what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-05-20

Sync Breeze Enterprise GET Buffer Overflow
Posted May 20, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows, 7
MD5 | f3556ba8acc91d809655f9aaf8017697
MediaWiki SyntaxHighlight Extension Option Injection
Posted May 20, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

tags | exploit, root, php
advisories | CVE-2017-0372
MD5 | 1b15a640f92c98f62fa52a0340553730
Pegasus 4.72 Build 572 Remote Code Execution
Posted May 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Pegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-9046
MD5 | 62206811a23bfaf378f90ac03ede6589
Secure Auditor 3.0 Directory Traversal
Posted May 20, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Secure Auditor version 3.0 suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-9024
MD5 | 84e8f6ad01e4f7651ce49d416ca48668
Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution
Posted May 20, 2017
Authored by sleepya

Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.

tags | exploit, remote, code execution
systems | windows, 7
advisories | CVE-2017-0144
MD5 | 376497a061ce1620c9f18e1a8d725067
Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution
Posted May 20, 2017
Authored by sleepya

Microsoft Windows 8/2012 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2017-0144
MD5 | 06316808bbb73cda0328efe988402af7
Joomla 3.7.0 Fields SQL Injection
Posted May 20, 2017
Authored by Mateus Lino

The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-8917
MD5 | 6466317c69e726921d9c07b96c0f60cc
PlaySMS 1.4 Remote Code Execution
Posted May 20, 2017
Authored by Touhid M.Shaikh

PlaySMS version 1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | c336f72f79e084e8c81c8e859a78c9e1
D-Link DIR-600M Wireless N 150 Authentication Bypass
Posted May 20, 2017
Authored by Touhid M.Shaikh

D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 177eb06dde58e466bffebdce91d3056e
ManageEngine ServiceDesk Plus 9.0 Authentication Bypass
Posted May 20, 2017
Authored by Steven Lackey

ManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | f57b227c1d9fe11249ee5d75222c47cc
SAP Business One For Android 1.2.3 XML Injection
Posted May 20, 2017
Authored by Ravindra Singh Rathore

SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2016-6256
MD5 | 6eda4cc5fc81e40ada5094b092feabec
CaseAware Cross Site Scripting
Posted May 20, 2017
Authored by justpentest

KMCIS CaseAware suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-5631
MD5 | 12f102b02a067a6f0b583a0597895a4c
TestSSL 2.8
Posted May 20, 2017
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Trust chain check. Various other improvements and updates.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | cdd9e2481d19cfcb8ded787e767aa4cf
Asterisk Project Security Advisory - AST-2017-004
Posted May 20, 2017
Authored by Sandro Gauci, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.

tags | advisory, remote
MD5 | 599b4399c6dc5290fce6f74eb70c8e4c
Asterisk Project Security Advisory - AST-2017-003
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

tags | advisory
MD5 | 5d5f432509eeeda7e91ab03884de7373
Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
MD5 | 240c6d5fde628507bc1d2076fe921b45
Microsoft Security Bulletin Revision Increment For May, 2017
Posted May 20, 2017
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
advisories | CVE-2017-0223
MD5 | 2e354e4049778d3e13efb4e7a681d9cc
Google I/O 2017 Android Man-In-The-Middle
Posted May 20, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-9045
MD5 | 4c78f3a47ec015914186a354d550ed89
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
MD5 | 28775130e13b3afa7ae1a5b6908c694f
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close