Twenty Year Anniversary
Showing 1 - 25 of 38 RSS Feed

Files Date: 2017-09-14

Project Bidding Script 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Project Bidding Script version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 701ac0486606cf32227fd63d733e65ed
ICDental Clinic 1.2 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICDental Clinic version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1ce07d5c059fdc9cf2dc264a2fde3cbc
ICEstate 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICEstate version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8d0a8a7cfc86aba29c7d3f07ee029380
ICHelpDesk 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICHelpDesk version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a72756874bf23d9791cef17f3173b4f8
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system

tags | exploit
advisories | CVE-2014-3805
MD5 | 97ef73935acc9baa4cbe11cbb3cc3bfd
Sielco Sistemi Winlog 2.07.16 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet

tags | exploit, overflow
MD5 | ec4306b8ccf2288f4354cba8f9ae6667
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.

tags | exploit, overflow
MD5 | 3075bf3470fdaa19758f79291cc37b8a
Lockstep Backup For Workgroups 4.0.3 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.

tags | exploit, overflow
MD5 | 8a7e8f39a1eba2dd2a6292b10da1e438
EMC AlphaStor Device Manager Opcode 0x72 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | da358008d9761bc06cd638d10f5502ed
EMC AlphaStor Library Manager Opcode 0x4f Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.

tags | exploit, overflow
advisories | CVE-2013-0946
MD5 | f45a624dc0d882bbd6d7709cfcc6d8e7
Enterprise Edition Payment Processor Script 3.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Enterprise Edition Payment Processor Script version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 84f980440f89a387ade728a9ee590356
Adserver Script 5.6 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Adserver Script version 5.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3dc2ba7fea8e9d470e4371ea5a764901
PTC KSV1 Script 1.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

PTC KSV1 Script version 1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d0bedf37c8034da91cededdef31b17ff
ICLowBidAuction 3.3 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICLowBidAuction version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bdf6806f682da12431003e671a4af0dc
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.

tags | exploit, overflow
advisories | CVE-2016-8377
MD5 | 0f066ad5d0344b486b93512ec51668cb
EMC CMCNE 11.2.1 Inmservlets.war FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.

tags | exploit, remote, code execution, file upload
advisories | CVE-2013-6810
MD5 | cd72ecd3b048e4780383c2eed6c03106
EMC CMCNE 11.2.1 FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.

tags | exploit, remote, file upload
advisories | CVE-2013-6810
MD5 | ab12b2fd5352b3d055925d1085609d60
Microsoft .NET Framework Remote Code Execution
Posted Sep 14, 2017
Authored by bhdresh

Microsoft .NET Framework remote code execution exploit toolkit. Affects versions 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7.

tags | exploit, remote, code execution
advisories | CVE-2017-8759
MD5 | 5d2b9d50bedd72c43d41b842b39b8a05
Slackware Security Advisory - libzip Updates
Posted Sep 14, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libzip packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-14107
MD5 | dfb0725a6c17daeffccc9a40a9eabf52
Ubuntu Security Notice USN-3414-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524
MD5 | 0392d6964c9f9ee67e40b47efe84d6b0
Red Hat Security Advisory 2017-2702-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2702-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.130. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-11281, CVE-2017-11282
MD5 | 6869bfdf1c2aa632b45a39521586832f
Ubuntu Security Notice USN-3417-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3417-1 - Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-0379
MD5 | b53dce0804742619a936c13440f279b6
Red Hat Security Advisory 2017-2731-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2731-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-1000251
MD5 | c3484d1c50101ad4824cc691750fa7e1
Red Hat Security Advisory 2017-2732-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2732-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-1000251, CVE-2017-7895
MD5 | 538179e767b65ed435e2618190718816
Red Hat Security Advisory 2017-2728-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2728-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7546, CVE-2017-7547
MD5 | 3940f98c587f146d23ecc124cee8381e
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close