Twenty Year Anniversary
Showing 1 - 25 of 31 RSS Feed

Files Date: 2018-02-23

Disk Savvy Enterprise 10.4.18 Buffer Ovreflow
Posted Feb 23, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
MD5 | bfeae1744c34384854bd5326b5010471
CloudMe Sync 1.10.9 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira, hyp3rlinx | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
advisories | CVE-2018-6892
MD5 | 41dab942f2886640903e2e9e54f5e2e7
AsusWRT LAN Unauthenticated Remote Code Execution
Posted Feb 23, 2018
Authored by Pedro Ribeiro | Site metasploit.com

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

tags | exploit, web, root, udp
advisories | CVE-2018-5999, CVE-2018-6000
MD5 | 0a0cdd7637ea7a4a50df34cad0df396f
GNU Privacy Guard 2.2.5
Posted Feb 23, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes added.
tags | tool, encryption
MD5 | 567cd2d41fa632903066fde73d2005cb
Mandos Encrypted File System Unattended Reboot Utility 1.7.19
Posted Feb 23, 2018
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Various updates.
tags | tool, remote, root
systems | linux, unix
MD5 | 9073336d6b6993677a5214631dc914ed
Asterisk Project Security Advisory - AST-2018-006
Posted Feb 23, 2018
Authored by Sean Bright | Site asterisk.org

Asterisk Project Security Advisory - When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a busy loop that waited for the underlying connection to close.

tags | advisory
advisories | CVE-2018-7287
MD5 | 6df532c73bfa0e83b4440c0053559dc4
Kernel Live Patch Security Notice LSN-0035-1
Posted Feb 23, 2018
Authored by Benjamin M. Romer

On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | 95a67778ff266fb5d137537edcd1a426
Groupon Clone Script 3.0.2 Cross Site Scripting
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Groupon Clone Script version 3.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6868
MD5 | 8c45768488f3a8575379e78609d78040
Alibaba Clone Script 1.0.2 Cross Site Scripting
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6867
MD5 | 52578087deca4d56086eb683f2ff0082
Learning And Examination Management System Script 2.3.1 XSS
Posted Feb 23, 2018
Authored by Prasenjit Kanti Paul

Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6866
MD5 | 56a3caf5187054a653b75978805b772b
Joomla! OS Property Real Estate 3.12.7 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7319
MD5 | 10c1e12862bd58e0615a8e888d05f32d
Joomla! Proclaim 9.1.1 Shell Upload
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
advisories | CVE-2018-7316
MD5 | e4b3f4730e22f3b7318737ee5628509e
Joomla! CheckList 1.1.1 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7318
MD5 | da40a67229d8a2554d96e24e8dd85c27
Joomla! Alexandria Book Library 3.1.2 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Alexandria Book Library component version 3.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7312
MD5 | 7cc1ce6165302e8abb336073f066c668
Joomla! Ek Rishta 2.9 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Ek Rishta component version 2.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7315
MD5 | 0ff338c1363cd3325828f73ab0044dcc
Joomla! PrayerCenter 3.0.2 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! PrayerCenter component version 3.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7314
MD5 | a59a49349bb73dce4fb20f3fec9b5047
Joomla! Proclaim 9.1.1 Backup Disclosure
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! Proclaim component version 9.1.1 suffers from a backup disclosure vulnerability.

tags | exploit
advisories | CVE-2018-7317
MD5 | 250a8ab6bfe43d75e960a12779b9defd
Joomla! CW Tags 2.0.6 SQL Injection
Posted Feb 23, 2018
Authored by Ihsan Sencan

Joomla! CW Tags component version 2.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-7313
MD5 | 1b2237938dd63d23e8890c9f2a72fc55
NoMachine nxfuse Privilege Escalation
Posted Feb 23, 2018
Authored by Fidus InfoSecurity

NoMachine versions prior to 6.0.80 (x64) suffer from an nxfuse privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-6947
MD5 | 8a5db7fa6bd183e57b076f19b78e3126
Armadito Antivirus 0.12.7.2 Detection Bypass
Posted Feb 23, 2018
Authored by Souhail Hammou

Armadito Antivirus version 0.12.7.2 suffers from a detection bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-7289
MD5 | f5b81f188805211be13432cac9f664ab
Disk Pulse Enterprise 10.4.18 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira

Disk Pulse Enterprise version 10.4.18 suffers from an import command buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-7310
MD5 | 306d6473f1da65b39b55c3e2eb726093
Disk Savvy Enterprise 10.4.18 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira

Disk Savvy Enterprise version 10.4.18 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-6481
MD5 | d0a5403b18b4719bbfcc5ed6a346f8fa
Wavpack 5.1.0 Denial Of Service
Posted Feb 23, 2018
Authored by r4xis

Wavpack version 5.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-7254
MD5 | 101ae8999ce6a951af0e1503218bfffc
Asterisk Project Security Advisory - AST-2018-005
Posted Feb 23, 2018
Authored by Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

tags | advisory, tcp
advisories | CVE-2018-7286
MD5 | 0733c7c77cd97a87cdc416aef921fea4
Asterisk Project Security Advisory - AST-2018-004
Posted Feb 23, 2018
Authored by Joshua Colp, Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

tags | advisory
advisories | CVE-2018-7284
MD5 | f18e104dffba1574edc8eaf43287eb35
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close