what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2018-05-07

Palo Alto Networks readSessionVarsFromFile() Session Corruption
Posted May 7, 2018
Authored by H D Moore, Philip Pettersson | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This Metasploit module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.

tags | exploit, arbitrary, root, vulnerability, code execution
advisories | CVE-2017-15944
SHA-256 | f9f9ce5b8abd0f8306e641f3db279345c840570cf53ebfcf9179efb66f27a90f
Red Hat Security Advisory 2018-1328-01
Posted May 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1328-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include backup related, bypass, and code execution vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-1101, CVE-2018-1104, CVE-2018-7750
SHA-256 | b19e64c598c25f53ece8314ad1b6b240a0eb87dc98819f4541ad1d70d222c4f8
Kernel Live Patch Security Notice LSN-0037-1
Posted May 7, 2018
Authored by Benjamin M. Romer

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16995, CVE-2017-17448, CVE-2017-17450, CVE-2018-1000199, CVE-2018-5333, CVE-2018-5344, CVE-2018-8043
SHA-256 | 39ead24f1d46a53a4118ca65333192e8b23de00376f175ad713483a533c61a56
Ubuntu Security Notice USN-3638-1
Posted May 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3638-1 - It was discovered that QPDF incorrectly handled certain malformed files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-9252, CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627, CVE-2017-12595, CVE-2017-18183, CVE-2017-18184, CVE-2017-18185, CVE-2017-18186, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210, CVE-2018-9918
SHA-256 | 03118e2f1ab94bdf121ad97d5ad541897a62f7be559743c0db6cab94e8dd6849
Debian Security Advisory 4194-1
Posted May 7, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4194-1 - An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2018-1308
SHA-256 | c3d0122b346b2e49856edd1e3ecee006be164ded42a9e805833c164648e5d292
WebKitGTK+ Memory Corruption / Code Execution
Posted May 7, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ versions prior to 2.20.0, 2.20.1, and 2.20.1 suffer from various memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2018-4121, CVE-2018-4200, CVE-2018-4204
SHA-256 | a39a26b4f8a5581b6a4765e55261987ad531281dc1931b38e1e951b11f824539
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
SHA-256 | b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
DeviceLock Plug And Play Auditor 5.72 Buffer Overflow
Posted May 7, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

DeviceLock Plug and Play Auditor version 5.72 suffers from a unicode buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10655
SHA-256 | a04b03f127039281244ae032ebdea9fd8c13669ff1f696e985585752c5e8d1d1
WordPress User Role Editor Plugin Privilege Escalation
Posted May 7, 2018
Authored by Tomislav Paskalev, ethicalhack3r | Site metasploit.com

The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality ("update" function, contained within the "class-user-other-roles.php" module). Instead of verifying whether the current user has the right to edit other users' profiles ("edit_users" WP capability), the vulnerable function verifies whether the current user has the rights to edit the user ("edit_user" WP function) specified by the supplied user id ("user_id" variable/HTTP POST parameter). Since the supplied user id is the current user's id, this check is always bypassed (i.e. the current user is always allowed to modify its profile). This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile, by specifying them via the "ure_other_roles" parameter within the HTTP POST request to the "profile.php" module (issued when "Update Profile" is clicked). By default, this module grants the specified WP user all administrative privileges, existing within the context of the User Role Editor plugin.

tags | exploit, web, arbitrary, php
SHA-256 | 86dde6c9282f9f7fb3fc66f8f29e9d2f98fa12526e58142988e5f83d173bd04c
PlaySMS import.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, remote, web, php, code execution, file upload
systems | windows
advisories | CVE-2017-9101
SHA-256 | fd1838461438181db5479d38d1d1a6bb70ccdcb0e64b5040c592f5b4d3e3b3c7
PlaySMS sendfromfile.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh, DarkS3curity | Site metasploit.com

This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, php, file upload
systems | windows
advisories | CVE-2017-9080
SHA-256 | cd8509a13a4fadd5aa08a73c50a37e6e2a9bfc372d03a5e3789206904923adf9
HWiNFO 5.82-3410 Denial Of Service
Posted May 7, 2018
Authored by bzyo

HWiNFO version 5.82-3410 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 3096c783d9985e49241b6f6336c9e82a4bad31f59babd5074e89e7e2455f7d2d
Debian Security Advisory 4193-1
Posted May 7, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4193-1 - Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects.

tags | advisory, remote, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2018-10100, CVE-2018-10101, CVE-2018-10102
SHA-256 | 3a73597483640c6f844278e07523629caecaa3b2e0d161d7fe18550e189cd6eb
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close