Twenty Year Anniversary
Showing 1 - 13 of 13 RSS Feed

Files Date: 2017-11-08

Faraday 2.7
Posted Nov 8, 2017
Authored by Francisco Amato | Site

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added "Last modified" and "Created" in Hosts view. Multiple bug fixes and various new plugins.
tags | tool, rootkit
systems | unix
MD5 | 74cb5646482f035342c238e40d1dd977
Asterisk Project Security Advisory - AST-2017-011
Posted Nov 8, 2017
Authored by Kevin Harwell, Corey Farrell | Site

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

tags | advisory, memory leak
MD5 | 31ccd7ef2019e7e8198027889428d92f
Geutebrueck GCore GCoreServer.exe Buffer Overflow
Posted Nov 8, 2017
Authored by Luca Cappiello, Maurice Popp | Site

This Metasploit module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 (Version 1.4.YYYYY). The vendor of this software has contacted Packet Storm to note that this issue was addressed in their software at the end of 2016.

tags | exploit, overflow
advisories | CVE-2017-11517
MD5 | 313f6307464cfda2eebed4841032a6e0
Mako Server 2.5 Command Injection
Posted Nov 8, 2017
Authored by hyp3rlinx | Site

This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

tags | exploit, arbitrary
MD5 | c03775a6cc371f5390945aeec52b7a16
Asterisk Project Security Advisory - AST-2017-010
Posted Nov 8, 2017
Authored by Richard Mudgett | Site

Asterisk Project Security Advisory - No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer.

tags | advisory
MD5 | 99d49f850dc9f53321ce7037e0c868b0
Asterisk Project Security Advisory - AST-2017-009
Posted Nov 8, 2017
Authored by Youngsung Kim | Site

Asterisk Project Security Advisory - By carefully crafting invalid values in the Cseq and the Via header port, pjproject's packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticated.

tags | advisory
MD5 | 71607230563ba39103bdacee0440484c
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
MD5 | e8d2e4d615be10d88bf8b20b6b549143
WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting
Posted Nov 8, 2017
Authored by Dimopoulos Elias

WordPress Ultimate Instagram Feed plugin version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bff5983142bc03d496aad55d8a829d23
Debian Security Advisory 4025-1
Posted Nov 8, 2017
Authored by Debian | Site

Debian Linux Security Advisory 4025-1 - It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

tags | advisory, java
systems | linux, debian
advisories | CVE-2017-12197
MD5 | 2c43fd4d600c97608624bdcaccc65234
Microsoft Security Bulletin Summary For November, 2017
Posted Nov 8, 2017

This Microsoft bulletin summary holds information regarding Microsoft Security Advisory 4053440.

tags | advisory
MD5 | acdad74e87e2da641ca04dff0f9f673b
Ubuntu Security Notice USN-3473-1
Posted Nov 8, 2017
Authored by Ubuntu | Site

Ubuntu Security Notice 3473-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
MD5 | 053a30167047fcd635b278bcc09863cb
IBM Lotus Notes Denial Of Service
Posted Nov 8, 2017
Authored by Mishra Dhiraj | Site

This Metasploit module creates a malicious web page that causes a crash in IBM Lotus Notes when viewed in the native browser.

tags | exploit, web, denial of service
advisories | CVE-2017-1130
MD5 | 6f5149353309d9f52b58572701f6b48e
Ubuntu Security Notice USN-3346-3
Posted Nov 8, 2017
Authored by Ubuntu | Site

Ubuntu Security Notice 3346-3 - USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Clément Berthaux discovered that Bind did not correctly check TSIG A authentication for zone update requests. An attacker could use this A to improperly perform zone updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 8c283ecd7b6c2e7e25bd7b8dbbf59cd7
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By