Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-12-20

BEIMS ContractorWeb 5.18.0.0 SQL Injection
Posted Dec 20, 2017
Authored by Rajwinder Singh

BEIMS ContractorWeb version 5.18.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17721
MD5 | 09b915b91fe5f71c1123d95e43778bce
Samsung Internet Browser SOP Bypass
Posted Dec 20, 2017
Authored by Tod Beardsley, Jeffrey Martin, Mishra Dhiraj

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
MD5 | 91bfa1cba09b3c4c4fa53ef3b84ecd59
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows, 7
MD5 | 4bb20d0c4e7b2208fd33f054d9383332
Red Hat Security Advisory 2017-3490-01
Posted Dec 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.

tags | advisory
systems | linux, redhat
MD5 | 16f98a6d8a49860a9c57656eed2cc002
Ability Mail Server 3.3.2 Cross Site Scripting
Posted Dec 20, 2017
Authored by Aloyce J. Makalanga

Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17752
MD5 | 6505228afd8dcf507aad671e596fab06
WordPress CSV Import-Export 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17753
MD5 | fcacd36ccd2169cdd24b01624f8d2e8a
WordPress Custom Map 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17744
MD5 | cc4062b6e2d3a8c56dbd9b296155e778
WordPress Concours 1.1 Cross Site Scripting
Posted Dec 20, 2017
Authored by Nicolas Buzy-Debat

WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-17719
MD5 | 16e05e232ca72ab8df9a0ad81d45019b
TP-Link TL-SG108E XSS / Weak Access Control
Posted Dec 20, 2017
Authored by James McLean

TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2017-17745, CVE-2017-17747
MD5 | 7b18e6bc9a9b9dda8af49a5a224826c3
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | fd4e207ff9fc3d6be29efbcdeb30fa9e
WordPress Clean Up Optimizer 4.0.0 SQL Injection
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 89af3a8114d77b162a390a6d6b1874e9
WordPress Top-10 2.4.2 SQL Injection
Posted Dec 20, 2017
Authored by DefenseCode, Neven Biruski

WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ee588dbd58069595df55af0f7982b6d0
EMC Isilon OneFS NFS Export Security Setting Fallback
Posted Dec 20, 2017
Site emc.com

EMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.

tags | advisory
advisories | CVE-2017-14387
MD5 | fad010fb0c3b97255199d873a26f42d0
EMC Data Domain DD OS Memory Overflow
Posted Dec 20, 2017
Site emc.com

EMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.

tags | advisory, overflow
advisories | CVE-2017-14385
MD5 | fcef159f41d70b0dcfa3e3ef090164b6
iStar Ultra / IP-ACM Boards Fixed AES Key
Posted Dec 20, 2017
Authored by David Tomaschik

Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

tags | advisory, vulnerability, bypass
advisories | CVE-2017-17704
MD5 | 2fd2bb4a3ab315130db4c82a2ae175c7
Genexis GAPS 7.2 Access Control
Posted Dec 20, 2017
Authored by Antoine Neuenschwander

Genexis GAPS versions up to 7.2 suffers from an access control vulnerability that discloses sensitive data.

tags | exploit, info disclosure
advisories | CVE-2017-6094
MD5 | b2f30851e9f2906c8143802a6f88b0f1
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close