exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2018-03-29

OpenSSL Toolkit 1.1.0h
Posted Mar 29, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed an issue where constructed ASN.1 types with a recursive definition could exceed the stack. Also address was an incorrect CRYPTO_memcmp on HP-UX PA-RISC amongst other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0733, CVE-2018-0739
SHA-256 | 5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517
OpenSSL Toolkit 1.0.2o
Posted Mar 29, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed an issue where constructed ASN.1 types with a recursive definition could exceed the stack.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0739
SHA-256 | ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
Debian Security Advisory 4156-1
Posted Mar 29, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4156-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2018-7600
SHA-256 | 4730e5e8eed2ad125870f5a35793232c029da039eaee30cf59d3629a80817783
CA API Developer Portal Cross Site Scripting
Posted Mar 29, 2018
Authored by Kevin Kotas, Alphan Yavas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2018-6586, CVE-2018-6587, CVE-2018-6588
SHA-256 | b98fabc9ef6f671a55cace37b53443af82ef52f6a352b62785ada9db8a4b8813
ManageEngine Application Manager Remote Code Execution
Posted Mar 29, 2018
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute an operating system command under the context of privileged user. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing the given system. This endpoint calls several internal classes and then executes powershell script without validating user supplied parameter when the given system is OfficeSharePointServer.

tags | exploit
advisories | CVE-2018-7890
SHA-256 | a9eac798117fa04eab31bed74f5ad242fd765118d1e7c673979dc44d64574e70
Tenda W308R V2 Wireless Router 5.07.48 DNS Changer
Posted Mar 29, 2018
Authored by Todor Donev

Tenda W308R V2 wireless router version 5.07.48 remote DNS changer proof of concept exploit.

tags | exploit, remote, proof of concept
SHA-256 | da812361ffff26f846e7670639231461ac7239dc66c4e6b4587ef077c32f42cd
Debian Security Advisory 4155-1
Posted Mar 29, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4155-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146
SHA-256 | c0a81df393cb47344f541e2352dcd5ca3d263e96d1f8ad46257af1327d4b9bff
GitStack 2.3.10 Unsanitized Argument Remote Code Execution
Posted Mar 29, 2018
Authored by Kacper Szurek, Jacob Robles | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.

tags | exploit, remote, code execution
advisories | CVE-2018-5955
SHA-256 | cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275f
Exodus Wallet (ElectronJS Framework) Remote Code Execution
Posted Mar 29, 2018
Authored by Daniel Teixeira, Wflk | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Exodus Wallet. A vulnerability in the ElectronJS Framework protocol handler can be used to get arbitrary command execution if the user clicks on a specially crafted URL.

tags | exploit, remote, arbitrary, code execution, protocol
advisories | CVE-2018-1000006
SHA-256 | 71dfdd11a543d029057c8944a5a65b07ea8d8305fc5534962c0d5f2e9e49b452
Joomla Fields SQL Injection / Code Execution
Posted Mar 29, 2018
Authored by Mateus Lino, luisco100 | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in the com_fields component, which was introduced to the core of Joomla in version 3.7.0.

tags | exploit, sql injection
advisories | CVE-2017-8917
SHA-256 | 3c47c9bfce128f21ef8e90e8c9cce6c5d2d7a86876721b8aa1bfee001577bd26
Ubuntu Security Notice USN-3612-1
Posted Mar 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3612-1 - Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000140
SHA-256 | 0cf0854f31f05becfd0afac835a46b76bc9aefd388c74042f2deed97e2e2c5e7
Allok AVI DivX MPEG To DVD Converter 2.6.1217 Buffer Overflow
Posted Mar 29, 2018
Authored by wetw0rk

Allok AVI DivX MPEG to DVD Converter version 2.6.1217 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 10cb1ff3a28e0cb89a06e8afc8f73f3cf9e515e5c7f4804485d5e3b9d7c11a61
Square 9 GlobalForms 6.2.x Blind SQL Injection
Posted Mar 29, 2018
Authored by Darrell Damstedt

Square 9 GlobalForms versions 6.2.x and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-8820
SHA-256 | 0a2f3c92887f53f8b8e820d200b0b67f5b6af33a1df512b22f328b96bed0423e
Ubuntu Security Notice USN-3611-1
Posted Mar 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3611-1 - It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-0739
SHA-256 | cd7f9e0e55f0783389b888f3e2e0fa929a013a2d19bca8faa671e59cb9e8d17b
Red Hat Security Advisory 2018-0616-01
Posted Mar 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0616-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Issues addressed include a password exposure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000060
SHA-256 | 2d620761afe48f2449624bf989529b12a8d4d286e57a07c1d1804822b1f9a517
TwonkyMedia Server 7.0.11-8.5 Cross Site Scripting
Posted Mar 29, 2018
Authored by Sven Fassbender

TwonkyMedia Server version 7.0.11-8.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7203
SHA-256 | d5e79d511930141799083a74c5ca04b9688a5a349d708b03535f9fb9a0b63425
TwonkyMedia Server 7.0.11-8.5 Directory Traversal
Posted Mar 29, 2018
Authored by Sven Fassbender

TwonkyMedia Server version 7.0.11-8.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7171
SHA-256 | 1b6da30e8b845b06783ed2bef3e1450088d141271046aa6b1213cb09f99b0e3b
Red Hat Security Advisory 2018-0602-01
Posted Mar 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0602-01 - openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Issues addressed include a backup related vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12155
SHA-256 | dbd287f3ef15def62f3afd5d2043a86cef8e18fc105323919ade8b07e43cbbf2
SysGauge 4.5.18 Denial Of Service
Posted Mar 29, 2018
Authored by Hashim Jawad

SysGauge version 4.5.18 local denial of service proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
SHA-256 | 53118c389b3bec1a206058d35d74a97315317a31c8f6b94a50e2e0dbf6c8a54d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close