what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-03-26

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
Posted Mar 26, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

tags | exploit, arbitrary, php, file upload
systems | linux, windows
SHA-256 | 4cbc4f10623c015fe72317b111015c9c54dcbf8fdddd9d0a7b8d9e1a06c5b330
Ubuntu Security Notice USN-3607-1
Posted Mar 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3607-1 - It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-8885
SHA-256 | 1cba5203444f9b97137ee8c0abe70d8653262ffbbce163e3843645d454d09a9b
Gentoo Linux Security Advisory 201803-13
Posted Mar 26, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-13 - A vulnerability in PLIB may allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4552
SHA-256 | 3075429c781033eb45aa3333ffe934344597b6dddf0b7d6046c6a3fedd2a965f
Gentoo Linux Security Advisory 201803-12
Posted Mar 26, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15873, CVE-2017-15874, CVE-2017-16544
SHA-256 | 588359ff5f2c3bbf4fd2ef4dd07154b16880b4831f2d6100b5c05d71eee8101b
Ubuntu Security Notice USN-3606-1
Posted Mar 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3606-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3186, CVE-2016-5102, CVE-2016-5318, CVE-2017-11613, CVE-2017-12944, CVE-2017-17095, CVE-2017-18013, CVE-2017-5563, CVE-2017-9117, CVE-2017-9147, CVE-2017-9935, CVE-2018-5784
SHA-256 | ba45642f0c149fb2dbd67ebccb1e77402ebb7c2bf58e841d47e94662310294ae
Acrolinx Server Directory Traversal
Posted Mar 26, 2018
Authored by Berk Dusunur

Acrolinux Server versions prior to 5.2.5 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7719
SHA-256 | 6e40e3230a6a8f992f1896ba8051c14211224629d948f41fe8404620830cb2a9
Hikvision IP Camera 5.3.9 Access Control Bypass
Posted Mar 26, 2018
Authored by Matamorphosis

Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.

tags | exploit, bypass
SHA-256 | 7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9f
Laravel Log Viewer Local File Download
Posted Mar 26, 2018
Authored by Haboob Team

Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.

tags | exploit, local
advisories | CVE-2018-8947
SHA-256 | 167717bccfa3ca0b0d38c17ea0f44b8f9623e1fe306e0934c356174fe45eecf6
WordPress Event Manager 5.8.1.1 Cross Site Scripting
Posted Mar 26, 2018
Authored by Luigi Gubello

WordPress Event Manager plugin version 5.8.1.1 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-9020
SHA-256 | baf4458c23251ad71852c73e90d1678d2e8eaaa88fc903857be36dcdba922235
Cross Site Scripting In A Nutshell
Posted Mar 26, 2018
Authored by Tahar Amine ELHOUARI | Site taharamine.me

Whitepaper called Cross Site Scripting 'XSS' In A Nutshell.

tags | paper, xss
SHA-256 | 695d2b954f4e3f92af84560cd50399eb8681efd6c5c34c52add3dfb690d2875a
Fast AVI MPEG Splitter 1.2 Buffer Overflow
Posted Mar 26, 2018
Authored by Velayutham Selvaraj, Mohan Ravichandran

Fast AVI MPEG Splitter version 1.2 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 74d1b7954d7ccab43a24cc84ff23859a4adf3cf98319b7e84a0e2d798dcd60dd
LabF nfsAxe 3.7 Privilege Escalation
Posted Mar 26, 2018
Authored by bzyo

LabF nfsAxe version 3.7 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 09397fec453df4dd0bbba58af44a3c3ea744332821b07a0aa8aeca1e2d151a20
TestSSL 2.9.5-3
Posted Mar 26, 2018
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains several bugfixes as opposed to 2.9.5-2. It does not contain any new features.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 0e040218d72d6d3b0172bedbc784268e3e297d7689ffa343f150fb05a9d2491a
MSSQL Error-Based SQL Injection
Posted Mar 26, 2018
Authored by Manish Tanwar

Whitepaper that discusses error-based SQL injection in "Order By" clause in MSSQL.

tags | paper, sql injection
SHA-256 | 851cfd618bf84f5c291b9f234d0aa06c3d0654bfd229ffe4a04e78ae9f52e471
TL-WR720N 150Mbps Wireless N Router Cross Site Request Forgery
Posted Mar 26, 2018
Authored by Mans van Someren

TL-WR720N 150Mbps Wireless N Router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 29a83aa88e720bd516144671af135dc4639bec30d79836352ba9b3a570f1c6e5
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close