exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-05-20

Sync Breeze Enterprise GET Buffer Overflow
Posted May 20, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows
SHA-256 | 5ff2902a3ec062393e0570fee4f1cc86ff341942ea0f0f52a2987780cddb68ec
MediaWiki SyntaxHighlight Extension Option Injection
Posted May 20, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

tags | exploit, root, php
advisories | CVE-2017-0372
SHA-256 | 42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dac
Pegasus 4.72 Build 572 Remote Code Execution
Posted May 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Pegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-9046
SHA-256 | 4427731fa13b99b05e574e495f0ae5cbb93c76a5b78829b68f137b2e0bd8adef
Secure Auditor 3.0 Directory Traversal
Posted May 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Secure Auditor version 3.0 suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-9024
SHA-256 | 9e96947d550edd506262be8499d639f6170b5fd597c1c3c5b3b82e2f120658a4
Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution
Posted May 20, 2017
Authored by sleepya

Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2017-0144
SHA-256 | a89834c93f1d470ef6476b4a640ac5f5403058b6205f6653a27aa9c7ac53d1f4
Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution
Posted May 20, 2017
Authored by sleepya

Microsoft Windows 8/2012 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2017-0144
SHA-256 | d2515a1e6d996e23c72bd9ad42e411a45def083377a039d3c6f773b7ebd85fba
Joomla 3.7.0 Fields SQL Injection
Posted May 20, 2017
Authored by Mateus Lino

The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-8917
SHA-256 | 914600f2292f25a5648b2ad58ced49b43809bcd44e72b9d8a1f6176e284de9f6
PlaySMS 1.4 Remote Code Execution
Posted May 20, 2017
Authored by Touhid M.Shaikh

PlaySMS version 1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 3c8a63c95cb5cd39de2c05874efd2f98a9c719765b28143345cabc3ef991b525
D-Link DIR-600M Wireless N 150 Authentication Bypass
Posted May 20, 2017
Authored by Touhid M.Shaikh

D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | d2de4c1ec6d915ce30568940e60b15df8daef411482a245f56c00ebbe5c653ba
ManageEngine ServiceDesk Plus 9.0 Authentication Bypass
Posted May 20, 2017
Authored by Steven Lackey

ManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 0b8968d2eb45a073ca7bd4ac6b7249f163568b69dd319a79d314bac27cbd48d1
SAP Business One For Android 1.2.3 XML Injection
Posted May 20, 2017
Authored by Ravindra Singh Rathore

SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-6256
SHA-256 | 3257ec117b9ead701ce13e2ebd0d94106c6ccea7ddacfc94e55a7d5f53ba0456
CaseAware Cross Site Scripting
Posted May 20, 2017
Authored by justpentest

KMCIS CaseAware suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-5631
SHA-256 | 8ed17c56890bb941dc62c03f9ac26a10d3abf303ee137587b5a0126dd6299721
TestSSL 2.8
Posted May 20, 2017
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Trust chain check. Various other improvements and updates.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | b160969dd8950f63afd57243cbbe2af0f7de9501a877e78b9b8ed9bae5405b59
Asterisk Project Security Advisory - AST-2017-004
Posted May 20, 2017
Authored by Sandro Gauci, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.

tags | advisory, remote
SHA-256 | 8d5f47cf0e67ce5864a2b2a4177e62f386b1d90a8d45c93551e617023efa518c
Asterisk Project Security Advisory - AST-2017-003
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

tags | advisory
SHA-256 | dffc64dd4e5928c9a21df82604d70762c92068e2145f6bc7293d2eb080f35bbc
Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
SHA-256 | 60ef218a0c056d6aec0776e903fa217b0958d9a103decc2e014f49f5d98412d9
Microsoft Security Bulletin Revision Increment For May, 2017
Posted May 20, 2017
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0223
SHA-256 | e9644ba34af5fc468f284a8211f278b9180d4ad29b4398daec9fe8adb57be2f5
Google I/O 2017 Android Man-In-The-Middle
Posted May 20, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-9045
SHA-256 | 1fa0559e9edae7e21ef67d5f155d2d2b4db4d4651ee541249e1393abaf366ace
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
SHA-256 | 52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close