Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-05-11

RSA Adaptive Authentication (On-Premise) Cross Site Scripting
Posted May 11, 2017
Site emc.com

RSA Adaptive Authentication (On-Premise) contains a fix for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory, xss
advisories | CVE-2017-4978
MD5 | eece57fdd1784067f1ac6af1b25dfb7f
EMC Isilon OneFS NFS Export Upgrade
Posted May 11, 2017
Site emc.com

EMC Isilon OneFS is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.

tags | advisory
advisories | CVE-2017-4979
MD5 | c0b9cd63e02a4aa8c00f339598f0f548
WordPress User Access Manager 1.2.14 Cross Site Scripting
Posted May 11, 2017
Authored by DefenseCode, Neven Biruski

WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a21b4350764ab31170566267c4ac18b
WordPress Tracking Code Manager 1.11.1 XSS / DoS
Posted May 11, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | d3ef28a36eeaf037536c1dd1e0a8b4b8
Ubuntu Security Notice USN-3260-2
Posted May 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3260-2 - USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464
MD5 | 11ab081ff6232e2a33a57cb2bad556f1
Red Hat Security Advisory 2017-1228-01
Posted May 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1228-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 58.0.3029.96. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5068
MD5 | 878d03b1b0ab0f031b4faf268e3b5071
Ubuntu Security Notice USN-3275-1
Posted May 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3275-1 - It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. Various other issues were also addressed.

tags | advisory, java, remote, local
systems | linux, ubuntu
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 78995ca3a5d8c9f12cc1cc7065b625e7
Ubuntu Security Notice USN-3284-1
Posted May 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3284-1 - It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-7478, CVE-2017-7479
MD5 | 52aedd03525103bc2def5d2599485b8f
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
MD5 | 95f8dd847406e195cfd9f81ff602c626
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass
Posted May 11, 2017
Authored by Kacper Szurek

QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 9e5b18523ce0b371a5bd11a3f875f96a
Gongwalker API Manager 1.1 Cross Site Request Forgery
Posted May 11, 2017
Authored by HaHwul

Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 55bfb61ebd899d34c09719998714cdda
Gongwalker API Manager 1.1 Blind SQL Injection
Posted May 11, 2017
Authored by HaHwul

Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e2f59a1d01c9c7e0fd96cb821d1bfc82
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
Posted May 11, 2017
Authored by HaHwul

BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 9be975678becc6c229ea7ef576b4a2ff
FreeTDS Denial Of Service
Posted May 11, 2017
Authored by Brandon Perry

This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The 'tsql' binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.

tags | exploit, denial of service
MD5 | 861ffee935962526dd6483518c44a8e9
Microsoft MsMpEng UIF Decoder Denial Of Service
Posted May 11, 2017
Authored by Tavis Ormandy, Google Security Research

Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.

tags | exploit
MD5 | 825eed3bdbfc56aab392d700b9138c36
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close