Twenty Year Anniversary
Showing 1 - 25 of 353 RSS Feed

Files Date: 2018-06-01 to 2018-06-30

FTPShell Client 6.70 Enterprise Edition Stack Buffer Overflow
Posted Jun 29, 2018
Authored by Daniel Teixeira, r4wd3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2018-7573
MD5 | 65592cd1c5d2d58b3050cf2873ac3999
Nagios XI Chained Remote Code Execution
Posted Jun 29, 2018
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

tags | exploit, remote, shell, root, php, vulnerability
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
MD5 | f275b1da0c15a7e7e5fae8036578d5d8
VMware Security Advisory 2018-0011.1
Posted Jun 29, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0011.1 - Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud.

tags | advisory
advisories | CVE-2018-6961
MD5 | 33528556c724e88878d3cddd9df431a0
VMware Security Advisory 2018-0016
Posted Jun 29, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0016 - VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2018-6965, CVE-2018-6966, CVE-2018-6967
MD5 | 9e77b1bff964e74c1f3bb1b38b506d8d
VMware Security Advisory 2018-0012.1
Posted Jun 29, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0012.1 - VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.

tags | advisory
advisories | CVE-2018-3639, CVE-2018-3640
MD5 | 5832e15c2d041232da4541136aa10a96
Microsoft Windows ADODB.Record Object File Overwrite
Posted Jun 29, 2018
Authored by Eduardo Braun Prado

Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.

tags | exploit, proof of concept
systems | windows
MD5 | fcb2505c4c86719bf35019b73b7da0fe
Ubuntu Security Notice USN-3686-2
Posted Jun 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3686-2 - USN-3686-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8865, CVE-2018-10360
MD5 | a5925e66541ee673aef6a9f48d20e4cc
Gentoo Github Hacked
Posted Jun 29, 2018
Authored by Gentoo | Site security.gentoo.org

28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. Gentoo is still working to determine the exact extent and to regain control of the organization and its repositories.

tags | advisory
systems | linux, gentoo
MD5 | 06ba0aa726dbf856620b37a1d0d2c6e2
Debian Security Advisory 4236-1
Posted Jun 29, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4236-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-12891, CVE-2018-12892, CVE-2018-12893
MD5 | d368b52f6db663340de9c0df4d45e137
Red Hat Security Advisory 2018-2102-01
Posted Jun 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2102-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an information exposure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1059
MD5 | df1c263423fb9cb9b37b76efa1224349
Ubuntu Security Notice USN-3694-1
Posted Jun 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3694-1 - It was discovered that NASM incorrectly handled certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use these issues to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10686, CVE-2017-11111, CVE-2017-14228, CVE-2017-17810, CVE-2017-17811, CVE-2017-17812, CVE-2017-17813, CVE-2017-17814, CVE-2017-17815, CVE-2017-17816, CVE-2017-17817, CVE-2017-17818, CVE-2017-17819, CVE-2017-17820, CVE-2018-8881
MD5 | edefccd58f621f41c0bc69a20547819f
Red Hat Security Advisory 2018-2112-01
Posted Jun 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
MD5 | 29344370decb099155105e9c463e59e7
Red Hat Security Advisory 2018-2113-01
Posted Jun 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
MD5 | 5f5f09c5bb8d12e7cd03f1208541cf84
Debian Security Advisory 4235-1
Posted Jun 29, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

tags | advisory, web, denial of service, arbitrary, info disclosure, csrf
systems | linux, debian
advisories | CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156
MD5 | 0199d331afe9693064054c17e6926ce1
Apple Security Advisory 2018-06-27-1
Posted Jun 29, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-06-27-1 - SwiftNIO 1.8.0 is now available and addresses a buffer overflow vulnerability.

tags | advisory, overflow
systems | apple
advisories | CVE-2018-4281
MD5 | 6473d76b977aaab2576e0ce737638d82
TP-Link TL-WR841N V13 Insecure Direct Object Reference
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vulnerability.

tags | exploit, bypass
advisories | CVE-2018-12575
MD5 | 37834a9f73c3857930c4f53e9735344e
TP-Link TL-WR841N V13 Command Injection
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from a blind command injection vulnerability.

tags | exploit
advisories | CVE-2018-12577
MD5 | 25067e303ff47629d127aab59afd2c69
TP-Link TL-WR841N V13 Cross Site Request Forgery
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2018-12574
MD5 | 4f691c1bc47a0d96a8adc0d76ae88c96
GRR 3.2.3.2
Posted Jun 28, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with a fix for a client-repacking bug introduced in v3.2.3.0.
tags | tool, remote, web, forensics
systems | unix
MD5 | 7aa8402312de71d03f4fab72c0a59707
Red Hat Security Advisory 2018-2114-01
Posted Jun 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2114-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.6 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.

tags | advisory
systems | linux, redhat
MD5 | 589b6fb0ba30cc2358831e6a41f97082
Cisco Adaptive Security Appliance Path Traversal
Posted Jun 28, 2018
Authored by Yassin Aboukir

Cisco Adaptive Security Appliance suffers from a path traversal vulnerability.

tags | exploit, file inclusion
systems | cisco
advisories | CVE-2018-0296
MD5 | ff28a3e2da7f0ca29f3c16fb1eb66ca1
Android media.metrics Service Race Condition
Posted Jun 28, 2018
Authored by Google Security Research, laginimaineb

Android suffers from multiple race condition vulnerabilities in the media.metrics service.

tags | exploit, vulnerability
MD5 | 06121632506dfafd6c92c75072b912b0
hycus CMS 1.0.4 SQL Injection
Posted Jun 28, 2018
Authored by Berk Dusunur

hycus CMS version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 32e5893e02f3afa19fdaca23bbd75a9e
DIGISOL DG-HR3400 Wireless Router Cross Site Scripting
Posted Jun 28, 2018
Authored by Adipta Basu

DIGISOL DG-HR3400 Wireless Router suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cdb2716d49ee9b7c2a42963c3b3ba759
BEESCMS 4.0 Cross Site Request Forgery
Posted Jun 28, 2018
Authored by bay0net

BEESCMS version 4.0 suffers from an add administrator cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8aba9118924f2fe8ad5455a7b07fd4e2
Page 1 of 15
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close