Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-01-03

Wapiti Web Application Vulnerability Scanner 3.0.0
Posted Jan 3, 2018
Authored by Nicolas Surribas | Site wapiti.sourceforge.net

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

Changes: Ported to Python3. Added --list-modules and --resume-crawl options. Persister rewritten to use sqlite3 databases (for session management). Many other additions, updates, and improvements.
tags | tool, web, scanner, vulnerability
systems | unix
MD5 | 011ea6c1e9be485704224f719397d198
Joomla Advertisement Board Classifieds 3.2.0 Shell Upload
Posted Jan 3, 2018
Authored by Bilal Kardadou

Joomla Advertisement Board Classifieds extension version 3.2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 5566dbf7ceb43e0efc8de705db6f1e52
Froxlor 0.9.37 HTML Injection
Posted Jan 3, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Froxlor version 0.9.37 suffers from an html injection vulnerability.

tags | exploit
MD5 | 98db6fb9a97c1f47d6516d13ba25a380
Atlassian Bamboo Code Execution / Argument Injection
Posted Jan 3, 2018
Authored by Atlassian

Atlassian Bamboo versions prior to 6.1.6 and 6.2.0 through 6.2.5 suffer from code execution and argument injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-14589, CVE-2017-14590
MD5 | 146a1874f481e9313c0913a2206b4eb4
EMC xPression 4.5SP1 Patch 13 SQL Injection
Posted Jan 3, 2018
Authored by Pawel Gocyla

EMC xPression version 4.5SP1 Patch 13 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-14960
MD5 | 848088a219c1ff22c596c32a3eac17fb
b2evolution CMS 6.8.10 PHP Code Execution
Posted Jan 3, 2018
Authored by Anti Rais

b2evolution CMS versions 6.6.0 through 6.8.10 suffer from a php code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2017-1000423
MD5 | 2ca4c469ed9373d047c433e8983b7855
Red Hat Security Advisory 2018-0005-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0005-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.9.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
MD5 | aac8a37c771d15022754d85ed843305a
Red Hat Security Advisory 2018-0004-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0004-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
MD5 | 2ca6effdab3cd5decbed50e07509a63b
Red Hat Security Advisory 2018-0002-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0002-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
MD5 | 0894af1f635e49e7a3ce1d8a874115ef
Red Hat Security Advisory 2018-0003-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0003-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
MD5 | 0a5412e7af365baf178d6fd067479b13
Ubuntu Security Notice USN-3477-4
Posted Jan 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3477-4 - USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
MD5 | 752ba5a2397fdce5c95ee5e6d29bb7de
WordPress Smart Google Code Inserter SQL Injection
Posted Jan 3, 2018
Authored by Benjamin Lim

WordPress Smart Google Code Inserter plugin versions prior to 3.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2018-3810, CVE-2018-3811
MD5 | 87c0b3ef2f9392d5bb2525066eec4dc1
Joomla EXP Auto 4.2.3 SQL Injection
Posted Jan 3, 2018
Authored by Bilal Kardadou

Joomla EXP Auto extension version 4.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 53024eef2082d9ee0e7cebb6165631a2
Joomla RealEstateManager 4.2.0 SQL Injection
Posted Jan 3, 2018
Authored by Bilal Kardadou

Joomla RealEstateManager extension version 4.2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5c8066eaded80973d1e608671882abe2
Joomla VehicleManager 3.9.15 SQL Injection
Posted Jan 3, 2018
Authored by Bilal Kardadou

Joomla VehicleManager extension version 3.9.15 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bb63e0e2208ec12bb296390ba31de4c2
Fortinet Installer Client 5.6 DLL Hijacking
Posted Jan 3, 2018
Authored by Souhardya Sardar, Rohit Bankoti

Fortinet Installer Client 5.6 for Windows PC suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | ad19e95dcf9ca5912fd831d8d424966d
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close