exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2018-05-31

OpenSCAP Libraries 1.2.17
Posted May 31, 2018
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: New features include HTML Guide user experience improvements and new options in HTML report "Group By" menu. Various other updates.
tags | protocol, library
systems | unix
SHA-256 | 8a8cea880193b092895e1094dcc1368f8f44d986cf0749166e5da40ab6214982
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
SHA-256 | fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
Windows UAC Protection Bypass (Via Slui File Handler Hijack)
Posted May 31, 2018
Authored by bytecode-77, gushmazuko | Site metasploit.com

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

tags | exploit, shell, registry
systems | windows
SHA-256 | 52eae7699fd217998bd9f71d972ca94c711fbd59761cf10ee7f2ba42b345263e
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Posted May 31, 2018
Authored by Core Security Technologies, Maximiliano Vidal | Site coresecurity.com

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168
SHA-256 | e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
PageKit CMS 1.0.13 Cross Site Scripting
Posted May 31, 2018
Authored by Jason Perry

PageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11564
SHA-256 | 159b4f9b84d35d3f6a1f5d3bf55f4ab55a5d7c9402cba628709a4c7655460b17
TAC Xenta 511 / 911 Credential Disclosure
Posted May 31, 2018
Authored by Marek Cybul

TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 90952fc563068e757f870ef57c9c2fb11c036d0d9a431a036bcc222061093dcc
Red Hat Security Advisory 2018-1779-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1779-01 - Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Issues addressed include a deserialization vulnerability.

tags | advisory, java, remote, web, protocol
systems | linux, redhat
advisories | CVE-2016-5003
SHA-256 | 68d8463eb39947b4768e0072e58a98eeb01f9f8c076d5bbe05a00c4fe69a62f8
New STAR 2.1 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

New STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 942f181d2cef121670ac4505bb620b06890b8ed43bc51798794f718651dabde2
Red Hat Security Advisory 2018-1777-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | 6a5432497654c684dedf725c9d655f9ea79f3a8a1cdb12d1d04ae0bdf435f6ab
PHP Dashboards NEW 5.5 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

PHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 3a0a42771f077f731c8acfd860f24ce43b9da0dd368e67e85cd17bf005c119b5
Ubuntu Security Notice USN-3665-1
Posted May 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2017-12616, CVE-2017-12617, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305, CVE-2018-8014
SHA-256 | adc3401f4c6099499fc7f32dd5cfa60804e4fe107e205fa1ebecec9060700bf5
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 08bf99e3c3d9f328e9bffab76058387d5d908cb206308aad51b9c5313e0d68f3
Grid Pro Big Data 1.0 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

Grid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b1a5b6b5ec54dcb35948fe2e94789131e2272e1fcfa3162ded64b1df27330a98
Chitasoft 3.6.2 SQL Injection
Posted May 31, 2018
Authored by Hesam Bazvand

Chitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b8e6ee3398abdd19039b38944eaffefcc4f40997b47c4b627b90f1c62624af70
Brother HL-L2340D / HL-L2380DW Cross Site Scripting
Posted May 31, 2018
Authored by Huy Kha

Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 619bdaaa6484db813096e9f60d0936c2648c7b469e6a7525ec8533294ee85f8a
Ubuntu Security Notice USN-3664-1
Posted May 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2018-6552
SHA-256 | f8bd164a4dab67d5f1cb9bbeba62f5dd5317d2b3aefa38f3af5fed9d94f78351
AXON PBX 2.02 Cross Site Scripting
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11552
SHA-256 | 04a666c41333b5f3a6da50e9ea1dbdebeff05424793da848b007b56096f2c465
AXON PBX 2.02 DLL Hijacking
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-11551
SHA-256 | c680c40bb9644184c45d660a62e2391edc86949192449483678e312f79d2cc46
Linux/x86 TCP/4444 Bindshell Shellcode
Posted May 31, 2018
Authored by Paolo Perego

105 bytes small Linux/x86 bindshell shellcode that spawns on TCP/4444.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | fe6dd7fae1e1513ff3a092da78ff89e74788f9291d362a32c9d34126322afd77
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
Posted May 31, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.

tags | exploit
advisories | CVE-2018-8133
SHA-256 | dac02c231e7c37da88c204ab8918570d1df7d88c3ea07b2805f9d5afd9081f44
Linux/ARM Egghunter + /bin/sh Shellcode
Posted May 31, 2018
Authored by Ken Kitahara

32 bytes smalls Linux/ARM egghunter + /bin/sh shellcode.

tags | shellcode
systems | linux
SHA-256 | a8a8818b58dd7c10ffc3f9eef5ebbd60e88af764ec5bd9d08bdf1bc70f866956
Linux/x86 Egghunter + access() Shellcode
Posted May 31, 2018
Authored by Paolo Perego

38 bytes small Linux/x86 egghunter + access() shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 5bb54f21df2196370591c274991a596c8ac61ef9d2b7d4bb707eccadef695a0a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close