what you don't know can hurt you
Showing 1 - 25 of 38 RSS Feed

Files Date: 2017-09-14

Project Bidding Script 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Project Bidding Script version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6884e6d3fc544d539625b53b71ecac484a8da368d85210f3208a8f77972e58b0
ICDental Clinic 1.2 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICDental Clinic version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bcb502de23de3e8d7c3848e457535c5beec6d7a23e3e25e2ea3d5b1b96095877
ICEstate 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICEstate version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f5095535fba7ead1dae771809959ae5ebfc839a08f3b3f1fd973512226d8d2bf
ICHelpDesk 1.1 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICHelpDesk version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c576671940925d9c3b8f18e3f38ab07667e59260b9e31409d6a9f6cdda91832d
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system

tags | exploit
advisories | CVE-2014-3805
SHA-256 | 14ebb7003ddd92d32096f32666e2bc54c1e1aace1fdf8a426fd5d68b7e981878
Sielco Sistemi Winlog 2.07.16 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet

tags | exploit, overflow
SHA-256 | b7800da35175855406221f63922413c3f00345939383e69eea5f9f84153c8730
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.

tags | exploit, overflow
SHA-256 | 7fa33e91d816df5d477c2e8b7d0d36b10a92882d363ab5e703d2da1e002dfcf1
Lockstep Backup For Workgroups 4.0.3 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.

tags | exploit, overflow
SHA-256 | 613182e151de70de17f950e560dafa0845ff260e64016fcceddf19108d53136c
EMC AlphaStor Device Manager Opcode 0x72 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.

tags | exploit, remote, overflow, code execution
SHA-256 | 2879d01f8913ead6a90cab85b336de984e013e193a30e5d1247f6989b0fa4674
EMC AlphaStor Library Manager Opcode 0x4f Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.

tags | exploit, overflow
advisories | CVE-2013-0946
SHA-256 | b127f7dc2ea89cebfead7d38c3b78d175b3375c0034def2f4e3b3e6395d6d22a
Enterprise Edition Payment Processor Script 3.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Enterprise Edition Payment Processor Script version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb670a612c257a376b24a0c3b905110c33c5b03f5a86fe173a64834e6cad5c7f
Adserver Script 5.6 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Adserver Script version 5.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 380d30e6d141754adc8e9e89ac0e323b75ee10df168379a9dd2ae3872550e1ea
PTC KSV1 Script 1.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

PTC KSV1 Script version 1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | df39be1e552f2addb9c73d75a25d694ccbceafefe89e64415c533722b50004e2
ICLowBidAuction 3.3 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

ICLowBidAuction version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2ff563de48fcf12f67899a93d3eecbd106cad10a3e8737d9e72c5c9ef87aab4
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.

tags | exploit, overflow
advisories | CVE-2016-8377
SHA-256 | 3f6a8bfbce639093ae67dd696b79c8bcb1d78b6454f530630255e7b1576b6ad6
EMC CMCNE 11.2.1 Inmservlets.war FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.

tags | exploit, remote, code execution, file upload
advisories | CVE-2013-6810
SHA-256 | 6bb5591eafa616f5e36341752eb9b1509345a01bc873e86d440ac1a861dcf3a4
EMC CMCNE 11.2.1 FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.

tags | exploit, remote, file upload
advisories | CVE-2013-6810
SHA-256 | 3c72a6b492a3a241415f122e7dda5e8764651e326570e7896eb20d1507455311
Microsoft .NET Framework Remote Code Execution
Posted Sep 14, 2017
Authored by bhdresh

Microsoft .NET Framework remote code execution exploit toolkit. Affects versions 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7.

tags | exploit, remote, code execution
advisories | CVE-2017-8759
SHA-256 | 3260f18b309e9533f422c85c752e7f6bbc082e52c961ffb3e69ec56a8cf05483
Slackware Security Advisory - libzip Updates
Posted Sep 14, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libzip packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-14107
SHA-256 | 0b96de93a1bdbed53ab0ac390e6e17025b9150bc82e1705cc940e3bfb8bc99a6
Ubuntu Security Notice USN-3414-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524
SHA-256 | 1adcd2988454f81ab413378d9018f75abff0e1767bf62ec849be6a4459c7be99
Red Hat Security Advisory 2017-2702-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2702-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.130. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-11281, CVE-2017-11282
SHA-256 | 5123fb565df7d75baa9893385bd5e03d644a620c57b671e6d4241bd00b6b06f8
Ubuntu Security Notice USN-3417-1
Posted Sep 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3417-1 - Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-0379
SHA-256 | 298bc96f884a7028cfe84991472815cd7c6a4ec9808bae9ae4ae74a9eec57944
Red Hat Security Advisory 2017-2731-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2731-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-1000251
SHA-256 | 4602b1a299e1c814f7fe652bad84a8dc011ab0470d2b1e7436ad9acd20762fbb
Red Hat Security Advisory 2017-2732-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2732-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-1000251, CVE-2017-7895
SHA-256 | e97790ffb2c62a5f6ac7783e733db7702695735b7347bc0d0a507d7d31a7cdeb
Red Hat Security Advisory 2017-2728-01
Posted Sep 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2728-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: postgresql. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-7546, CVE-2017-7547
SHA-256 | 4cd3c8541c4de30baa9269f69b84b7120b92899f2bb4fcce29e4e3c2490ef675
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close