what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2017-12-15

Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
SHA-256 | 33807dc92c51e0890223cb5aa8b949a564e99406df84abf4910ba71ac13c7512
Bus Booking Script 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17645
SHA-256 | 8ab13efc336295285491e67bb93b942178089de67c2b16923268b0eb37c15fdf
FS Lynda Clone 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

FS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17643
SHA-256 | aecd307ca8281200e3bc02c02d5c4c877da634481d5927a9933ff9a81d612574
Movie Guide 2.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bbb4bc60fb105f8bc9b27bdfc9e417483f123d816c7a8951b0ed041de206f42a
Piwigo 2.9.1 SQL Injection
Posted Dec 15, 2017
Authored by Akityo

Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-10682
SHA-256 | 391e9323ad2d0e765c5af2177dccde86a5f2dfb908dac96f7f9c21ef991ba6cd
Paid To Read Script 2.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Paid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17651
SHA-256 | 44f6707002867724e0db26bc31dec80abd0e46f55c7f653e46bca33cdae1db92
Readymade Video Sharing Script 3.2 HTML Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.

tags | exploit, xss
advisories | CVE-2017-17649
SHA-256 | 405097151c57dc24d8d1c4dc18575cb08049480311638242a6184fe7f95ed8f0
Joomla! JEXTN Video Gallery 3.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f350a80b80cce843425e64573c055c8d430d4f5d30efa31e19bb4944152ab3d4
Joomla! JEXTN Question And Answer 3.1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 08bb0912ddc75094fa2f2e4f324af6e703f516935f1bf497a0b63d1729432e03
Sync Breeze 10.2.12 Denial Of Service
Posted Dec 15, 2017
Authored by Manuel Garcia Cardenas

Sync Breeze version 10.2.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-17088
SHA-256 | 1cd1eb5d0a0bee233c3f3f7aef72ce97f50abe6707e484966bf7199ad84a3947
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting
Posted Dec 15, 2017
Authored by Ricardo Sanchez

WordPress Wunderbar Basic plugin version 1.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e504c81158bffcd7a8774641665a276936c6129a483f544ffcb323efc0b9c56d
Kemp Load Balancer WAF 7.2.40 Bypass
Posted Dec 15, 2017
Authored by Tim Kretschmann

Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2017-15524
SHA-256 | 14ea3b89e7be3d4f9ecff5cdff3c24e4b19903bd8d69a0ba7fb66791f065f28c
WordPress Pinterest Badge 1.8.0 Cross Site Scripting
Posted Dec 15, 2017
Authored by Ricardo Sanchez

WordPress Pinterest Badge plugin version 1.8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bdf4b1098aafaa9be22ecf2475af89869149eb7a120ebc8e21250642f2c9cae2
Red Hat Security Advisory 2017-3474-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | b146276f21006a6482f059705c18a8672e10a014be7b092c305842e8f3060279
Red Hat Security Advisory 2017-3466-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 84a7b3f4ea4874af0ae1de4c1762b18a68c9aebe5f589fd042d64b0f18ab77f6
Gentoo Linux Security Advisory 201712-04
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818
SHA-256 | 597b708be3f8393ef070dd7b2ba23730c0c91e9c3cab36fa3d956ca7f5c01a08
Gentoo Linux Security Advisory 201712-03
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
SHA-256 | fce3728192f2ad29f4f85aa453b99dae4b60a8dc3c7ceb2e2bc45239433e0b60
Gentoo Linux Security Advisory 201712-02
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-2 - Multiple vulnerabilities have been discovered in OpenCV, the worst of which may result in a denial of service condition. Versions less than 2.4.13-r3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12597, CVE-2017-12598, CVE-2017-12599, CVE-2017-12600, CVE-2017-12601, CVE-2017-12602, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, CVE-2017-12606, CVE-2017-12862, CVE-2017-12863, CVE-2017-12864, CVE-2017-14136
SHA-256 | 23ed028798645e60d71b5c9bc7325d313df460f993a254b1397f5c6100fa4d58
Ubuntu Security Notice USN-3509-4
Posted Dec 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-4 - USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
SHA-256 | e247182658e6540d25609e72e9dd6d7ad81ff0c1a47c1ca04a69f64a5f2198b6
Ubuntu Security Notice USN-3509-3
Posted Dec 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-3 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
SHA-256 | c9f08cb921bee694d81c41829fc3937241f62db3204ae7f41f23cd54548f3afb
Red Hat Security Advisory 2017-3473-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3473-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 5185cca79ae85a913d5eca3f4c5ae46050222a65b86838a1ea3fa3cb98c73575
Red Hat Security Advisory 2017-3472-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3472-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | facd3d0559b2b0966a6eef7678ab1ea1ee5805c62f3537e7ea2ef451f2b80b92
Keeper Privileged UI Injection
Posted Dec 15, 2017
Authored by Tavis Ormandy, Google Security Research

Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.

tags | exploit
systems | windows
SHA-256 | ae83b2f7f72326bf46c86779b3f209ce03d065a4da2267e20c685c1f25425281
Apple Security Advisory 2017-12-13-5
Posted Dec 15, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-5 - Safari 11.0.2 addresses arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
SHA-256 | 25f23cc87f8a33c44a141c6c53d1806a7f371dcd19943990abccf94f3fe570a8
Apple Security Advisory 2017-12-13-7
Posted Dec 15, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-7 - tvOS 11.2 addresses memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-13080, CVE-2017-13833, CVE-2017-13855, CVE-2017-13856, CVE-2017-13861, CVE-2017-13862, CVE-2017-13865, CVE-2017-13866, CVE-2017-13867, CVE-2017-13868, CVE-2017-13869, CVE-2017-13870, CVE-2017-13876, CVE-2017-7156, CVE-2017-7157
SHA-256 | 2b4f5f9ff4324ef548c1e5b149e7f26f705e7b7e1f5dcdb9d45134d78de7be30
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close