exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-08-18

NoviFlow NoviWare NW400.2.6 Code Execution
Posted Aug 18, 2017
Authored by Francois Goichon

NoviFlow NoviWare version NW400.2.6 suffers from cli breakout and code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2017-12785, CVE-2017-12786, CVE-2017-12787
SHA-256 | a4f6a2bf779f6bd7fd829bf89764c62f8a79c20d624607782395fb373eae9fdf
Debian Security Advisory 3946-1
Posted Aug 18, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3946-1 - It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-11423, CVE-2017-6419
SHA-256 | f47f97c1d334842dbab2f91a059aa75ba333f05e615f47600a55aeb3d96c72b0
Ubuntu Security Notice USN-3396-1
Posted Aug 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3396-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10243
SHA-256 | 61bdcf4a0adf7e27a0250a05d795a49892ebdce3abf08ae85fec4f7f16b253c8
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Posted Aug 18, 2017
Authored by Mehmet Ince, Cody Sixteen | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.

tags | exploit, web, arbitrary, root
SHA-256 | 50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4
Symantec Messaging Gateway 10.6.3-2 Remote Code Execution
Posted Aug 18, 2017
Authored by Philip Pettersson

Symantec Messaging Gateway versions 10.6.3-2 and below suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-6327
SHA-256 | 37f1b6a529ab6c3764111b896d422a29e492f65ebe5da8352f145d76955b8e07
MessengerScan 1.05 SEH / EIP Overwrite Proof Of Concept
Posted Aug 18, 2017
Authored by Anurag Srivastava

MessengerScan version 1.05 Hostname / IP field SEH / EIP overwrite proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 52953c658567dea2284dd3c2a101f0d516ac5bb26572161b45421e899aa4ba49
MS05-051 Scan 1.0 Buffer Overflow
Posted Aug 18, 2017
Authored by Anurag Srivastava

MS05-039 Scan version 1.0 hostname / IP field local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
SHA-256 | 7a932bd492c2e9175792c36fa87324386a58a10ce6e5304bcbd59e0b3c685cf3
MyDoomScanner 1.00 SEH Overwrite Proof Of Concept
Posted Aug 18, 2017
Authored by Anurag Srivastava

MyDoomScanner version 1.00 Hostname / IP field SEH overwrite proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | e2a7918398b3243711c99d06dc98c0a4c1508d04094077d1c50b4029265261a4
DSScan 1.0 SEH Overwrite Proof Of Concept
Posted Aug 18, 2017
Authored by Anurag Srivastava

DSScan version 1.0 Hostname / IP field SEH overwrite proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 62e02657b6644e2b9dcc2c15a2732d71736997a2c87199eca88e7e55bcbb780f
QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation
Posted Aug 18, 2017
Authored by Stefan Kanthak

QNAPQsyncClientWindows-4.2.1.0602.exe suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | e1e12b2da3ad4a116388e459dccf615a31e67b830ffdf31117e5b0c3910bfc91
LiveProjects 1.0 SQL Injection
Posted Aug 18, 2017
Authored by Ihsan Sencan

LiveProjects version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0e2e40910a9b562c020cda663d763fc767cf5640ab56528f88ad87f283c5ff3b
MS05-039 Scan 1.0 Buffer Overflow
Posted Aug 18, 2017
Authored by Anurag Srivastava

MS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
SHA-256 | 7ed261a9cd6c2588b6fbb6c0c4303ce017ca1d2d74f3e3e6fdfd7291d9fd4491
WordPress Share-On-Diaspora Cross Site Scripting
Posted Aug 18, 2017
Authored by APA Golestan

The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8e341bd07e40327393d27cd430547711351c76ae245dc3d8b5f766e668cfa4fd
Kernel Live Patch Security Notice LSN-0028-1
Posted Aug 18, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, udp
systems | linux
advisories | CVE-2017-1000111, CVE-2017-1000112
SHA-256 | f1d27ee9e08fb4d7aba3b36609845fbfa5e959afbcd42c78b5b81f4e0bfae6db
Ubuntu Security Notice USN-3391-3
Posted Aug 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3391-3 - USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-7781, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809
SHA-256 | f2d39de0ff7de658291fa799d09f1741f589d894f69f2e6a973110f4163f6cce
Red Hat Security Advisory 2017-2491-01
Posted Aug 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2491-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-1000117, CVE-2017-8386
SHA-256 | 352725d74fb95f72e0eb2f1edd747d546b633fd9a8905c9eff78c83dc5aa4586
Ubuntu Security Notice USN-3393-2
Posted Aug 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3393-2 - USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain e- mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-6418, CVE-2017-6419, CVE-2017-6420
SHA-256 | 8fd58062c30085905cc01c1098152f994df7c716aecd3d0a398017949e523fc2
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close