Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

Files Date: 2018-05-31

OpenSCAP Libraries 1.2.17
Posted May 31, 2018
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: New features include HTML Guide user experience improvements and new options in HTML report "Group By" menu. Various other updates.
tags | protocol, library
systems | unix
MD5 | 56d11d9bd3d61b6edf7368636344ff72
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
MD5 | 40e0fc0c417670b30bccdf9097a9a547
Windows UAC Protection Bypass (Via Slui File Handler Hijack)
Posted May 31, 2018
Authored by bytecode-77, gushmazuko | Site metasploit.com

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

tags | exploit, shell, registry
systems | windows
MD5 | cbaf903a1f48babbbfdd55bd95607ccf
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Posted May 31, 2018
Authored by Core Security Technologies, Maximiliano Vidal | Site coresecurity.com

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168
MD5 | fa95a83ac5f5a79ab8497701933a0dc5
PageKit CMS 1.0.13 Cross Site Scripting
Posted May 31, 2018
Authored by Jason Perry

PageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11564
MD5 | f546c86af37c8ecf22a4ff6e67b28d48
TAC Xenta 511 / 911 Credential Disclosure
Posted May 31, 2018
Authored by Marek Cybul

TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 1b77df6a795e8e20ad8f16e9b03958aa
Red Hat Security Advisory 2018-1779-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1779-01 - Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Issues addressed include a deserialization vulnerability.

tags | advisory, java, remote, web, protocol
systems | linux, redhat
advisories | CVE-2016-5003
MD5 | 0948dc2b3ab5ef5de1187ae754f1d4bd
New STAR 2.1 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

New STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a856c03164de7ba7c99d58887aa40da0
Red Hat Security Advisory 2018-1777-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 65a109315e03b0c19b3e8846940cf2fd
PHP Dashboards NEW 5.5 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

PHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | d00ae116d2bf4184267f84bedd816657
Ubuntu Security Notice USN-3665-1
Posted May 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2017-12616, CVE-2017-12617, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305, CVE-2018-8014
MD5 | 4010dd1ed3cd225ed49a240fc59a47d5
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 387b49c32a6a09b2dbb4a8c47fbc3fad
Grid Pro Big Data 1.0 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

Grid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8d8b8bf5cf45f887aaa6526de8ac927d
Chitasoft 3.6.2 SQL Injection
Posted May 31, 2018
Authored by Hesam Bazvand

Chitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 01d3997d0b7256b35f025efec8244e34
Brother HL-L2340D / HL-L2380DW Cross Site Scripting
Posted May 31, 2018
Authored by Huy Kha

Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a576fba994d6ae7c1631a3475c0cc02c
Ubuntu Security Notice USN-3664-1
Posted May 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2018-6552
MD5 | 0c542d9aa0e59f4f0b5dae590c06df0b
AXON PBX 2.02 Cross Site Scripting
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11552
MD5 | c7b7efaa05186b62f050f3c020baa340
AXON PBX 2.02 DLL Hijacking
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-11551
MD5 | 7513907aab36270c4e33dc6b00e1d9d4
Linux/x86 TCP/4444 Bindshell Shellcode
Posted May 31, 2018
Authored by Paolo Perego

105 bytes small Linux/x86 bindshell shellcode that spawns on TCP/4444.

tags | x86, tcp, shellcode
systems | linux
MD5 | 843af161ff8f5f667b5b1c61ca684aff
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
Posted May 31, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.

tags | exploit
advisories | CVE-2018-8133
MD5 | ae691da69a6f584e9d6f3d6f325cc89e
Linux/ARM Egghunter + /bin/sh Shellcode
Posted May 31, 2018
Authored by Ken Kitahara

32 bytes smalls Linux/ARM egghunter + /bin/sh shellcode.

tags | shellcode
systems | linux
MD5 | 620971f7d773b12daf101632c4d27f2e
Linux/x86 Egghunter + access() Shellcode
Posted May 31, 2018
Authored by Paolo Perego

38 bytes small Linux/x86 egghunter + access() shellcode.

tags | x86, shellcode
systems | linux
MD5 | 387772621eb89201ab1a444b0f1cfc2f
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close