what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-06-05

Kronos Telestaff SQL Injection
Posted Jun 5, 2017
Authored by Chris Anastasio, Mark F. Snodgrass

Kronos Telestaff versions prior to 2.92EU29 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1e3173c6794767a3ece3b75256922f5b
Proxmark 3.0.0
Posted Jun 5, 2017
Authored by Christian Herrmann | Site github.com

The proxmark3 is a powerful general purpose RFID tool, the size of a deck of cards, designed to snoop, listen and emulate everything from Low Frequency (125kHz) to High Frequency (13.56MHz) tags. This repository contains enough software, logic (for the FPGA), and design documentation for the hardware that you could, at least in theory, do something useful with a proxmark3.

Changes: This major release addresses backwards compatibility issues and command structure changes to the source code. Added hardnested attack. Improved low frequency functionality. Improved mifare check keys functionality. Various other updates.
tags | tool
systems | unix
MD5 | 47774a912892f89cfe94490858e1c07d
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
MD5 | 36d56c06b635fb1596ea43530b5b607e
Ubuntu Security Notice USN-3308-1
Posted Jun 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3308-1 - Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute arbitrary code on the master. This update is incompatible with agents older than 3.2.2. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3248, CVE-2017-2295
MD5 | a74fe313008204af5453efbcf002a26c
Ubuntu Security Notice USN-3309-1
Posted Jun 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3309-1 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6891
MD5 | 949e7196ad87a00fcaf7ce74a57a51f8
HP Security Bulletin HPESBGN03752 1
Posted Jun 5, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03752 1 - A potential security vulnerability in the OpenSSL Library may impact HPE IceWall products. The vulnerability could be remotely exploited to allow denial of service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-7055
MD5 | 2719a23c0fb956fb9cb9da69ca551e18
HP Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 500b8f2098c44c7b3a1c12a8c1e13b95
Apple Safari 10.1 Spread Operator Integer Overflow
Posted Jun 5, 2017
Authored by saelo

Apple Safari version 10.1 suffers from a spread operator integer overflow vulnerability.

tags | exploit, overflow
systems | apple
advisories | CVE-2017-2536
MD5 | 3a943d9ae9fc03a27794d0ca8ba5bd54
Linux/x86-64 JMP CALL POP /bin/sh Shellcode
Posted Jun 5, 2017
Authored by Touhid M.Shaikh

31 bytes small Linux/x86-64 JMP CALL POP /bin/sh shellcode.

tags | x86, shellcode
systems | linux
MD5 | a9a3ed56afabe12cf2913b23ab4e9198
Home Web Server 1.9.1 Build 164 Remote Code Execution
Posted Jun 5, 2017
Authored by Guillaume Kaddouch

Home Web Server version 1.9.1 build 164 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | 348747640730fcabaf3acc2d3b4ed476
BIND 9.10.5 Unquoted Service Path Privilege Escalation
Posted Jun 5, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BIND version 9.10.5 for x86 and x64 on Windows suffers from an unquoted service path vulnerability that can allow for privilege escalation.

tags | exploit, x86
systems | windows
advisories | CVE-2017-3141
MD5 | b39267a55a45b5a08939bd042eb975f7
Red Hat Security Advisory 2017-1390-01
Posted Jun 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1390-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.

tags | advisory, remote, arbitrary, root, code execution, protocol
systems | linux, redhat
advisories | CVE-2017-7494
MD5 | 55c70f2d912f6723c0088653bd802993
Debian Security Advisory 3873-1
Posted Jun 5, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3873-1 - The cPanel Security Team reported a time of check to time of use (TOCTTOU) race condition flaw in File::Path, a core module from Perl to create or remove directory trees. An attacker can take advantage of this flaw to set the mode on an attacker-chosen file to a attacker-chosen value.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2017-6512
MD5 | 599f343c6f8c0a3ef16c7eb1a857ccb8
DNSTracer 1.8.1 Buffer Overflow
Posted Jun 5, 2017
Authored by Hosein Askari

DNSTracer version 1.8.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-9430
MD5 | e085efd51d02319541c0dc990533c2ec
Compulab Intense PC / MintBox 2 Missing Write Protection
Posted Jun 5, 2017
Authored by Hal Martin | Site watchmysys.com

CompuLab manufactures and sells the IntensePC / MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash.

tags | advisory
advisories | CVE-2017-8083
MD5 | fce8a932d8b6d387c5270932154e611b
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close