exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2018-01-15

SSLsplit 0.5.1
Posted Jan 15, 2018
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Dump master key in NSS key log format in debug mode, allowing decryption of SSL connections using Wireshark. Added support for DSA and ECDSA certificates using hash algorithms other than SHA-1. Various other updates and additions.
tags | tool, encryption
SHA-256 | 60697146d0a70dbebb7b71b62525ad2bfd1bd34434c72a0d25e3d226e5e4ebc6
Shibboleth 2 XML Injection
Posted Jan 15, 2018
Site redteam-pentesting.de

RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the document's signature. This might lead to a complete bypass of authorisation mechanisms. Versions prior to 2.6.1 are affected.

tags | exploit
advisories | CVE-2018-0486
SHA-256 | 3161025b44bdf506c94fc43a995ecee6fe36a5a17cca6bee9d2de7e64bc0814f
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | 1d616d13ec26238dd932f3e0e6c63790101f854e43be4a7b9cc005eb538134a7
D-Link DNS-343 ShareCenter 1.05 Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | d832c2d9c95f21a1c3cb7649d5a90e5a9d834f91134ce4a5797f72a044e07fe9
Seagate Media Server Arbitrary File / Folder Deletion
Posted Jan 15, 2018
Authored by Yorick Koster, Securify B.V.

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | f3f389a36fe31dac25043a5e92d7942a029fddff9e00419ed4f652efc9e5e14c
Oracle PeopleSoft 8.5x Remote Code Execution
Posted Jan 15, 2018
Authored by Vahagn Vardanyan

Oracle PeopleSoft version 8.5x suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-10366
SHA-256 | 656a40131f4c856c17aef7ac78ea99f8fbbc7bcb6a234a9ab725ec1ef9b81d37
Domains And Hostings Manager PRO 3.0 SQL Injection
Posted Jan 15, 2018
Authored by Tauco

Domains and Hostings Manager PRO version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 2761e26ece8c4e2a7c9239cc85b76d9bac3c7cc3e355bd1097bf45ff8c02149b
VTech DigiGo 83.60630 Browser Overlay Attack
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.

tags | exploit
SHA-256 | a08bb9d4f448fbb6f9f63a559f19f3797bec827496e85a2dc0d075a49501d4fe
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
Posted Jan 15, 2018
Authored by absolomb

pfSense versions 2.1.3 and below suffer from a status_rrd_graph_img.php command injection vulnerability.

tags | exploit, php
advisories | CVE-2014-4688
SHA-256 | bf26b4b42edea51cce31d1bd75bc0b53928c38a40b474f5aaf67bc12917e8a4e
Kaseya VSA 9.2 Authentication Bypass
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e785da11616e7a87313aa682bf3a5d5846991c50c08eb3af26d282128488274b
ImgHosting 1.5 Cross Site Scripting
Posted Jan 15, 2018
Authored by Dennis Veninga

ImgHosting version 1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-5479
SHA-256 | 0ac4994f7565ff76ee339941991704eb09c33de5e60171e2c98b0bf6a8f0cc83
Kaseya VSA 9.2 Shell Upload
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3194d2bc7ec7bf4ca1d8cc6d614abed584d5a7059e33e7ada477b3d959687b05
PerfexCRM 1.9.7 Arbitrary File Upload
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

PerfexCRM version 1.9.7 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2017-17976
SHA-256 | f2611cb6d6f0ec4587c02a9fd5731ac7d6491dc27930498b25b55a34b9d4940d
RISE 1.9 SQL Injection
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

RISE version 1.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17999
SHA-256 | 25874188cc206f810cd990dcdd6a5299345a917a7b66e4ca4ec24cf0078111ca
Disk Pulse Enterprise 10.1.18 Buffer Overflow
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

Disk Pulse Enterprise version 10.1.18 buffer overflow exploit that binds a shell.

tags | exploit, overflow, shell
advisories | CVE-2017-15663
SHA-256 | 06882870395e26f373aefe6fdfea46528578d60dcdde572d1661a9bd7d49ca5a
SysGauge Server 3.6.18 Buffer Overflow
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

SysGauge Server version 3.6.18 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-5359
SHA-256 | 46cb809d9536b498b333ddc1918802d2e9ea835dc88358d86b506e182ed4d6e9
ILIAS CMS 5.2.3 Cross Site Scripting
Posted Jan 15, 2018
Authored by Florian Kunushevci

ILIAS CMS versions 5.2.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 72bb2bfb5f7c9ef7545415d425d3b8463872e27f11a8fcbec3f1071556d3f942
Debian Security Advisory 4086-1
Posted Jan 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4086-1 - Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation.

tags | advisory
systems | linux, debian
advisories | CVE-2017-15412
SHA-256 | c9350e61620a42729e564c1f542c28ca1791cd838a58a1978f932f188025a3f5
Debian Security Advisory 4087-1
Posted Jan 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4087-1 - Tavis Ormandy discovered a vulnerability in the Transmission BitTorrent client; insecure RPC handling between the Transmission daemon and the client interface(s) may result in the execution of arbitrary code if a user visits a malicious website while Transmission is running.

tags | advisory, arbitrary
systems | linux, debian
SHA-256 | f4c5756d3ad8cdf7a3af937cb692a5d0522926e1e8656bed9f64546db645e214
Gentoo Linux Security Advisory 201801-15
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-15 - Multiple vulnerabilities have been found in PolarSSL, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.3.9-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1182, CVE-2015-7575
SHA-256 | 13cbb4fca45633fc31a765b55660667646c8d6bbf8070320c66953de960385d1
Gentoo Linux Security Advisory 201801-14
Posted Jan 15, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201801-14 - Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12134, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-17044, CVE-2017-17045, CVE-2017-17046, CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566
SHA-256 | 4dec006ba634428eb76045f55ebf29bfd247c42fd887dbfcf3f1ee8fa48ced86
Using dnscat2 For Encrypted Command/Control Over DNS
Posted Jan 15, 2018
Authored by James Fell

The process of setting up and using dnscat2 is documented in this article. The tool consists of a Ruby server and a small C client, and can be used to quickly establish an encrypted covert channel between two computers over the Internet using DNS traffic. Once set up, the tool is evaluated by exfiltrating data out of a network that has a pfSense firewall at the perimeter blocking direct outbound DNS requests from client machines, and also running the Snort IDS. It is is seen that a reverse shell is successfully sent out of the network and no IDS alerts are generated.

tags | paper, shell, ruby
SHA-256 | 4238ee78d79a92d53a74e413f3b6b4a75832717841a62f159d535e7323fd9e66
VTech DigiGo 83.60630 Broken TLS Certificate Validation
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.

tags | exploit
SHA-256 | f9da9299e285b5c8f647f4ba06b7a3c22775d378407e62fae4db31ce2e6430e4
Kaseya VSA R9.2 Arbitrary File Read
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.

tags | exploit, arbitrary
systems | windows
SHA-256 | a9945cf5a3532305e46699a157c53b03bab386f744bdea713fee52330aadad85
Adminer 4.3.1 Server-Side Request Forgery
Posted Jan 15, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Adminer versions 4.3.1 and below suffer from a server-side request forgery vulnerability.

tags | exploit
SHA-256 | 6f1cda8a60924a150f5dd1df915daa581c384cf22f8e66349e29e7b00deb3434
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close