Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-03-26

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
Posted Mar 26, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

tags | exploit, arbitrary, php, file upload
systems | linux, windows, 7
MD5 | d2275d600b73e806af00c2c4d704c496
Ubuntu Security Notice USN-3607-1
Posted Mar 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3607-1 - It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-8885
MD5 | 359b59ae95edaa6cb0a9f07c8e2f310f
Gentoo Linux Security Advisory 201803-13
Posted Mar 26, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-13 - A vulnerability in PLIB may allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4552
MD5 | 651a865e4e97854aed0dff36a436a998
Gentoo Linux Security Advisory 201803-12
Posted Mar 26, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-12 - Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.28.0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-15873, CVE-2017-15874, CVE-2017-16544
MD5 | e60b0c02b12aec5cc8b0a2aa55342d15
Ubuntu Security Notice USN-3606-1
Posted Mar 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3606-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3186, CVE-2016-5102, CVE-2016-5318, CVE-2017-11613, CVE-2017-12944, CVE-2017-17095, CVE-2017-18013, CVE-2017-5563, CVE-2017-9117, CVE-2017-9147, CVE-2017-9935, CVE-2018-5784
MD5 | 0ecb2ce7d15e1d29fbbb851a9b830979
Acrolinx Server Directory Traversal
Posted Mar 26, 2018
Authored by Berk Dusunur

Acrolinux Server versions prior to 5.2.5 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7719
MD5 | f8c6b5cf05fb6853a6c28915b9aec4cc
Hikvision IP Camera 5.3.9 Access Control Bypass
Posted Mar 26, 2018
Authored by Matamorphosis

Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.

tags | exploit, bypass
MD5 | c61631feb0c586eb225dc046e312c1e9
Laravel Log Viewer Local File Download
Posted Mar 26, 2018
Authored by Haboob Team

Laravel Log Viewer versions prior to 0.13.0 suffers from a local file download vulnerability.

tags | exploit, local
advisories | CVE-2018-8947
MD5 | 1e81a04e0c7cc01f16fdaa42c8c9f5e9
WordPress Event Manager 5.8.1.1 Cross Site Scripting
Posted Mar 26, 2018
Authored by Luigi Gubello

WordPress Event Manager plugin version 5.8.1.1 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-9020
MD5 | 9e1bd039b3d6e797b1722ceed646c3a7
Cross Site Scripting In A Nutshell
Posted Mar 26, 2018
Authored by Tahar Amine ELHOUARI | Site taharamine.me

Whitepaper called Cross Site Scripting 'XSS' In A Nutshell.

tags | paper, xss
MD5 | 09ea07bed12f6ea24186c4a57073f88c
Fast AVI MPEG Splitter 1.2 Buffer Overflow
Posted Mar 26, 2018
Authored by Velayutham Selvaraj, Mohan Ravichandran

Fast AVI MPEG Splitter version 1.2 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a3534d29a8692aa7fc96040846a06257
LabF nfsAxe 3.7 Privilege Escalation
Posted Mar 26, 2018
Authored by bzyo

LabF nfsAxe version 3.7 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 3e6525284fbed5cc0b581021e17c94c5
TestSSL 2.9.5
Posted Mar 26, 2018
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains several bugfixes as opposed to 2.9.5-2. It does not contain any new features.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 8d98ef6d0828bb09e58fd8ad0acb14ed
MSSQL Error-Based SQL Injection
Posted Mar 26, 2018
Authored by Manish Tanwar

Whitepaper that discusses error-based SQL injection in "Order By" clause in MSSQL.

tags | paper, sql injection
MD5 | 65b9edfba25966175a4c63746a36bb30
TL-WR720N 150Mbps Wireless N Router Cross Site Request Forgery
Posted Mar 26, 2018
Authored by Mans van Someren

TL-WR720N 150Mbps Wireless N Router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 813d6ce1770446ad55570855d5d97540
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close