exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-07-11

HPE Security Bulletin HPESBGN03763 1
Posted Jul 11, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03763 1 - Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. Revision 1 of this advisory.

tags | advisory, remote, arbitrary, vulnerability, code execution
advisories | CVE-2017-8949, CVE-2017-8950, CVE-2017-8951, CVE-2017-8952
SHA-256 | f658bb859acd2dba5129f2333bff36ab95e2e9cc867b0864639769154f072376
HPE Security Bulletin HPESBGN03762 1
Posted Jul 11, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03762 1 - Potential security vulnerabilities have been identified in HPE Network Node Manager i. The vulnerabilities could be remotely exploited to allow bypass security restrictions, cross-site scripting (XSS), and/or URL redirection. Revision 1 of this advisory.

tags | advisory, vulnerability, xss
advisories | CVE-2017-8948
SHA-256 | 5e87f3dd4177244be5a1d11c4b186e953125271e1fadbf0f71c40169f7525270
HPE Security Bulletin HPESBHF03745 2
Posted Jul 11, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03745 2 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2017-5816, CVE-2017-5817, CVE-2017-5818, CVE-2017-5819, CVE-2017-8948
SHA-256 | d942528bda72b4e150cab486d47ec95daa6697920d454ce2c526f91ce2edecea
NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
Posted Jul 11, 2017
Authored by Paul Taylor

NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.

tags | exploit
advisories | CVE-2017-6972
SHA-256 | 6b2e5703fd89723e64a82ec4b72ba979239fa1d8e95511ce4df0a2e31d8f0b19
Microsoft Windows EternalBlue SMB Remote Code Execution
Posted Jul 11, 2017
Authored by sleepya

Microsoft Windows versions 7, 8.1, 2008 R2, 2012 R2, and 2016 R2 EternalBlue SMB remote code execution exploit that leverages the issue noted in MS17-0101.

tags | exploit, remote, code execution
systems | windows
SHA-256 | 0105c5a5b00ef47ce14d7433ff43d354540982cecc304f7a3285c0b49c8e61ac
Packet Fence 7.2.0
Posted Jul 11, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added support for authenticating users through OpenID Connect. Added passthroughs for devices in violation state. Added ability to report a device lost or stolen in self-service portal. Added ability to change a local account password in self-service portal. Improved overall user experience of self-service portal.
tags | tool, remote
systems | unix
SHA-256 | c8c03493d21ddb62182280778fccc3f5946a4f980bdea6ebad5f5ae586c526e1
Lynis Auditing Tool 2.5.2
Posted Jul 11, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Support for PHP on CloudLinux. Check for presence of locale binary. Suhosin detection improvements. Generic code improvements. Changed 'lynis audit system remote' routine. Support for macOS High Sierra. French translation updated.
tags | tool, scanner
systems | unix
SHA-256 | 6b4dc74ec0faa009fc5d34f8ab85895e53c6f4f02bc160377905dcb95b0585a1
WMI Event Subscription Persistence
Posted Jul 11, 2017
Authored by Nick Tyrer | Site metasploit.com

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods.

tags | exploit
SHA-256 | 6cc7043e42bb5e5ed553be783eb82dc49a1d6d71419ee1e770ef5ea1fa3ffbdb
Schneider Electric Pelco VideoXpert Missing Encryption
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.

tags | exploit
SHA-256 | 586787a6d1dda880fe7d465e9e08beefb8df4867bdc4ff70ae63e9b698c3a93d
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.

tags | exploit, web, arbitrary
SHA-256 | f334cdc0e5221dbdd8e265c696310914ec33ba9f953c3bc7882dac6905769a1f
Schneider Electric Pelco VideoXpert Privilege Escalation
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

tags | exploit
SHA-256 | 102cc9fdae18e2fa08d5aa13154faa82d46f2c36fb59f16d7c95760d0880908d
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
SHA-256 | 1cbfd7aa0988b8b2e0a3bab6ab3f75e82e7584f27e12ae1d93710a8e74ae29e5
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
SHA-256 | 35ec88cdefdcb04ba8605a0dab155c2fcb7f47b08c73cdbdc66aa1daf923e78a
Schneider Electric Pelco Sarix/Spectra Cameras XSS
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, vulnerability
SHA-256 | 94ab5cdca0846380f754f768d501585739bfdcb6204020363ce405b618b4f39f
Shenzhen C-Data CD7201 Command Injection / Cross Site Scripting
Posted Jul 11, 2017
Authored by Codex Lynx

Shenzhen C-Data CD7201 with software version 2.4.6b and firmware version 7.1.0 suffer from authentication bypass, command injection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a46b9e89be16523b84bb6f26590f3b1e7d32ea836fac1a6d5afb092713e6c6e8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close