what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2018-01-24

Red Hat Security Advisory 2018-0122-01
Posted Jan 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0122-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
SHA-256 | 7e24ae03539726792c64a958171cdd7e8d0564d7f165144dd5d69164bd099d0e
RAVPower 2.000.056 Remote Root Code Execution
Posted Jan 24, 2018
Authored by Daniele Linguaglossa, Stefano Farletti

RAVPower version 2.000.056 suffers from a remote root code execution vulnerability.

tags | exploit, remote, root, code execution
advisories | CVE-2018-5997
SHA-256 | 7f001238bc97ccbc94116f231f765b2e866a3adb52baeafb5f9239b2c89ebd1d
Apache Hadoop YARN NodeManager Password Leak
Posted Jan 24, 2018
Authored by Vinayakumar B

In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can leak the password for credential store provider used by the NodeManager to YARN Applications.

tags | advisory, info disclosure
advisories | CVE-2016-3086, CVE-2017-15718
SHA-256 | 3f82bb70cc260897994d7a6305856fc22e38b2a30678a5ebd34fecaaebd9d69e
Professional Local Directory Script 1.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Professional Local Directory Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, local, sql injection
advisories | CVE-2018-5973
SHA-256 | 9b64910eabca93ed730da04bc1156c838dbdf8ed8fc7b8d1f04d9aa4a4e439f5
WordPress Email Subscribers And Newsletters 3.4.7 Information Disclosure
Posted Jan 24, 2018
Authored by ThreatPress Security

WordPress Email Subscribers and Newsletters plugin version 3.4.7 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | d456a2391960d711eb34a7a7ee2d530dcb476004b3cf98aca9eca90f7cc6d81d
RAVPower 2.000.056 Memory Disclosure
Posted Jan 24, 2018
Authored by Daniele Linguaglossa, Stefano Farletti

RAVPower version 2.000.056 suffers from a memory disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-5319
SHA-256 | 32ab215efde37984bed49a69772de0dc9526bfd76612e19d1a909864a0e0bb48
MixPad 5.00 Buffer Overflow
Posted Jan 24, 2018
Authored by bzyo

MixPad version 5.00 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | ab29b0601c5b4d8a7cd115f1f3082abc374abc95d8f68b855a422ffae4383fbc
Apple Security Advisory 2018-1-23-2
Posted Jan 24, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-2 - macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address memory corruption, race condition, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-5754, CVE-2017-8817, CVE-2018-4082, CVE-2018-4084, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4091, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4096, CVE-2018-4097, CVE-2018-4098, CVE-2018-4100
SHA-256 | 8c1805de61064d31f8f0e1edc053ec2d320938ca52904bf91ded86f4bd059635
Apple Security Advisory 2018-1-23-1
Posted Jan 24, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-1 - iOS 11.2.5 is now available and addresses memory corruption, code execution,a nd various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2018-4082, CVE-2018-4085, CVE-2018-4086, CVE-2018-4087, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4095, CVE-2018-4096, CVE-2018-4100
SHA-256 | 52d4ccf52d83225887797331dc30d1b05effec25f5961f68eb5b8b3866120d0b
Oracle VirtualBox Guest To Host Escape
Posted Jan 24, 2018
Authored by Niklas Baumstark

Oracle VirtualBox versions prior to 5.1.30 and 5.2-rc1 suffer from a guest to host escape vulnerability.

tags | exploit
advisories | CVE-2018-2698
SHA-256 | 37171e7fb0e09cca0dcc959316847810166226ad6efea84e496c535d82b620cd
Chameleon Mini Smartcard Emulator Iceman Fork Rebooted Green GUI 1.0
Posted Jan 24, 2018
Authored by Christian Herrmann | Site github.com

This is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.

tags | tool
systems | unix
SHA-256 | 5b63f2a5c720aa38b7f27b9291643844b2d1a03355dc59fa481251fe14fb12ac
Sync Breeze Enterprise 9.5.16 Import Command Buffer Overflow
Posted Jan 24, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.

tags | exploit, overflow
advisories | CVE-2017-7310
SHA-256 | ada5d696765b728572e1a595fac470a36fc9c4ab834fd1652c6a8cf1e8b799c1
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
SHA-256 | da00d7666ebcac087d98220e64d9b76abb02af42dcd0af40a1090b15bf80f97d
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
SHA-256 | bee949e92c0ea2f22d837f57390d8e28e16e861007e5e679292d373e6ac8037a
SugarCRM Community Edition 6.5.26 SQL Injection
Posted Jan 24, 2018
Authored by Leon Juranic, DefenseCode

SugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | bc4cc7bf63d53a27a1eb576d08fe29628ea8da32f5518c5c866e31065558a8a7
Wchat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Wchat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5979
SHA-256 | f0b76aa08563c43cf311f7add6599fbdecc5e613104587ae695c04355e8ccbcb
Zechat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Zechat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5978
SHA-256 | 8d9ef4d8dff78165761fe17d9a67fc66059baf27656ad4f29b8ec15611fb1088
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection / XSS
Posted Jan 24, 2018
Authored by Samandeep Singh, Mohammad Shah Bin Mohammad Esa | Site sec-consult.com

Oracle Financial Services Analytical Applications versions 7.3.5.x and 8.0.x suffer from XML external entity injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, xxe
advisories | CVE-2018-2660, CVE-2018-2661
SHA-256 | 596ba7a1bde4935da9df89c58e1d05d2e8ba24cba2ef3cb2156029511e53d6b4
Tumder 2.1 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Tumder version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5984
SHA-256 | 9aca5869e6baa5bd32bf0cc2a5a806fdc25b6ad8ce2c91689746d1d2b660294a
Photography CMS 1.0 Cross Site Request Forgery
Posted Jan 24, 2018
Authored by Ihsan Sencan

Photography CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-5969
SHA-256 | 1dc4e833eeb686b73d06c5b8e564feac6bcf52ca5d74700463dd16d04946430b
Microsoft Security Bulletin Updates For January, 2018
Posted Jan 24, 2018
Site microsoft.com

This Microsoft bulletin summary lists security updates released for January 22, 2018.

tags | advisory
SHA-256 | 3e9a74199e96aa110c9dcfd51597ee4cc5c2e8fc2fb179f295928681d2f854d4
CentOS Web Panel 0.9.8.12 SQL Injection
Posted Jan 24, 2018
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
systems | linux, centos
SHA-256 | 3db41401f2e00a5db932e37c8fc0a771ed760a70844c881bcce7d3a12b328d04
Quickad 4.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Quickad version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5972
SHA-256 | c805759a51905405a9861c2f70fad24cc76506f0c90ed804186ca16f560f16ef
Ananta Gazelle 1.0 Local File Inclusion
Posted Jan 24, 2018
Authored by indoushka

Ananta Gazelle version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 1b78b6ecf7f85476a529ac421e2c39456da99c455e403aedd90caf70fc664ce6
RSA Authentication Manager 8.2 SP1 P6 SQL Injection
Posted Jan 24, 2018
Site emc.com

RSA Authentication Manager versions 8.2 SP1 P6 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2017-15546
SHA-256 | 5e5cf50a9433231ae2d545b4bbfec54819adbb735343de8cac1b06f95c596d95
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close