exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-12-20

BEIMS ContractorWeb 5.18.0.0 SQL Injection
Posted Dec 20, 2017
Authored by Rajwinder Singh

BEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17721
SHA-256 | 4e9c588be370b4062d5e0613f8a0132ec3ff17ae983e1a82876eaab238383a6f
Samsung Internet Browser SOP Bypass
Posted Dec 20, 2017
Authored by Tod Beardsley, Jeffrey Martin, Dhiraj Mishra

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
SHA-256 | 453452b6c39fc4137d17372c00e57358247a6b6b2880964c69ec6f1e59572af4
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows
SHA-256 | d98ff684017e5e946a7321065ff44ae71f7be8af943150e911e3bcb6d1916735
Red Hat Security Advisory 2017-3490-01
Posted Dec 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | 063aa42d2af5b317a96e97efaea11552d50af6f7771cc01899ff970dc90a99c4
Ability Mail Server 3.3.2 Cross Site Scripting
Posted Dec 20, 2017
Authored by Aloyce J. Makalanga

Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17752
SHA-256 | ca7402f15984a9fbec8de52f641b9a0f24e69d0bbb83ed78265dea987fe28a4e
WordPress CSV Import-Export 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17753
SHA-256 | ceebba5fe05822f2aed40f89dcf1eae396edc70cb0cce7c3a2bef71dbd85c27d
WordPress Custom Map 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17744
SHA-256 | 5ebc96aa13a10adda66518346705b8e9024837bd689de7ed6a5a146a5ade57af
WordPress Concours 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17719
SHA-256 | 5139d3b7007de8de1d23c142524608fdb64d444d2503253eff3624ff9362d9d2
TP-Link TL-SG108E XSS / Weak Access Control
Posted Dec 20, 2017
Authored by James McLean

TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2017-17745, CVE-2017-17747
SHA-256 | 7330f87f7a3667cb6fa598a2593142faa0353408372b85307781681e8b6ed07f
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 646173f5e81a1f63cb65e0e58738fb57ac62c8835c609e27e0a0a795b6dbd637
WordPress Clean Up Optimizer 4.0.0 SQL Injection
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ae6b1807725083901c6a9501a476db389ad391985032e1b233e714bc82349172
WordPress Top-10 2.4.2 SQL Injection
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 491e52f7852755e7029e0188400d67003a5d9a69543fdd91e42c7ab58563697f
EMC Isilon OneFS NFS Export Security Setting Fallback
Posted Dec 20, 2017
Site emc.com

EMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.

tags | advisory
advisories | CVE-2017-14387
SHA-256 | 2742a8ffcef95a8e023a78f43f34950ad54b1bba89d6fe49410cccd2cfc50ddf
EMC Data Domain DD OS Memory Overflow
Posted Dec 20, 2017
Site emc.com

EMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.

tags | advisory, overflow
advisories | CVE-2017-14385
SHA-256 | 6374f5d7456b80eb09d37970db7dadebea51f50a17d57d392e6ff189cbc5fee8
iStar Ultra / IP-ACM Boards Fixed AES Key
Posted Dec 20, 2017
Authored by David Tomaschik

Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

tags | advisory, vulnerability, bypass
advisories | CVE-2017-17704
SHA-256 | 204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00d
Genexis GAPS 7.2 Access Control
Posted Dec 20, 2017
Authored by Antoine Neuenschwander

Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.

tags | exploit, info disclosure
advisories | CVE-2017-6094
SHA-256 | 655a32ed49ee22745ac8ca02bd5c3c53a21a5bfbaacf074229b041503865e94a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close