Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-07-11

HP Security Bulletin HPESBGN03763 1
Posted Jul 11, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03763 1 - Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. Revision 1 of this advisory.

tags | advisory, remote, arbitrary, vulnerability, code execution
advisories | CVE-2017-8949, CVE-2017-8950, CVE-2017-8951, CVE-2017-8952
MD5 | dc314fbc75a2d130657f6959ec35b3d9
HP Security Bulletin HPESBGN03762 1
Posted Jul 11, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03762 1 - Potential security vulnerabilities have been identified in HPE Network Node Manager i. The vulnerabilities could be remotely exploited to allow bypass security restrictions, cross-site scripting (XSS), and/or URL redirection. Revision 1 of this advisory.

tags | advisory, vulnerability, xss
advisories | CVE-2017-8948
MD5 | 0381a18a7544fb7fb594274929cf5fe3
HP Security Bulletin HPESBHF03745 2
Posted Jul 11, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03745 2 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2017-5816, CVE-2017-5817, CVE-2017-5818, CVE-2017-5819, CVE-2017-8948
MD5 | cd27e08a68e074bff92143609b3a4f8d
NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
Posted Jul 11, 2017
Authored by Paul Taylor

NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.

tags | exploit
advisories | CVE-2017-6972
MD5 | e7f34839cb159cbb036031d2d0f759ef
Microsoft Windows EternalBlue SMB Remote Code Execution
Posted Jul 11, 2017
Authored by sleepya

Microsoft Windows versions 7, 8.1, 2008 R2, 2012 R2, and 2016 R2 EternalBlue SMB remote code execution exploit that leverages the issue noted in MS17-0101.

tags | exploit, remote, code execution
systems | windows
MD5 | a8dcb06deac0f2e6a77e10a458a2c807
Packet Fence 7.2.0
Posted Jul 11, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added support for authenticating users through OpenID Connect. Added passthroughs for devices in violation state. Added ability to report a device lost or stolen in self-service portal. Added ability to change a local account password in self-service portal. Improved overall user experience of self-service portal.
tags | tool, remote
systems | unix
MD5 | 69becdd4910bbcab5e70e7f7fa0329e5
Lynis Auditing Tool 2.5.2
Posted Jul 11, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Support for PHP on CloudLinux. Check for presence of locale binary. Suhosin detection improvements. Generic code improvements. Changed 'lynis audit system remote' routine. Support for macOS High Sierra. French translation updated.
tags | tool, scanner
systems | unix
MD5 | 280b3eb40bbdc0432a8013aee77f4b8e
WMI Event Subscription Persistence
Posted Jul 11, 2017
Authored by Nick Tyrer | Site metasploit.com

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods.

tags | exploit
MD5 | 9b9c4b840ab1d202f27dcae39886e71a
Schneider Electric Pelco VideoXpert Missing Encryption
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.

tags | exploit
MD5 | 29d6a13171a92249a789a85e02531e9e
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.

tags | exploit, web, arbitrary
MD5 | dfa0df3c855819b71c9869725eccb056
Schneider Electric Pelco VideoXpert Privilege Escalation
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

tags | exploit
MD5 | 2fe804940583feed8e2672643c87628d
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
MD5 | f60def224c0da5db858f33bf6eef0e47
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 7cab066459f46bedf6175289966aec2e
Schneider Electric Pelco Sarix/Spectra Cameras XSS
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, vulnerability
MD5 | 7f8219b6e322e2f71ec72c2c608d1040
Shenzhen C-Data CD7201 Command Injection / Cross Site Scripting
Posted Jul 11, 2017
Authored by Codex Lynx

Shenzhen C-Data CD7201 with software version 2.4.6b and firmware version 7.1.0 suffer from authentication bypass, command injection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2f2406c1fed6720250bfb64cda0f49c8
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close