Twenty Year Anniversary
Showing 1 - 25 of 46 RSS Feed

Files Date: 2018-01-24

Red Hat Security Advisory 2018-0122-01
Posted Jan 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0122-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117
MD5 | 5035d13797b2d7eed962a6629407db7d
RAVPower 2.000.056 Remote Root Code Execution
Posted Jan 24, 2018
Authored by Daniele Linguaglossa, Stefano Farletti

RAVPower version 2.000.056 suffers from a remote root code execution vulnerability.

tags | exploit, remote, root, code execution
advisories | CVE-2018-5997
MD5 | 286d1b9d4db66d6981a29e5eeb654ba9
Apache Hadoop YARN NodeManager Password Leak
Posted Jan 24, 2018
Authored by Vinayakumar B

In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can leak the password for credential store provider used by the NodeManager to YARN Applications.

tags | advisory, info disclosure
advisories | CVE-2016-3086, CVE-2017-15718
MD5 | b366fe741e58c29c81bdd699e7262cc1
Professional Local Directory Script 1.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Professional Local Directory Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, local, sql injection
advisories | CVE-2018-5973
MD5 | d6361b679aaf7d70f8ac1ec7211ca878
WordPress Email Subscribers And Newsletters 3.4.7 Information Disclosure
Posted Jan 24, 2018
Authored by ThreatPress Security

WordPress Email Subscribers and Newsletters plugin version 3.4.7 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 74c7be672d0f561d60c3b5faaf2613cf
RAVPower 2.000.056 Memory Disclosure
Posted Jan 24, 2018
Authored by Daniele Linguaglossa, Stefano Farletti

RAVPower version 2.000.056 suffers from a memory disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-5319
MD5 | 3f342c39101e7e911a25a0944f2accae
MixPad 5.00 Buffer Overflow
Posted Jan 24, 2018
Authored by bzyo

MixPad version 5.00 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a32d3a1768736554aa97dc28a11b2d03
Apple Security Advisory 2018-1-23-2
Posted Jan 24, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-2 - macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address memory corruption, race condition, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2017-5754, CVE-2017-8817, CVE-2018-4082, CVE-2018-4084, CVE-2018-4085, CVE-2018-4086, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4091, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4096, CVE-2018-4097, CVE-2018-4098, CVE-2018-4100
MD5 | 9ccbdda73f3fa34f9888613d92bf83d9
Apple Security Advisory 2018-1-23-1
Posted Jan 24, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-1 - iOS 11.2.5 is now available and addresses memory corruption, code execution,a nd various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2018-4082, CVE-2018-4085, CVE-2018-4086, CVE-2018-4087, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4095, CVE-2018-4096, CVE-2018-4100
MD5 | d3a36ff9acb46e7dfe4f877e027f9e25
Oracle VirtualBox Guest To Host Escape
Posted Jan 24, 2018
Authored by Niklas Baumstark

Oracle VirtualBox versions prior to 5.1.30 and 5.2-rc1 suffer from a guest to host escape vulnerability.

tags | exploit
advisories | CVE-2018-2698
MD5 | f4883fbd65fd9c887b09bc14319f0e1d
Chameleon Mini Smartcard Emulator Iceman Fork Rebooted Green GUI 1.0
Posted Jan 24, 2018
Authored by Christian Herrmann | Site github.com

This is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.

tags | tool
systems | unix
MD5 | 602c1370eecc0356ef36c23dcd2b9004
Sync Breeze Enterprise 9.5.16 Import Command Buffer Overflow
Posted Jan 24, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.

tags | exploit, overflow
advisories | CVE-2017-7310
MD5 | 395d219c09a1ba573c0f9f59e1e68bb8
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
MD5 | b52da760a508f605f6ac4e9e7f6f0ffe
SugarCRM Community Edition 6.5.26 SQL Injection
Posted Jan 24, 2018
Authored by Leon Juranic, DefenseCode

SugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2ab4e697942a1f1e39de181287dee068
Wchat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Wchat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5979
MD5 | ff340d5874e04231fd61a6b43b0add64
Zechat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Zechat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5978
MD5 | 6c204cf2ed8ae8781d8e3a0a52c1c9d7
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection / XSS
Posted Jan 24, 2018
Authored by Samandeep Singh, Mohammad Shah Bin Mohammad Esa | Site sec-consult.com

Oracle Financial Services Analytical Applications versions 7.3.5.x and 8.0.x suffer from XML external entity injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, xxe
advisories | CVE-2018-2660, CVE-2018-2661
MD5 | 03e038ba3c35a62362f8c4edf912224d
Tumder 2.1 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Tumder version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5984
MD5 | 96e4f5a5959d56c639c6f1ba96853306
Photography CMS 1.0 Cross Site Request Forgery
Posted Jan 24, 2018
Authored by Ihsan Sencan

Photography CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-5969
MD5 | ee20e4531bad420ae4f0688f1a2f63ef
Microsoft Security Bulletin Updates For January, 2018
Posted Jan 24, 2018
Site microsoft.com

This Microsoft bulletin summary lists security updates released for January 22, 2018.

tags | advisory
MD5 | 042524c29b05ed1de8734de2a8a6c9a8
CentOS Web Panel 0.9.8.12 SQL Injection
Posted Jan 24, 2018
Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
systems | linux, centos
MD5 | 33493d1a1a25a4ec93631c76f1de235f
Quickad 4.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Quickad version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5972
MD5 | 58f61303fa76bb6c4b92837db0a9cf18
Ananta Gazelle 1.0 Local File Inclusion
Posted Jan 24, 2018
Authored by indoushka

Ananta Gazelle version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 4787a2aeca9fd059da95526643ec3db8
RSA Authentication Manager 8.2 SP1 P6 SQL Injection
Posted Jan 24, 2018
Site emc.com

RSA Authentication Manager versions 8.2 SP1 P6 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2017-15546
MD5 | 90651481fa0463a1321b9d4a6e387a8e
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    31 Files
  • 23
    May 23rd
    55 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close