exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2017-11-08

Faraday 2.7
Posted Nov 8, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added "Last modified" and "Created" in Hosts view. Multiple bug fixes and various new plugins.
tags | tool, rootkit
systems | unix
SHA-256 | 0db754f5325efd727124ff002a5bf83be4edd48e4de1c12370aa7bcba61f3aed
Asterisk Project Security Advisory - AST-2017-011
Posted Nov 8, 2017
Authored by Kevin Harwell, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

tags | advisory, memory leak
SHA-256 | ef9c2364c68055df7468805ee829f6e50bad41d1db4ebba8c6ed3c73a1f0c1ac
Geutebrueck GCore GCoreServer.exe Buffer Overflow
Posted Nov 8, 2017
Authored by Luca Cappiello, Maurice Popp | Site metasploit.com

This Metasploit module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 (Version 1.4.YYYYY). The vendor of this software has contacted Packet Storm to note that this issue was addressed in their software at the end of 2016.

tags | exploit, overflow
advisories | CVE-2017-11517
SHA-256 | 581ac3be25dedaa895f527c9a7cec92f1e3cc83b72343ac1cd263b87e79253a9
Mako Server 2.5 Command Injection
Posted Nov 8, 2017
Authored by hyp3rlinx | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.

tags | exploit, arbitrary
SHA-256 | 9653fa3b7a40469f97c0d038e59615a70577ff258af1a5831bce426a139bea21
Asterisk Project Security Advisory - AST-2017-010
Posted Nov 8, 2017
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer.

tags | advisory
SHA-256 | 3693ce1374f889306fb2511c37ffe0483064653da493025b669bee45384de7fc
Asterisk Project Security Advisory - AST-2017-009
Posted Nov 8, 2017
Authored by Youngsung Kim | Site asterisk.org

Asterisk Project Security Advisory - By carefully crafting invalid values in the Cseq and the Via header port, pjproject's packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticated.

tags | advisory
SHA-256 | 76a6430e7742fc4617318e8668a77af0a6f05f8dc35ba9f5d33d757c73318e9b
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
SHA-256 | 81346e7020afd7e94a6d9b253a4b2b5b1c2eba12306e57cf746fb11c43f51e4b
WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting
Posted Nov 8, 2017
Authored by Dimopoulos Elias

WordPress Ultimate Instagram Feed plugin version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aee3dd511b63eef821b87056bb33901b33ab4024608de1e1555a848318bb9bcf
Debian Security Advisory 4025-1
Posted Nov 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4025-1 - It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt() during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

tags | advisory, java
systems | linux, debian
advisories | CVE-2017-12197
SHA-256 | ccfa1099deeace66ad2359dc4174dd8dbb09569decd188303dc6dc22dcfa8786
Microsoft Security Bulletin Summary For November, 2017
Posted Nov 8, 2017
Site microsoft.com

This Microsoft bulletin summary holds information regarding Microsoft Security Advisory 4053440.

tags | advisory
SHA-256 | 8acceacf4051740909b4276706e30b5ce5f6b70bfa56fcd30ba67a32e2a21734
Ubuntu Security Notice USN-3473-1
Posted Nov 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3473-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 60657e23392132c3f43ceeafdbd032467dc44eefcf150f9fb2fd6e7cf6182550
IBM Lotus Notes Denial Of Service
Posted Nov 8, 2017
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module creates a malicious web page that causes a crash in IBM Lotus Notes when viewed in the native browser.

tags | exploit, web, denial of service
advisories | CVE-2017-1130
SHA-256 | fc47eee51110cc31b3f98a5eb6fa3c07d5b57c0cc705664c843d3dec3f82c288
Ubuntu Security Notice USN-3346-3
Posted Nov 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-3 - USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Clément Berthaux discovered that Bind did not correctly check TSIG A authentication for zone update requests. An attacker could use this A to improperly perform zone updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 0b4c39cc93baef5636624dee4c10c7c58448981339cef25992ca819b138ac27a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close