Exploit the possiblities
Showing 1 - 25 of 31 RSS Feed

Files Date: 2018-01-15

SSLsplit 0.5.1
Posted Jan 15, 2018
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Dump master key in NSS key log format in debug mode, allowing decryption of SSL connections using Wireshark. Added support for DSA and ECDSA certificates using hash algorithms other than SHA-1. Various other updates and additions.
tags | tool, encryption
MD5 | 9a7871c3dfae2e7a5eca6a0e1d371b7f
Shibboleth 2 XML Injection
Posted Jan 15, 2018
Site redteam-pentesting.de

RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the document's signature. This might lead to a complete bypass of authorisation mechanisms. Versions prior to 2.6.1 are affected.

tags | exploit
advisories | CVE-2018-0486
MD5 | 1a21846af3711105df19235fa10b7256
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | f24042917482f41e1fd237c73c7dff98
D-Link DNS-343 ShareCenter 1.05 Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 18ebdcec537f88c6770de9601f29002d
Seagate Media Server Arbitrary File / Folder Deletion
Posted Jan 15, 2018
Authored by Yorick Koster, Securify B.V.

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.

tags | exploit, arbitrary
MD5 | 5ae797b5faaf3d32724a1d8e66d233b3
Oracle PeopleSoft 8.5x Remote Code Execution
Posted Jan 15, 2018
Authored by Vahagn Vardanyan

Oracle PeopleSoft version 8.5x suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-10366
MD5 | 8cf6d1f1334e5d92e58e1baee31c949a
Domains And Hostings Manager PRO 3.0 SQL Injection
Posted Jan 15, 2018
Authored by Tauco

Domains and Hostings Manager PRO version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
MD5 | 74649b8033d17ec4eaf811ab0eb701bf
VTech DigiGo 83.60630 Browser Overlay Attack
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.

tags | exploit
MD5 | 77cea9e9382eded61fbed8053c84a2ad
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
MD5 | 0119ea7e4ed56c2dfa60e99cdbfcc55b
Kaseya VSA 9.2 Authentication Bypass
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 7283fc16d75dc79988225cb4c903d5c5
ImgHosting 1.5 Cross Site Scripting
Posted Jan 15, 2018
Authored by Dennis Veninga

ImgHosting version 1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-5479
MD5 | 6652db73e6bed9eba47d5772e6e5c741
Kaseya VSA 9.2 Shell Upload
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 907b91ed2f652a5d04feabc0ab331cb0
PerfexCRM 1.9.7 Arbitrary File Upload
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

PerfexCRM version 1.9.7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2017-17976
MD5 | dd329a51ede3ded550076b09be122174
RISE 1.9 SQL Injection
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

RISE version 1.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17999
MD5 | 39419d3a377289824d79429888a056c2
Disk Pulse Enterprise 10.1.18 Buffer Overflow
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

Disk Pulse Enterprise version 10.1.18 buffer overflow exploit that binds a shell.

tags | exploit, overflow, shell
advisories | CVE-2017-15663
MD5 | 70ce17cbe1db3948f132073f7d0feee7
SysGauge Server 3.6.18 Buffer Overflow
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

SysGauge Server version 3.6.18 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-5359
MD5 | 1b7caf431c181607b803d57479d2c265
ILIAS CMS 5.2.3 Cross Site Scripting
Posted Jan 15, 2018
Authored by Florian Kunushevci

ILIAS CMS versions 5.2.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c9a8e18c5fc3b7b6fc07c6a03891a012
Debian Security Advisory 4086-1
Posted Jan 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4086-1 - Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation.

tags | advisory
systems | linux, debian
advisories | CVE-2017-15412
MD5 | a990faf45bbd9c99d5fc07687a267427
Debian Security Advisory 4087-1
Posted Jan 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4087-1 - Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

tags | advisory, arbitrary
systems | linux, debian
MD5 | be99d0725a3cde8365e3370e032ff186
Gentoo Linux Security Advisory 201801-15
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-15 - Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.3.9-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1182, CVE-2015-7575
MD5 | b1b7ebdbf9a50f174f0b9a7297943b15
Gentoo Linux Security Advisory 201801-14
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-14 - Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12134, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046, CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566
MD5 | df9624c2bbb2d39d855b5227de978223
Using dnscat2 For Encrypted Command/Control Over DNS
Posted Jan 15, 2018
Authored by James Fell

The process of setting up and using dnscat2 is documented in this article. The tool consists of a Ruby server and a small C client, and can be used to quickly establish an encrypted covert channel between two computers over the Internet using DNS traffic. Once set up, the tool is evaluated by exfiltrating data out of a network that has a pfSense firewall at the perimeter blocking direct outbound DNS requests from client machines, and also running the Snort IDS. It is is seen that a reverse shell is successfully sent out of the network and no IDS alerts are generated.

tags | paper, shell, ruby
MD5 | 546258ea9351502c0d3aaad5bf6cfb05
VTech DigiGo 83.60630 Broken TLS Certificate Validation
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.

tags | exploit
MD5 | 59ddde2caff6394072eed1459a12fd42
Kaseya VSA R9.2 Arbitrary File Read
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.

tags | exploit, arbitrary
systems | windows
MD5 | 605ce3e61e7a1e700654afd0b394ab11
Adminer 4.3.1 Server-Side Request Forgery
Posted Jan 15, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Adminer versions 4.3.1 and below suffer from a server-side request forgery vulnerability.

tags | exploit
MD5 | f241ac42bab7dcf75729a99b5c833d96
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close