Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-09-08

Docker Daemon Unprotected TCP Socket
Posted Sep 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.

tags | exploit, root, tcp
MD5 | 2e0895a99e8f3feabc8340b9ea555f3f
Online Invoice System 3.0 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

Online Invoice System version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b25b4b1954c049e4c9336d13b9a622cd
D-Link 850L XSS / Backdoor / Code Execution
Posted Sep 8, 2017
Authored by Pierre Kim

D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.

tags | exploit, remote, denial of service, vulnerability, code execution, xss, info disclosure, csrf
MD5 | 806b47aee2ece40feb77375c1dcacc3d
Red Hat Security Advisory 2017-2672-01
Posted Sep 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2672-01 - The qs module for Node.js is a querystring parser that supports nesting and arrays with a depth limit. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-qs. Security Fix: It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties or hasOwnProperty()), resulting in a denial of service when the overwritten function would be executed.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-1000048
MD5 | 26c0704597ddbb55761012b648787150
WordPress Training Membership 1.0.8 Cross Site Scripting
Posted Sep 8, 2017
Authored by 8bitsec

WordPress Fitness Trainer - Training Membership plugin versions 1.0.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a5296a2e992e7a24cea620dc13451720
CMS Showcase 1.0 Cross Site Scripting
Posted Sep 8, 2017
Authored by Renzi

CMS Showcase version 1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5d11519fb46a0665b18c2da1518aa1ee
Debian Security Advisory 3967-1
Posted Sep 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

tags | advisory, remote, crypto, bypass
systems | linux, debian
advisories | CVE-2017-14032
MD5 | 6090bbf6fd99aeda841cc87bed7996d4
EMC AppSync SQL Injection
Posted Sep 8, 2017
Authored by rgod | Site emc.com

EMC AppSync contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. All versions prior to 3.5 are affected.

tags | advisory, sql injection
advisories | CVE-2017-8015
MD5 | 84f1c0f58d34e8d308a382ba554482dd
Ubuntu Security Notice USN-3412-1
Posted Sep 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3412-1 - Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this to cause file to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-1000249
MD5 | 84d1ac8097ab8e87c9c4cebff0355b88
Roteador Wirelsss Intelbras WRN150 Cross Site Scripting
Posted Sep 8, 2017
Authored by Elber Tavares

Roteador Wireless Intelbras WRN150 router suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14219
MD5 | 56852b23bbeef599a0cff5b7d4dbf92b
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
Posted Sep 8, 2017
Authored by James Hemmings

EE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
MD5 | c4b9a415add552983b5133ebe5cfad74
Huawei HG255s Directory Traversal
Posted Sep 8, 2017
Authored by Ahmet Mersin

Huawei HG255s suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | adeb025562e7f5dd4093670510800427
EzBan 5.3 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

EzBan version 5.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 94cc86af2d6ec9741817ec0a4bce6358
EzInvoice Invoice Management System 6.0.2 SQL Injection
Posted Sep 8, 2017
Authored by Ihsan Sencan

EzInvoice Invoice Management System version 6.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 73d5e129b6786bcb0153d8f2e0254789
Aerohive Networks HiveManager Remote Shell Upload
Posted Sep 8, 2017
Authored by Sandro Zaccarini

Aerohive Networks HiveManager Classic Online NMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2017-14105
MD5 | c7a05d84a6ceaa5379e1b1bb8508ce38
Lynis Auditing Tool 2.5.5
Posted Sep 8, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Minor update to solve screen output issue in 2.5.4.
tags | tool, scanner
systems | unix
MD5 | 3c597cf312e2ff06a8a52199f72c9fe7
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close