Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-10-10

Wireshark Analyzer 2.4.2
Posted Oct 10, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 237525d8f189f1253ca18b00a055eccb
Trend Micro OfficeScan Remote Code Execution
Posted Oct 10, 2017
Authored by mr_me, Mehmet Ince | Site metasploit.com

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.

tags | exploit, web, php, tcp, vulnerability
MD5 | 02f022c47acfeb55ae34578721c1b3be
Ubuntu Security Notice USN-3442-1
Posted Oct 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3442-1 - It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2017-13720, CVE-2017-13722
MD5 | f1b96fa2976eb69edd55a904b06a7e78
WordPress Ad Widget 2.10.0 Local File Inclusion
Posted Oct 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a02c1bb177145fdea032f28a60278396
Ubuntu Security Notice USN-3441-1
Posted Oct 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3441-1 - Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-7407
MD5 | 468c542294e04538fc3029551a7a687a
WordPress Simple Login Log 1.1.1 SQL Injection
Posted Oct 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 80eca9af5e5ecacd33c8d526809fd7a8
Red Hat Security Advisory 2017-2869-01
Posted Oct 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-7533
MD5 | fa0b3e7958d614ab26779f8cc15a4624
Microsoft Security Bulletin Summary For October, 2017
Posted Oct 10, 2017
Site microsoft.com

This Microsoft bulletin lists dozens of updates for October, 2017.

tags | advisory
MD5 | 8fcb5c29ce9631d06f766e044957d1d1
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
Posted Oct 10, 2017
Authored by Ricardo Sanchez

WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7fd157269cba46da602667f332d87998
IBM Notes 8.5 / 9.0 encodeURI Denial Of Service
Posted Oct 10, 2017
Authored by Mishra Dhiraj | Site metasploit.com

IBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2017-1129
MD5 | 4a6f94a511ddc2e93499393749dd965c
Subaru Keyfob Predictable Code
Posted Oct 10, 2017
Authored by Tom Wimmenhove

Subaru's suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can 'clone' the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user's keyfob unusable. Exploit code included.

tags | exploit
MD5 | 2da5591b1e9d2315b1a3fc1eb59ca928
PostgreSQL 10 Installer For Windows DLL Hijacking
Posted Oct 10, 2017
Authored by Stefan Kanthak

The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | f46c2b1ad8a1d5e4276cb73262711868
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
Posted Oct 10, 2017
Authored by Harrison Neal

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.

tags | advisory, remote, code execution
MD5 | 09c12eb4a5e480b1ceb5f94f48af3943
Apache Tomcat Upload Bypass / Remote Code Execution
Posted Oct 10, 2017
Authored by intx0x80

Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.

tags | exploit, code execution, file upload
advisories | CVE-2017-12617
MD5 | ac239efa7275e96eb4acae25202a5546
ClipShare 7.0 SQL Injection
Posted Oct 10, 2017
Authored by 8bitsec

ClipShare version 7.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f2c821803858b7b12b3fd9bdd30c4f96
Complain Management System Hard-Coded Credentials / Blind SQL Injection
Posted Oct 10, 2017
Authored by havysec

Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9af494e55a63fec97928ca50389390f8
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close