what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2017-09-14

Project Bidding Script 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Project Bidding Script version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6884e6d3fc544d539625b53b71ecac484a8da368d85210f3208a8f77972e58b0
ICDental Clinic 1.2 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICDental Clinic version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bcb502de23de3e8d7c3848e457535c5beec6d7a23e3e25e2ea3d5b1b96095877
ICEstate 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICEstate version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f5095535fba7ead1dae771809959ae5ebfc839a08f3b3f1fd973512226d8d2bf
ICHelpDesk 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICHelpDesk version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c576671940925d9c3b8f18e3f38ab07667e59260b9e31409d6a9f6cdda91832d
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system

tags | exploit
advisories | CVE-2014-3805
SHA-256 | 14ebb7003ddd92d32096f32666e2bc54c1e1aace1fdf8a426fd5d68b7e981878
Sielco Sistemi Winlog 2.07.16 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet

tags | exploit, overflow
SHA-256 | b7800da35175855406221f63922413c3f00345939383e69eea5f9f84153c8730
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.

tags | exploit, overflow
SHA-256 | 7fa33e91d816df5d477c2e8b7d0d36b10a92882d363ab5e703d2da1e002dfcf1
Lockstep Backup For Workgroups 4.0.3 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.

tags | exploit, overflow
SHA-256 | 613182e151de70de17f950e560dafa0845ff260e64016fcceddf19108d53136c
EMC AlphaStor Device Manager Opcode 0x72 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.

tags | exploit, remote, overflow, code execution
SHA-256 | 2879d01f8913ead6a90cab85b336de984e013e193a30e5d1247f6989b0fa4674
EMC AlphaStor Library Manager Opcode 0x4f Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.

tags | exploit, overflow
advisories | CVE-2013-0946
SHA-256 | b127f7dc2ea89cebfead7d38c3b78d175b3375c0034def2f4e3b3e6395d6d22a
Enterprise Edition Payment Processor Script 3.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Enterprise Edition Payment Processor Script version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb670a612c257a376b24a0c3b905110c33c5b03f5a86fe173a64834e6cad5c7f
Adserver Script 5.6 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Adserver Script version 5.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 380d30e6d141754adc8e9e89ac0e323b75ee10df168379a9dd2ae3872550e1ea
PTC KSV1 Script 1.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

PTC KSV1 Script version 1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | df39be1e552f2addb9c73d75a25d694ccbceafefe89e64415c533722b50004e2
ICLowBidAuction 3.3 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICLowBidAuction version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2ff563de48fcf12f67899a93d3eecbd106cad10a3e8737d9e72c5c9ef87aab4
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.

tags | exploit, overflow
advisories | CVE-2016-8377
SHA-256 | 3f6a8bfbce639093ae67dd696b79c8bcb1d78b6454f530630255e7b1576b6ad6
EMC CMCNE 11.2.1 Inmservlets.war FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.

tags | exploit, remote, code execution, file upload
advisories | CVE-2013-6810
SHA-256 | 6bb5591eafa616f5e36341752eb9b1509345a01bc873e86d440ac1a861dcf3a4
EMC CMCNE 11.2.1 FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.

tags | exploit, remote, file upload
advisories | CVE-2013-6810
SHA-256 | 3c72a6b492a3a241415f122e7dda5e8764651e326570e7896eb20d1507455311
Microsoft .NET Framework Remote Code Execution
Posted Sep 14, 2017
Authored by bhdresh

Microsoft .NET Framework remote code execution exploit toolkit. Affects versions 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7.

tags | exploit, remote, code execution
advisories | CVE-2017-8759
SHA-256 | 3260f18b309e9533f422c85c752e7f6bbc082e52c961ffb3e69ec56a8cf05483
Slackware Security Advisory - libzip Updates
Posted Sep 14, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libzip packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-14107
SHA-256 | 0b96de93a1bdbed53ab0ac390e6e17025b9150bc82e1705cc940e3bfb8bc99a6
Ubuntu Security Notice USN-3414-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524
SHA-256 | 1adcd2988454f81ab413378d9018f75abff0e1767bf62ec849be6a4459c7be99
Red Hat Security Advisory 2017-2702-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2702-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.130. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-11281, CVE-2017-11282
SHA-256 | 5123fb565df7d75baa9893385bd5e03d644a620c57b671e6d4241bd00b6b06f8
Ubuntu Security Notice USN-3417-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3417-1 - Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-0379
SHA-256 | 298bc96f884a7028cfe84991472815cd7c6a4ec9808bae9ae4ae74a9eec57944
Red Hat Security Advisory 2017-2731-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2731-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-1000251
SHA-256 | 4602b1a299e1c814f7fe652bad84a8dc011ab0470d2b1e7436ad9acd20762fbb
Red Hat Security Advisory 2017-2732-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2732-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-1000251, CVE-2017-7895
SHA-256 | e97790ffb2c62a5f6ac7783e733db7702695735b7347bc0d0a507d7d31a7cdeb
Red Hat Security Advisory 2017-2728-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2728-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7546, CVE-2017-7547
SHA-256 | 4cd3c8541c4de30baa9269f69b84b7120b92899f2bb4fcce29e4e3c2490ef675
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close