exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2018-05-16

Blue Team Training Toolkit (BT3) 2.7
Posted May 16, 2018
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: This release introduces an improved BT3 API account registration process, support for Ubuntu 18.04 LTS, and other minor adjustments.
tags | tool, python
systems | unix
SHA-256 | d65010874489d225c3085afcb787f78f9d1021517611e74b4c0c5f2a43ca639c
Ubuntu Security Notice USN-3646-2
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3646-2 - USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. Various other issues were also addressed.

tags | advisory, local, php
systems | linux, ubuntu
advisories | CVE-2018-10545, CVE-2018-10547, CVE-2018-10548
SHA-256 | c40611a08b9ad45b2b520e451e6127c9a498e306b6b3a0882f04bb854dc3cdba
Red Hat Security Advisory 2018-1575-01
Posted May 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1575-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-8088
SHA-256 | eefacd58973e083e2b8d73c6d05852e46101ca410b50d120d92f260a110f6dec
RSA Authentication Manager XML Injection / Cross Site Scripting
Posted May 16, 2018
Authored by Mantas Juskauskas | Site sec-consult.com

RS Authentication Manager versions prior to 8.3 P1 suffer from cross site scripting and XML external entity injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-1247
SHA-256 | 5f29168627fcfedc466452591465cb7af5ada25e7ef720e7bc61f4c518a48f91
Jenkins CLI HTTP Java Deserialization
Posted May 16, 2018
Authored by Matthias Kaiser, Alisa Esage, YSOSerial, Ivan | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2016-9299
SHA-256 | e113d2fe31f57558b68a1a915f47f25319abff18ad6045ed75023442be7953d9
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
Posted May 16, 2018
Authored by Nixawk, icez, xfer0 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.

tags | exploit, remote, code execution
advisories | CVE-2017-9791
SHA-256 | 3343992f21f9ecb6b543f0313f63aef8d719b76b47b30afb63b5c6f1d0f8fd45
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
SHA-256 | 5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5
Ubuntu Security Notice USN-3642-2
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3642-2 - USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-1059
SHA-256 | 8fe532f8353f1e5421bd17706a5c37467d8b0cdab55cefe5959ae68270a446a3
Ubuntu Security Notice USN-3649-1
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3649-1 - Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16845, CVE-2018-7550, CVE-2018-7858
SHA-256 | 8d1fd8f5895618b90cefbd95f981ed47f49cbe3e49a20efeeb784bd6ffd48c02
MyBB Admin Notes 1.1 Cross Site Request Forgery
Posted May 16, 2018
Authored by 0xB9

MyBB Admin Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 952232605182b365a339a5cdd29595985f7168aa2d08d594d049fad27ea284f3
VirtueMart 3.1.14 Cross Site Scripting
Posted May 16, 2018
Authored by Mattia Furlani

VirtueMart version 3.1.14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7465
SHA-256 | 24e565c56c7f31f667c33aabf50e2f39ba1136a0136ce807c5f7254893fc8270
Ubuntu Security Notice USN-3648-1
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000300, CVE-2018-1000301, CVE-2018-1000303
SHA-256 | c65d1f87b06ccd75d36690b9c5b87c1f89bfe13c679ad86bf2049e999741df91
Rockwell Scada System 27.011 Cross Site Scripting
Posted May 16, 2018
Authored by t4rkd3vilz

Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-2279
SHA-256 | faa77988caea596c3c8dcdca2b87fc0d9eb9ec0ca910db9160ab67bf37e1396d
Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting
Posted May 16, 2018
Authored by Borna Nematzadeh

Multiplayer BlackJack Online Casino Game version 2.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | adc5d54b29f5daf2436646020da97ca6760d775ab01ab50b77a5fd5437c87e61
Horse Market Sell And Rent Portal Script 1.5.7 CSRF
Posted May 16, 2018
Authored by Borna Nematzadeh

Horse Market Sell and Rent Port Script version 1.5.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 376de679abd344d14343f0bf08b8b97a92b261735c9043fc40698401ad7a60d9
Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution
Posted May 16, 2018
Authored by neonsea

Inteno IOPSYS version 2.0 - 4.2.0 p910nd suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2018-10123
SHA-256 | f615fba4d9539a5dbd7d159a724c44724105b83272fb40dd71238d9daef82da6
vcftools 0.1.15 Out-Of-Bounds Read / Denial Of Service / Buffer Overflow
Posted May 16, 2018
Authored by Webin Security Lab

vcftools version 0.1.15 suffers from out-of-bounds read, denial of service, buffer overflow, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
advisories | CVE-2018-11099, CVE-2018-11129, CVE-2018-11130
SHA-256 | 9eefdd1e2925e6f95ad42de0c06c5cd451572d6217a1defb026d0d90bc7f3fd8
Microsoft Security Bulletin CVE Revision Increment For May, 2018
Posted May 16, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE updates for CVE-2018-8147, CVE-2018-8162, and CVE-2018-8176.

tags | advisory
advisories | CVE-2018-8147, CVE-2018-8162, CVE-2018-8176
SHA-256 | 0adeb9c9d3a9a43a184d8da9479bd167c133a404bf0701972592c931b657a24e
Debian Security Advisory 4201-1
Posted May 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, CVE-2018-8897
SHA-256 | 5f94aebb03d033ff9bb6ee8f33889d513f0b3522c4d68c721d0f40f7968f1c51
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close