Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2018-01-05

VMware Security Advisory 2018-0003
Posted Jan 5, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0003 - vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2017-4945, CVE-2017-4946, CVE-2017-4948
MD5 | 6bcdd8eeb1393086019df4435dc9f3d2
Debian Security Advisory 4078-1
Posted Jan 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4078-1 - Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.

tags | advisory, arbitrary, kernel
systems | linux, debian
advisories | CVE-2017-5754
MD5 | 28ba510efb89d5e80a6e8f3edfa26dc7
Ayukov NFTP FTP Client Buffer Overflow
Posted Jan 5, 2018
Authored by sinn3r, Daniel Teixeira, Berk Cem Goksel | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD FTP Client 2.0 and earlier. By responding with a long string of data for the SYST request, it is possible to cause a denial-of-service condition on the FTP client, or arbitrary remote code execution under the context of the user if successfully exploited.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2017-15222
MD5 | 586e39e9c2691a57d4f738d9226a1a4f
VMware Workstation ALSA Config File Local Privilege Escalation
Posted Jan 5, 2018
Authored by Brendan Coles, Jann Horn | Site metasploit.com

This Metasploit module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This Metasploit module has been tested successfully on VMware Player version 12.5.0 on Debian Linux.

tags | exploit, root
systems | linux, debian
advisories | CVE-2017-4915
MD5 | f3b6448b87cca47f57a97189ff144abb
Joomla Ad Agency 6.0.9 SQL Injection
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Joomla Ad Agency component version 6.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 670141304b2eb74105c1d66ad593dbf5
Icyphoenix 2.2.0.105 SQL Injection
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Icyphoenix version 2.2.0.105 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 57e331e9560e18ffa820ee6d86349b18
WDMyCloud 2.30.165 CSRF / File Upload / Code Execution / Backdoor / DoS
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure, file upload, csrf
MD5 | 237300fca05d76ae09ec41cf79aeccf9
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.

tags | exploit, shell, root
MD5 | 14d1fdea7ee67fedccba8b171ff90c2a
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.

tags | exploit, shell, root
MD5 | 484e2c31ef009345ea0787457d66bfe8
D-Link DNS-320L ShareCenter Backdoor Account / Remote Root
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-320L ShareCenter contains a backdoor account that allows for remote root command execution.

tags | exploit, remote, root
MD5 | d24809c3e2e8217c390f17c1f99d1b9c
Red Hat Security Advisory 2018-0040-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0040-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 2105473b19c542d9fdf2bf32a288bbd1
Red Hat Security Advisory 2018-0029-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0029-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
MD5 | 886289f3b76394f2507d7e1d037fa7cc
Red Hat Security Advisory 2018-0036-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0036-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 9f5fcb29027f68b589207f3d869d7872
Red Hat Security Advisory 2018-0037-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0037-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 3252e1e183102fbe17a7acd1d828cf5e
Red Hat Security Advisory 2018-0034-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0034-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | a43d104b176f26109e5ae1fc5d63c408
Red Hat Security Advisory 2018-0038-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0038-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | c7f4b69949399ed843d9ddf2fc6f7b2a
Red Hat Security Advisory 2018-0039-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0039-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 2bbbd315347052fe4d1b7c6a3eff3e45
Red Hat Security Advisory 2018-0035-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0035-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | e55ab2f18c53bf7621a359a0098cae40
Red Hat Security Advisory 2018-0031-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0031-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
MD5 | 0c237dbb79b2f83436ef36fcc6f681fe
Red Hat Security Advisory 2018-0030-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0030-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
MD5 | ea6ccaae199352dd22ff8d222a686d88
Red Hat Security Advisory 2018-0032-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0032-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
MD5 | 2cf0ce29b8d16730b15717521736ea55
SonicWall SonicOS NSA Filter Bypass
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall SonicOS NSA suffers from a filter bypass vulnerability.

tags | exploit, bypass
MD5 | 15b72e69fa30e1e508bd3076abeb81f5
Doma 3.0.6 Cross Site Scripting
Posted Jan 5, 2018
Authored by indoushka

Doma version 3.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c0ea313f4ca8b4750ce2f0a8032fb353
Joomla JUX Real Estate 3.3.0 SQL Injection
Posted Jan 5, 2018
Authored by Bilal Kardadou

Joomla JUX Real Estate extension version 3.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 583a0bf392dc835c8d581ca05d5b0417
Joomla JMultipleHotelReservation 6.0.5 SQL Injection
Posted Jan 5, 2018
Authored by Bilal Kardadou

Joomla JMultipleHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fd1c31cdbc735cf448d9ce8b39a1f8c0
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close