exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-09-08

Docker Daemon Unprotected TCP Socket
Posted Sep 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.

tags | exploit, root, tcp
SHA-256 | 5eef6332da7f2e3eafd6c25adcb58e15c04382cde4fdec2987c6b2d85ab64dfe
Online Invoice System 3.0 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

Online Invoice System version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d827148d986844b7b843f8db9b189bd71251e2b2c9b89c10cec5f48cdd3772f8
D-Link 850L XSS / Backdoor / Code Execution
Posted Sep 8, 2017
Authored by Pierre Kim

D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.

tags | exploit, remote, denial of service, vulnerability, code execution, xss, info disclosure, csrf
SHA-256 | 3a9bd05d149ac1db91581ef8d913fef21e9b0ab8adc8b8428e217e2841c41d87
Red Hat Security Advisory 2017-2672-01
Posted Sep 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2672-01 - The qs module for Node.js is a querystring parser that supports nesting and arrays with a depth limit. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-qs. Security Fix: It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties or hasOwnProperty()), resulting in a denial of service when the overwritten function would be executed.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-1000048
SHA-256 | f082343c933a2dfcfa1a81e2fc9ffaacc6dc77034826e8600b23f2a338f5955d
WordPress Training Membership 1.0.8 Cross Site Scripting
Posted Sep 8, 2017
Authored by 8bitsec

WordPress Fitness Trainer - Training Membership plugin versions 1.0.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ccc8007e21241406bf13d42ae4e2f246a0d5cdcbe6e97ea1df5a9330b444a03d
CMS Showcase 1.0 Cross Site Scripting
Posted Sep 8, 2017
Authored by Renzi

CMS Showcase version 1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c15121a995430ef80a10b0d03d2ec53b840903c34ba1973e191fcbc81c911b1f
Debian Security Advisory 3967-1
Posted Sep 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

tags | advisory, remote, crypto, bypass
systems | linux, debian
advisories | CVE-2017-14032
SHA-256 | d60a94808b4db18bdaa7283649c335faa09eac8106c9b0d94766e8912f9006c2
EMC AppSync SQL Injection
Posted Sep 8, 2017
Authored by rgod | Site emc.com

EMC AppSync contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. All versions prior to 3.5 are affected.

tags | advisory, sql injection
advisories | CVE-2017-8015
SHA-256 | 3626e7de16410c493a25288632f5b8852d38948696fbeb8dd5e2fd6e50c14c77
Ubuntu Security Notice USN-3412-1
Posted Sep 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3412-1 - Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this to cause file to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-1000249
SHA-256 | 7120eff4a07e93e154601d356fcfe086771c5eef54370fea0c97bb56df39bd73
Roteador Wirelsss Intelbras WRN150 Cross Site Scripting
Posted Sep 8, 2017
Authored by Elber Tavares

Roteador Wireless Intelbras WRN150 router suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14219
SHA-256 | 5a0a245c41b2d75c548ba5dcd592bd263501625b27ff4ec18d152b4795ebfaa8
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
Posted Sep 8, 2017
Authored by James Hemmings

EE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
SHA-256 | df351b407db9242190cf3bbea62bf65f1e04f7a9d97b0fbf8792987089fa564e
Huawei HG255s Directory Traversal
Posted Sep 8, 2017
Authored by Ahmet Mersin

Huawei HG255s suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | b421c24591f0f6e7b124c83bcbcfd081112d9efb502c7cb471dfa8ceca3daf75
EzBan 5.3 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

EzBan version 5.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9ba82ab8b99d808cad0987f375a46b7b68ed65724213c3b33697c845fb7404af
EzInvoice Invoice Management System 6.0.2 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

EzInvoice Invoice Management System version 6.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 70ec35fe9f3f1953f207e86f7f9cb1cdcc7c4e0270b78a4629f199203b79a02f
Aerohive Networks HiveManager Remote Shell Upload
Posted Sep 8, 2017
Authored by Sandro Zaccarini

Aerohive Networks HiveManager Classic Online NMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2017-14105
SHA-256 | 745fd3de5ef3c4a53d3e654416b79cdeb7971d2b755baed1b843dacc13925ca9
Lynis Auditing Tool 2.5.5
Posted Sep 8, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Minor update to solve screen output issue in 2.5.4.
tags | tool, scanner
systems | unix
SHA-256 | 638c587396fbd2e857d6a3d2229db3b071704c0e217e03055c9268b495ab8102
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close