD5 | 58ec0513c3f2014bba5be68db49012e3
Private Tunnel Client 2.8 Buffer Overflow
Posted Apr 26, 2017
Authored by Muhann4d

Private Tunnel Client version 2.8 local buffer overflow SEH exploit.

tags | exploit, overflow, local
MD5 | 4b38e474a403244526b6d6dff5c15b5b
Uberscan Brute Forcing Tool
Posted Apr 26, 2017
Authored by Batch McNulty

Uberscan is an IP scanner and brute forcing tool all in one. Written in perl.

tags | tool, scanner, perl
systems | unix
MD5 | c2206c84617814483c4882184580d507
Remote Exploitation Of An Unaltered Passenger Vehicle
Posted Apr 26, 2017
Authored by Chris Valasek, Charlie Miller

This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.

tags | paper, remote
MD5 | 8ef1c05f03804965a8e0959a7cddb361
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close