exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

Files Date: 2018-07-04

Intel Processor Diagnostic Tool (IPDT) Privilege Escalation
Posted Jul 4, 2018
Authored by Stefan Kanthak

Intel Processor Diagnostic Tool (IPDT) versions prior to 4.1.0.27 suffer from three code execution and privilege escalation vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-3667, CVE-2018-3668
MD5 | e27a62a998247161335280f046236c59
Sophos SafeGuard Priivlege Escalation
Posted Jul 4, 2018
Authored by Kyriakos Economou

Sophos SafeGuard Enterprise versions 8.00.4 and earlier, SafeGuard Easy versions 7.00.2.35 and earlier, and SafeGuard LAN Crypt versions 3.95.1.13 and earlier suffer from privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2018-6851, CVE-2018-6852, CVE-2018-6853, CVE-2018-6854, CVE-2018-6855, CVE-2018-6856, CVE-2018-6857
MD5 | d7734878ce00314452dce885fb8071ca
ADB Group Manipulation Privilege Escalation
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via "debug", "upgrade", "upload" etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13110
MD5 | 0254447d93834f28ac860a21891adb56
ADB Authorization Bypass
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13109
MD5 | e41c2384f02b6cc08acf7b55cfe6e66e
ADB Local Root Jailbreak
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

ADB broadband gateways and routers suffer from a local root jailbreak vulnerability via a network file sharing flaw. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, local, root
advisories | CVE-2018-13108
MD5 | e1b1a79ae21d1cb9f872306500296cf4
Ubuntu Security Notice USN-3703-2
Posted Jul 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3703-2 - USN-3703-1 fixed a vulnerability in Archive Zip module. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-10860
MD5 | 3f883e9bc0bc32c236fe302829c032f9
Ubuntu Security Notice USN-3703-1
Posted Jul 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3703-1 - It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-10860
MD5 | 31d7425a12327c23bb9d8f2a84bbc316
Ubuntu Security Notice USN-3702-1
Posted Jul 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3702-1 - It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2018-12882
MD5 | 91cf13f6abb86654377d8a466daabf9a
Online Trade 1 Credential Disclosure
Posted Jul 4, 2018
Authored by Borna Nematzadeh

Online Trade version 1 suffers from an information leakage vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-12908
MD5 | 29647322dcdcf114dd33468d379eb199
ShopNx Arbitrary File Upload
Posted Jul 4, 2018
Authored by Borna Nematzadeh

ShopNx suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2018-12519
MD5 | 873cfaf579555162d921b6c033b40dab
CMS Made Simple 2.2.5 Remote Code Execution
Posted Jul 4, 2018
Authored by Mustafa Hasan

CMS Made Simple version 2.2.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000094
MD5 | 72574b50537defd0efa90ab9f43cbc9f
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close