what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-06-05

Kronos Telestaff SQL Injection
Posted Jun 5, 2017
Authored by Chris Anastasio, Mark F. Snodgrass

Kronos Telestaff versions prior to 2.92EU29 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2026990b4ae0d270b09cc355b15de93ad0be6adf7836f695074b12d159a9b6bb
Proxmark 3.0.0
Posted Jun 5, 2017
Authored by Christian Herrmann | Site github.com

The proxmark3 is a powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. This repository contains enough software, logic (for the FPGA), and design documentation for the hardware that you could, at least in theory, do something useful with a proxmark3.

Changes: This major release addresses backwards compatibility issues and command structure changes to the source code. Added hardnested attack. Improved low frequency functionality. Improved mifare check keys functionality. Various other updates.
tags | tool
systems | unix
SHA-256 | 063c654d4450240b2a49fa33cefa35151f6a786e0bed5bc81b651f42c4cf6c3f
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
SHA-256 | a35c1582b7882363268493dd6fbe070be8641b56ca33272bfb77a7e2594c12ff
Ubuntu Security Notice USN-3308-1
Posted Jun 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3308-1 - Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is incompatible with agents older than 3.2.2. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3248, CVE-2017-2295
SHA-256 | 4402c8d968a030d3ce3901bd15dcdede2b25e19641c46bed14092fd04e93b5fe
Ubuntu Security Notice USN-3309-1
Posted Jun 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3309-1 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6891
SHA-256 | 604750eb7ea85fc1263f64be0adbb377df9564063ad40ae67615914bdbdb3dc9
HPE Security Bulletin HPESBGN03752 1
Posted Jun 5, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03752 1 - A potential security vulnerability in the OpenSSL Library may impact HPE IceWall products. The vulnerability could be remotely exploited to allow denial of service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-7055
SHA-256 | e1be692613896d0ec38c1114c9116b22d8b6c2109db04949b8b4f89dd662d352
HPE Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | a0ee99b3d56b95fb9463524723438bd2b461df7691a15596db5994f5045fe8ec
Apple Safari 10.1 Spread Operator Integer Overflow
Posted Jun 5, 2017
Authored by saelo

Apple Safari version 10.1 suffers from a spread operator integer overflow vulnerability.

tags | exploit, overflow
systems | apple
advisories | CVE-2017-2536
SHA-256 | 2c0f5292b08697d84ad06fa095308fd81efb603b3e447a509d09fc788e834534
Linux/x86-64 JMP CALL POP /bin/sh Shellcode
Posted Jun 5, 2017
Authored by Touhid M.Shaikh

31 bytes small Linux/x86-64 JMP CALL POP /bin/sh shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 95dad731ba6f9381cfcdea23e78eed4588b15b3cc9e26f9b88bfc03648697c81
Home Web Server 1.9.1 Build 164 Remote Code Execution
Posted Jun 5, 2017
Authored by Guillaume Kaddouch

Home Web Server version 1.9.1 build 164 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
SHA-256 | ff9988d7c389d08b25c36b849ade084929a46bcdfaf26e16f7c71038b5dc0e16
BIND 9.10.5 Unquoted Service Path Privilege Escalation
Posted Jun 5, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BIND version 9.10.5 for x86 and x64 on Windows suffers from an unquoted service path vulnerability that can allow for privilege escalation.

tags | exploit, x86
systems | windows
advisories | CVE-2017-3141
SHA-256 | 39bb02902250325dc8dcc1576f0306ade384ae1bdc0f1e5e1451e7fa784c9075
Red Hat Security Advisory 2017-1390-01
Posted Jun 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1390-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.

tags | advisory, remote, arbitrary, root, code execution, protocol
systems | linux, redhat
advisories | CVE-2017-7494
SHA-256 | b82dab742fc9bf4d92050f85481665161b8fdeb94567970370ad1d054e8d41de
Debian Security Advisory 3873-1
Posted Jun 5, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3873-1 - The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2017-6512
SHA-256 | 669492e2b6634929ca6740fee2a0e7aa50309178b09ab44dcbff2acc9c6e2e4a
DNSTracer 1.8.1 Buffer Overflow
Posted Jun 5, 2017
Authored by Hosein Askari

DNSTracer version 1.8.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-9430
SHA-256 | d8764fd42c39ba48208daf898bebc1d4283b3291ef3cf1eff0117febbee335b9
Compulab Intense PC / MintBox 2 Missing Write Protection
Posted Jun 5, 2017
Authored by Hal Martin | Site watchmysys.com

CompuLab manufactures and sells the IntensePC / MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash.

tags | advisory
advisories | CVE-2017-8083
SHA-256 | ff8900cf8ecac46185548e975afba3495d20bd3fa8cb061db438a6e0a2baf20b
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close