Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2017-05-27

Octopus Deploy Authenticated Code Execution
Posted May 27, 2017
Authored by James Otten | Site metasploit.com

This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.

tags | exploit
MD5 | 2a4e59caa159274fd0b883d7f9d36f67
Packet Fence 7.0.2
Posted May 27, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed useless sessions being created in web-auth in the dispatcher. Various other updates and improvements.
tags | tool, remote
systems | unix
MD5 | bcec765a0ac429e2a9c093d31ebace8d
Samba is_known_pipename() Arbitrary Module Load
Posted May 27, 2017
Authored by H D Moore, Tavis Ormandy, Brendan Coles, steelo | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.

tags | exploit, arbitrary
advisories | CVE-2017-7494
MD5 | 540c24e5e6cfcfa8e2adea53b8b83491
Faraday 2.5.0
Posted May 27, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed bug when editing workspaces created in GTK. Improved host search in the WEB UI. Extended the config to support different searching engines in the WEB UI. Various other improvements and fixes.
tags | tool, rootkit
systems | unix
MD5 | 6985aed517f20114a7efaed4a1210188
WebKitGTK+ Code Execution / DoS / UXSS
Posted May 27, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
MD5 | b14cd9d7fa2fef7e690a45930f9d4746
JAD Java Decompiler 1.5.8e Buffer Overflow
Posted May 27, 2017
Authored by Juan Sacco

JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.

tags | exploit, java, overflow, local
MD5 | 3b626d2eb1114b900fb1ebc78f48d3e3
WordPress AffiliateWP 2.0.8 Cross Site Scripting
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c6a3f59b74239220d0fd9a314f2789bb
WordPress Huge-IT Video Gallery 2.0.4 SQL Injection
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7336919c380a0e84f16a4d0d5f7ce533
WordPress All In One Schema.org Rich Snippets 1.4.1 XSS
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9483a5c6080370a01f53f222fa918972
Aries QWR-1104 Wireless-N Cross Site Scripting
Posted May 27, 2017
Authored by Touhid M.Shaikh

Aries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fdea6d042260382680f451432b9be930
OpenSSL Toolkit 1.0.2l
Posted May 27, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Very minor update.
tags | tool, encryption, protocol
systems | unix
MD5 | f85123cd390e864dfbe517e7616e6566
Microsoft Security Bulletin CVE Update For May, 2017
Posted May 27, 2017
Site microsoft.com

This bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.

tags | advisory
advisories | CVE-2017-0223, CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
MD5 | d48f3ba8d2027f61b6bc04c3fa0559d4
Microsoft MsMpEng Denial Of Service
Posted May 27, 2017
Authored by Google Security Research, mjurczyk

Through fuzzing, a number of ways to crash the Microsoft MsMpEng service has been been discovered.

tags | exploit
advisories | CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538
MD5 | 164fee2b9a6102c3370481e006878baa
SambaCry Exploit / Vulnerable Container
Posted May 27, 2017
Authored by OPSXCQ | Site github.com

This repo from github contains a SambaCry exploit and vulnerable container.

tags | exploit
advisories | CVE-2017-7494
MD5 | 16c1056c2b3d16bd672aaff9a7d19d76
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
Posted May 27, 2017
Authored by Kyle Lovett

WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 7bcdc75fa62438d580fa7352ad149ad6
Sandboxie 5.18 Denial Of Service
Posted May 27, 2017
Authored by Greg Priest

Sandboxie version 5.18 suffers from a local denial of service vulnerability.

tags | exploit, denial of service, local
MD5 | f64b5328c6af5e00f3ee6bd7941ef366
D-Link DCS Series Cameras Insecure Crossdomain.xml
Posted May 27, 2017
Authored by SlidingWindow

D-Link DCS Series cameras implement a weak crossdomain.xml.

tags | exploit
advisories | CVE-2017-7852
MD5 | 4017e79180c280809e1c61d9b8cce62b
Google Chrome 60.0.3080.5 V8 JavaScript Engine Out-Of-Bounds Write
Posted May 27, 2017
Authored by halbecaf

Google Chrome version 60.0.3080.5 V8 suffers from an out-of-bounds write vulnerability in the javascript engine.

tags | exploit, javascript
MD5 | 32296c9946d06965a97426e219124598
Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.

tags | exploit
MD5 | 3d7b4df8fb17c45059d3a30f31f6cfd2
Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | cac4fb3c8a0231bc24e080283859ba02
Sunell IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 19f2fab056e17a9b6e6e6ff2e9647e31
Veritas Backup Exec Remote Agent For Windows Use-After-Free
Posted May 27, 2017
Authored by Matthew Daley

Veritas Backup Exec Remote Agent for Windows suffers from a use-after-free vulnerability. All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, and Backup Exec 2014 14.1.1187.1126 are affected.

tags | advisory, remote
systems | windows
advisories | CVE-2017-8895
MD5 | a2f19b80d629adbcdd824fab754c16dc
OpenVPN Access Server 2.1.4 CRLF Injection
Posted May 27, 2017
Authored by Julian Boulet

OpenVPN Access Server version 2.1.4 suffers from a CRLF injection vulnerability.

tags | exploit
advisories | CVE-2017-5868
MD5 | 15b24940e2a168c7466b9e4b6c9311f4
Ubuntu Security Notice USN-3300-1
Posted May 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3300-1 - Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.

tags | advisory, local
systems | linux, unix, ubuntu
advisories | CVE-2017-9232
MD5 | 122108d3e4e85403cf70b4953c9c7dd5
HP Security Bulletin HPESBHF03730 1
Posted May 27, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
advisories | CVE-2017-5647, CVE-2017-5824, CVE-2017-5825, CVE-2017-5826, CVE-2017-5827, CVE-2017-5828, CVE-2017-5829
MD5 | 400a1bf074861dc3b0aaf57d0d05eeb7
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close