exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2017-05-27

Octopus Deploy Authenticated Code Execution
Posted May 27, 2017
Authored by James Otten | Site metasploit.com

This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.

tags | exploit
SHA-256 | c4855db7df7cb678dd9da32ffe4ac3575beac9fd02dbc2ba53eb304fca0a4ff7
Packet Fence 7.0.2
Posted May 27, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed useless sessions being created in web-auth in the dispatcher. Various other updates and improvements.
tags | tool, remote
systems | unix
SHA-256 | d3f2fd02d1cb6bda3a05a9acb3b31a0264b635f3f3667afe967b960f3eb14d73
Samba is_known_pipename() Arbitrary Module Load
Posted May 27, 2017
Authored by H D Moore, Tavis Ormandy, Brendan Coles, steelo | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.

tags | exploit, arbitrary
advisories | CVE-2017-7494
SHA-256 | 467d157dc1bbf3f036cc0f63f280fa7c6781fd91ca452708aab53393895c5ba1
Faraday 2.5.0
Posted May 27, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed bug when editing workspaces created in GTK. Improved host search in the WEB UI. Extended the config to support different searching engines in the WEB UI. Various other improvements and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | d8ee021c0b795edab52298059142b5c34a18675bf64f8353e5d1aa690e1038d3
WebKitGTK+ Code Execution / DoS / UXSS
Posted May 27, 2017
Authored by WebKitGTK+ Team

WebKitGTK+ suffers from code execution, denial of service, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
SHA-256 | 5804f630eaa2c72cacab41b2ccd9870e1e516c016780bc40df3a5bcae7ed2a44
JAD Java Decompiler 1.5.8e Buffer Overflow
Posted May 27, 2017
Authored by Juan Sacco

JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.

tags | exploit, java, overflow, local
SHA-256 | 1f4316b80457aecc9ab1d4b63dda9a18973e331e719518b4ab41a40f4dcfe2b4
WordPress AffiliateWP 2.0.8 Cross Site Scripting
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ca1fb705331fe04e70541cad5cf109d1809f68a6f5adb5bb5a70e9bc531215d
WordPress Huge-IT Video Gallery 2.0.4 SQL Injection
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 18673ff6c4b5932c1002b8927b318cfd610e2f7db98ea60fc08d03be57d0fc05
WordPress All In One Schema.org Rich Snippets 1.4.1 XSS
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 767cb75a0f15f68cae52091db7a8923f0807038c3700134bf985a7567713facf
Aries QWR-1104 Wireless-N Cross Site Scripting
Posted May 27, 2017
Authored by Touhid M.Shaikh

Aries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5003c524c37548060cc231edf0fc24067399ffb00f05fa475cf690683a5c17d
OpenSSL Toolkit 1.0.2l
Posted May 27, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Very minor update.
tags | tool, encryption, protocol
systems | unix
SHA-256 | ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c
Microsoft Security Bulletin CVE Update For May, 2017
Posted May 27, 2017
Site microsoft.com

This bulletin summary lists multiple CVE additions for the May, 2017 security bulletin release.

tags | advisory
advisories | CVE-2017-0223, CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
SHA-256 | ac0d024f7e9e085c500cd7f1d1fb0e04aa6fc92350547dfffc895068fd4678bb
Microsoft MsMpEng Denial Of Service
Posted May 27, 2017
Authored by Google Security Research, mjurczyk

Through fuzzing, a number of ways to crash the Microsoft MsMpEng service has been been discovered.

tags | exploit
advisories | CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538
SHA-256 | 05eda4b73f73c98a155075088def6208b82e5ecb6e7eba708c3a910c322807a5
SambaCry Exploit / Vulnerable Container
Posted May 27, 2017
Authored by OPSXCQ | Site github.com

This repo from github contains a SambaCry exploit and vulnerable container.

tags | exploit
advisories | CVE-2017-7494
SHA-256 | 1575fdf58a5dd6e72a33a6dc0648196f99226950d46f8032e30b023c560a06ca
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
Posted May 27, 2017
Authored by Kyle Lovett

WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | d9397402a5e15bf1dfe27b9c6cfe4a24c02c4ffc37e440343f5c6850e3501b41
Sandboxie 5.18 Denial Of Service
Posted May 27, 2017
Authored by Greg Priest

Sandboxie version 5.18 suffers from a local denial of service vulnerability.

tags | exploit, denial of service, local
SHA-256 | fd92cb6374cffa34d5f607414474570f094bcc34f9157c3f8a8a27dbc464daa0
D-Link DCS Series Cameras Insecure Crossdomain.xml
Posted May 27, 2017
Authored by SlidingWindow

D-Link DCS Series cameras implement a weak crossdomain.xml.

tags | exploit
advisories | CVE-2017-7852
SHA-256 | 50e8e437260ea37095cf7b417235509abfde4253d1cec1226635f8f3a293b3cb
Google Chrome 60.0.3080.5 V8 JavaScript Engine Out-Of-Bounds Write
Posted May 27, 2017
Authored by halbecaf

Google Chrome version 60.0.3080.5 V8 suffers from an out-of-bounds write vulnerability in the javascript engine.

tags | exploit, javascript
SHA-256 | 5df4f83fe15024aae18571a2cc409b7b22f94289acd7c97a542434dedf996134
Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.

tags | exploit
SHA-256 | 60ce71b07534bee0f99b4630549295320551670713e34c6613132c5fce336ac9
Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 27e65ecc5f751798e2ae87d44a144b020245e5f7941b691a517e197e2a0004f7
Sunell IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 08008390429a0ee6a1e0891e649db3e2a21176e7ef4304f3a8a4f77d54e03e3d
Veritas Backup Exec Remote Agent For Windows Use-After-Free
Posted May 27, 2017
Authored by Matthew Daley

Veritas Backup Exec Remote Agent for Windows suffers from a use-after-free vulnerability. All versions before Backup Exec 16 FP1, Backup Exec 15 14.2.1180.3160, and Backup Exec 2014 14.1.1187.1126 are affected.

tags | advisory, remote
systems | windows
advisories | CVE-2017-8895
SHA-256 | 8ceb02397eea9ab98abf9619f4ab71f85b7ac2f8ffa9d669f5e674239b69ebd6
OpenVPN Access Server 2.1.4 CRLF Injection
Posted May 27, 2017
Authored by Julian Boulet

OpenVPN Access Server version 2.1.4 suffers from a CRLF injection vulnerability.

tags | exploit
advisories | CVE-2017-5868
SHA-256 | 10cc7e203caeb7b199f43ae4c5d590f5d394419a9369a6b7bdb1eff2af577d79
Ubuntu Security Notice USN-3300-1
Posted May 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3300-1 - Ryan Beisner discovered juju did not set permissions on a Unix domain socket. A local attacker could use this flaw to gain administrative privileges.

tags | advisory, local
systems | linux, unix, ubuntu
advisories | CVE-2017-9232
SHA-256 | 4a3e1ac9331881d06254b3af2d2c4a033fff96437ac64ee5e501c0675171cdc6
HPE Security Bulletin HPESBHF03730 1
Posted May 27, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03730 1 - Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
advisories | CVE-2017-5647, CVE-2017-5824, CVE-2017-5825, CVE-2017-5826, CVE-2017-5827, CVE-2017-5828, CVE-2017-5829
SHA-256 | 2e54f155f6a6a7798dfeaf9418f020bd83703cdf9426cfeb5c27c907c8e60a72
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close