Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-07

Debian Security Advisory 4021-1
Posted Nov 7, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4021-1 - It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics.

tags | advisory
systems | linux, debian
advisories | CVE-2017-14635
MD5 | c0146378f55e32dcb1fcedbc2bb66d5c
Red Hat Security Advisory 2017-3151-01
Posted Nov 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3151-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.89. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15398, CVE-2017-15399
MD5 | 43de8de1d726c8006a36b5c4b1912ef4
Red Hat Security Advisory 2017-3141-01
Posted Nov 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3141-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2014-9970, CVE-2017-7525, CVE-2017-7536
MD5 | 056b19a639c1fe9b62650b1e6930f712
WordPress Duplicator Migration 1.2.28 Cross Site Scripting
Posted Nov 7, 2017
Authored by Ricardo Sanchez

WordPress Duplicator Migration plugin version 1.2.28 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2a23ccdd30440e91eff8eb3c5895687a
Hashcat Advanced Password Recovery 4.0.1 Source Code
Posted Nov 7, 2017
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Fixed a memory leak while parsing a wordlist. Fixed compile of kernels on AMD systems on windows due to invalid detection of ROCm. Various other fixes.
tags | tool, cracker
systems | unix
MD5 | e6b3f6623d3edaf15a573641ffcd1645
Hashcat Advanced Password Recovery 4.1.0 Binary Release
Posted Nov 7, 2017
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Fixed a memory leak while parsing a wordlist. Fixed compile of kernels on AMD systems on windows due to invalid detection of ROCm. Various other fixes.
tags | tool, cracker
MD5 | 0abd25079306015c70ef20dd3f621e05
Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
Posted Nov 7, 2017
Authored by Chris Salls

This is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as that in Google Chrome.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2017-5123
MD5 | d639706ada72778161ee250f8be0e58d
Actiontec C1000A Modem Backdoor Account
Posted Nov 7, 2017
Authored by Joseph McDonagh

The Actiontec C1000A modem has a hard-coded backdoor admin account.

tags | exploit
MD5 | 9b26731e44af5a8e6e15a0558e3e6416
Debian Security Advisory 4020-1
Posted Nov 7, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4020-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-15396, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133
MD5 | 3c21c7c25cf172bd948476729c4416c6
pfSense 2.3.1_1 Post-Authentication Command Execution
Posted Nov 7, 2017
Authored by s4squatch

pfSense versions 2.3.1_1 and below suffers from a post authentication command execution vulnerability.

tags | exploit
MD5 | d8d02e5d6eae4e7a40f0f83d102408ad
Logitech Media Server 7.9.0 Cross Site Scripting
Posted Nov 7, 2017
Authored by Dewank Pant

Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, xss
advisories | CVE-2017-16567, CVE-2017-16568
MD5 | 8c4957b94bdce3c0e68c8f212feeed3e
mkvalidator 0.5.1 Denial Of Service
Posted Nov 7, 2017
Authored by qflb.wu

mkvalidator version 0.5.1 suffers from multiple denial of service vulnerabilities leveraging libebml2 and mkclean.

tags | exploit, denial of service, vulnerability
advisories | CVE-2017-12779, CVE-2017-12780, CVE-2017-12781, CVE-2017-12782, CVE-2017-12783, CVE-2017-12800, CVE-2017-12801, CVE-2017-12802, CVE-2017-12803
MD5 | a6a7a05030b7baeea04f707a0abb51bc
POC OR GTFO 0x16
Posted Nov 7, 2017
Authored by pocgtfo

This is the sixteenth issue of POC || GTFO.

tags | magazine
MD5 | 077321dc32ba752a1b52039649e9bf31
WordPress UserPro 4.6.17 Authentication Bypass
Posted Nov 7, 2017
Authored by Iain Hadgraft, Colette Chamberland

WordPress Userpro plugin versions 4.9.17 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 3caf55475144701c51ba9e65a7535575
Debut Embedded httpd 1.20 Denial Of Service
Posted Nov 7, 2017
Authored by z00n

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. Version 1.20 is affected.

tags | exploit, web, denial of service
advisories | CVE-2017-16249
MD5 | ee7ef5bdd4a7041feca97eedbf83f374
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close