what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-10-10

Wireshark Analyzer 2.4.2
Posted Oct 10, 2017
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | d1acb24735fd35e18e9b7a0555ec58277c2b87da45a19ebeb8087c3dda55f47d
Trend Micro OfficeScan Remote Code Execution
Posted Oct 10, 2017
Authored by mr_me, Mehmet Ince | Site metasploit.com

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.

tags | exploit, web, php, tcp, vulnerability
SHA-256 | 533339b2e9cfb58d88fe79c7a17a4f87348ca31165bf2459d2e7dc2caa154258
Ubuntu Security Notice USN-3442-1
Posted Oct 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3442-1 - It was discovered that libXfont incorrectly handled certain patterns in PatternMatch. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that libXfont incorrectly handled certain malformed PCF files. A local attacker could use this issue to cause libXfont to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2017-13720, CVE-2017-13722
SHA-256 | 30b27a28193951828312148232f8c01ea200f256709d21af384a940152c4fe92
WordPress Ad Widget 2.10.0 Local File Inclusion
Posted Oct 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4dca75cd604be2d9ee5f59b3df5a6b97e028b213c809e41dec3862eafa62e6c7
Ubuntu Security Notice USN-3441-1
Posted Oct 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3441-1 - Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-7407
SHA-256 | b0130c23f8916e72e2b583e6c7d268af318bf605fb5e0b272a99a1657ec8a6c0
WordPress Simple Login Log 1.1.1 SQL Injection
Posted Oct 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | fe442cde72653defe51ab63edea37018252e0e898b0851ee4a61c92bdfdc035c
Red Hat Security Advisory 2017-2869-01
Posted Oct 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-7533
SHA-256 | 2c093cfe3a6362e9d3175b0d9885b9b9bb9d4ade02e8f45dd8a1a2fa06d59958
Microsoft Security Bulletin Summary For October, 2017
Posted Oct 10, 2017
Site microsoft.com

This Microsoft bulletin lists dozens of updates for October, 2017.

tags | advisory
SHA-256 | 3b31d18b292ff73cfe1974afcdb1f997266a5a8d3a88d4c7f180c0e32b94c245
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
Posted Oct 10, 2017
Authored by Ricardo Sanchez

WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ea9d6f445f2db6d613964c18b3a71c4686beb9d26f23bd5d1554ed9afd3ba63a
IBM Notes 8.5 / 9.0 encodeURI Denial Of Service
Posted Oct 10, 2017
Authored by Dhiraj Mishra | Site metasploit.com

IBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2017-1129
SHA-256 | 665e3d77d24d49951bde37e7d172c21162dcd49b47021d00911a8a73b5cb5f21
Subaru Keyfob Predictable Code
Posted Oct 10, 2017
Authored by Tom Wimmenhove

Subaru's suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can 'clone' the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user's keyfob unusable. Exploit code included.

tags | exploit
SHA-256 | 8458aea19647ae5b7eab00c281b4787845861d674484600df933adb38473f6a7
PostgreSQL 10 Installer For Windows DLL Hijacking
Posted Oct 10, 2017
Authored by Stefan Kanthak

The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 53508de2e1b750287c30bbe3c9bca27c1d738c50051878d731c03da7ff37006c
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
Posted Oct 10, 2017
Authored by Harrison Neal

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 545522cd9fdc53bb73cff1f212207e711bdb3b99b915d2982025352ffc2e9200
Apache Tomcat Upload Bypass / Remote Code Execution
Posted Oct 10, 2017
Authored by intx0x80

Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.

tags | exploit, code execution, file upload
advisories | CVE-2017-12617
SHA-256 | 9f631e5a320e03ca0b355844875e6306ba45407ee002501d9bd563bceca5f8a9
ClipShare 7.0 SQL Injection
Posted Oct 10, 2017
Authored by 8bitsec

ClipShare version 7.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 458effd7ae06e9c1dc7b21de9744cb6156b02e2ffacd2d4b076251d0f953baa2
Complain Management System Hard-Coded Credentials / Blind SQL Injection
Posted Oct 10, 2017
Authored by havysec

Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 3be585edded8beced2ec612feb0cfb8328342bd18b5adda9d192b4e72f4c2380
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close