exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2018-02-11

Debian Security Advisory 4111-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4111-1 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2018-6871
SHA-256 | 875fb1d918df3b661e4db466d4345a2f702d542ff1100d9a149bf7bbf114f493
Debian Security Advisory 4110-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4110-1 - Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-6789
SHA-256 | 177e2fda59e9e6ba3a12f1c8d564ad42a8ca0e3bef74df674862b69bd02f1f54
Debian Security Advisory 4109-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.

tags | advisory, web, ruby
systems | linux, debian
advisories | CVE-2017-18076
SHA-256 | e59f433e0256fcb085e31cbcbe55a04241623a2742f3d2f521b26f9b0dd390b5
Paypal / Money Transfer Clone Script 1.0.9 SQL Injection
Posted Feb 11, 2018
Authored by Borna Nematzadeh

Paypal / Money Transfer Clone Script version 1.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 52d5d66942b0043aef7d321cc85c7938260c17772f2ee4067d2df036b7016027
Mandos Encrypted File System Unattended Reboot Utility 1.7.17
Posted Feb 11, 2018
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 2386b180183de2444fc4be1e86a6a581ba36877d6356baa5950a46293f5e1a09
Juju-run Agent Privilege Escalation
Posted Feb 11, 2018
Authored by Brendan Coles, David Ames, Ryan Beisner | Site metasploit.com

This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.

tags | exploit, arbitrary, x86, local, root
systems | linux, unix, ubuntu
advisories | CVE-2017-9232
SHA-256 | b9cf7f1398025752a68090222798f0555c42f1663cac0bf08ca8e26038f30d77
SoapUI 5.3.0 Code Execution
Posted Feb 11, 2018
Authored by Ismail Doe

SoapUI suffers from an arbitrary code execution vulnerability via a maliciously imported project.

tags | exploit, arbitrary, code execution
advisories | CVE-2017-16670
SHA-256 | e0430156b090f4e310fb65f9d97bfd534dbb8ded698fc0bebfe67d93c3f5f141
Readymade Video Sharing Script 3.2 SQL Injection
Posted Feb 11, 2018
Authored by Varun Bagaria

Readymade Video Sharing Script version 3.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 21a73403ac2fc9366ac278300a68d7247ba22c5efbd4d8cb353fe69ea07defdb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close