Exploit the possiblities
Showing 1 - 25 of 28 RSS Feed

Files Date: 2017-12-15

Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
Bus Booking Script 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17645
MD5 | 1a5d06ca50412d3ea1618cf7e571f4ad
FS Lynda Clone 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

FS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17643
MD5 | 93b52c246755254ff7aa57b5c5d0ed1a
Movie Guide 2.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fa1fcffffe6c7f17040a8f614cf5f4cc
Piwigo 2.9.1 SQL Injection
Posted Dec 15, 2017
Authored by Akityo

Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-10682
MD5 | 7dcb87848320df6b3827d114d752b690
Paid To Read Script 2.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Paid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17651
MD5 | 545bfdb1f82a68e71a7cad4dc9bd9a1f
Readymade Video Sharing Script 3.2 HTML Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.

tags | exploit, xss
advisories | CVE-2017-17649
MD5 | 9f828121974beff69a49a0bc657533bf
Joomla! JEXTN Video Gallery 3.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b9e24f7c25d109c4e2090e8221cc0cd0
Joomla! JEXTN Question And Answer 3.1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5d9a350f41b12d85b1e0616b9a338e0d
Sync Breeze 10.2.12 Denial Of Service
Posted Dec 15, 2017
Authored by Manuel Garcia Cardenas

Sync Breeze version 10.2.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-17088
MD5 | eb3064d1984efdf9b9610176e6d7191e
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting
Posted Dec 15, 2017
Authored by Ricardo Sanchez

WordPress Wunderbar Basic plugin version 1.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9e4156177eeba9d422aa9f62c73e8062
Kemp Load Balancer WAF 7.2.40 Bypass
Posted Dec 15, 2017
Authored by Tim Kretschmann

Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2017-15524
MD5 | 65be9e2f8c7ec43b609c96eea736fc12
WordPress Pinterest Badge 1.8.0 Cross Site Scripting
Posted Dec 15, 2017
Authored by Ricardo Sanchez

WordPress Pinterest Badge plugin version 1.8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | be0616ede646b5b6c06ff210352d9033
Red Hat Security Advisory 2017-3474-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
MD5 | b377cde0952495aa6f0f019183098bb5
Red Hat Security Advisory 2017-3466-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
MD5 | 80f1b1f9f53f4d7dc4ab91f430db374e
Gentoo Linux Security Advisory 201712-04
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818
MD5 | 6d78a3a66d6ef06d18a2e705bf7acedd
Gentoo Linux Security Advisory 201712-03
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
MD5 | 424fb2f54f934bbdb186d90e169c3306
Gentoo Linux Security Advisory 201712-02
Posted Dec 15, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201712-2 - Multiple vulnerabilities have been discovered in OpenCV, the worst of which may result in a denial of service condition. Versions less than 2.4.13-r3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12597, CVE-2017-12598, CVE-2017-12599, CVE-2017-12600, CVE-2017-12601, CVE-2017-12602, CVE-2017-12603, CVE-2017-12604, CVE-2017-12605, CVE-2017-12606, CVE-2017-12862, CVE-2017-12863, CVE-2017-12864, CVE-2017-14136
MD5 | 6c47900cf5e25c9f1e5f13e7cf7ccc42
Ubuntu Security Notice USN-3509-4
Posted Dec 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-4 - USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
MD5 | ee7adf44f0d4c560968cb5bb9e43ee32
Ubuntu Security Notice USN-3509-3
Posted Dec 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-3 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
MD5 | 7b0de306b43e15046d1562aa3c463ed8
Red Hat Security Advisory 2017-3473-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3473-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
MD5 | 094e78a87a857ab71224ec7c92cf7bec
Red Hat Security Advisory 2017-3472-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3472-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
MD5 | 967fda92af9f44bdbcfe1a331bb66a41
Keeper Privileged UI Injection
Posted Dec 15, 2017
Authored by Tavis Ormandy, Google Security Research

Microsoft Windows 10 is forcibly installing the Keeper password manager which injects privileged UI's into pages.

tags | exploit
systems | windows
MD5 | cffd7bc598b1b7d4cd593b6b402424e4
Apple Security Advisory 2017-12-13-5
Posted Dec 15, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-5 - Safari 11.0.2 addresses arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 46ee197ecac23ffdddfab7ed1bfef818
Apple Security Advisory 2017-12-13-7
Posted Dec 15, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-7 - tvOS 11.2 addresses memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-13080, CVE-2017-13833, CVE-2017-13855, CVE-2017-13856, CVE-2017-13861, CVE-2017-13862, CVE-2017-13865, CVE-2017-13866, CVE-2017-13867, CVE-2017-13868, CVE-2017-13869, CVE-2017-13870, CVE-2017-13876, CVE-2017-7156, CVE-2017-7157
MD5 | cf883db6f7f95bcf245df44b572bf4f5
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close