exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2018-08-31

gVisor Sentry Invalid Access
Posted Aug 31, 2018
Authored by Jann Horn, Google Security Research

gVisor Sentry permits access to the renameat() syscall. As the sentry is not chrooted, it permits renaming files in the host system.

tags | advisory
SHA-256 | 27c9dae5477db27a88105ca79f7540d5dd144ce2e235bd03195740baacaa98b1
Linux reiserfs listxattr_filler() Heap Overflow
Posted Aug 31, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a reiserfs listxattr_filler() heap overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | bda8cff2fd8a8c683d0b06a45887982f218af840ef2b2e66113c85ebc43d76eb
CA Release Automation Code Execution
Posted Aug 31, 2018
Authored by Ken Williams, Jakub Palaczynski, Maciej Grabiec | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2018-15691
SHA-256 | 4fc4b066351e50f874af68872fd64d5bec84276aff293512264657be23e122ca
CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
Posted Aug 31, 2018
Authored by Ken Williams, Oystein Middelthun | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2018-13819, CVE-2018-13820, CVE-2018-13821
SHA-256 | a4455b199d6346df10c220027991719705141f33a067ce43f7b651f5e6a4d79d
DamiCMS 6.0.0 Cross Site Request Forgery
Posted Aug 31, 2018
Authored by Autism_JH

DamiCMS version 6.0.0 change administrative password cross site request forgery proof of concept exploit.

tags | exploit, proof of concept, csrf
advisories | CVE-2018-15844
SHA-256 | c64f583df2199c7fe4254d38572104c3d2476164b43f76ec9deb32b708ac2020
Vox TG790 ADSL Router Cross Site Scripting
Posted Aug 31, 2018
Authored by Cakes

The Vox TG790 ADSL router suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 717552a1ef7035d3e690e5b4d070714826cd3b55c01ad8f8d9bb7544d6f8014d
Acunetix WVS Reporter 10.0 Denial Of Service
Posted Aug 31, 2018
Authored by Ali Alipour

Acunetix WVS Reporter version 10.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f99437e7dbb525c610fa5d7015e4693fadd0e49fcca2b81f85c551bec17fb8e8
AZORult Stealer 2 Botnet SQL Injection
Posted Aug 31, 2018
Authored by Bilal Kardadou

AZORult Stealer version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 674810906207e9407a36c925c186d9b8619229225cf8ba7ac0793ba7e833cfe1
Bro Network Security Monitor 2.5.5
Posted Aug 31, 2018
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed signed/unsigned comparison warning. Fixed SMTP command string comparisons. Various other updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | 18f2aeb10b4d935d85c115a1e4a93464b9750be19b34997cf6196b29118e73cf
GNU Privacy Guard 2.2.10
Posted Aug 31, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915
Wireshark Analyzer 2.6.3
Posted Aug 31, 2018
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Reduce the Valgrind packet limit to 10,000 for Fuzz. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | d158a8a626dc0997a826cf12b5316a3d393fb9f93d84cc86e75b212f0044a3ec
Network Manager VPNC Username Privilege Escalation
Posted Aug 31, 2018
Authored by Brendan Coles, Denis Andzakovic | Site metasploit.com

This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).

tags | exploit, root
systems | linux, debian, ubuntu
advisories | CVE-2018-10900
SHA-256 | 07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4a
ownCloud 0.1.2 User Impersonation Authorization Bypass
Posted Aug 31, 2018
Authored by Thierry Viaccoz

ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | 29b952619c8992a8a4ce5753eaedfa7b6eaafa33618c92674d49b3731375dc42
WordPress Jibu Pro 1.7 Cross Site Scripting
Posted Aug 31, 2018
Authored by Renos Nikolaou

WordPress Jibu Pro plugin version 1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 18c1194e869784b9a96a05527b9decfd9b972dec28496a9cb4a9df608b8a85da
WordPress Quizlord 2.0 Cross Site Scripting
Posted Aug 31, 2018
Authored by Renos Nikolaou

WordPress Quizlord plugin version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 62f0455ed5e3caa433f776afbd757a6ace1243aa45ddf39b3f26277ba9762848
Cybrotech CyBroHttpServer 1.0.3 Cross Site Scripting
Posted Aug 31, 2018
Authored by Emre OVUNC

Cybrotech CyBroHttpServer version 1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16134
SHA-256 | 149e18fdc58e7ab10a560a31539fb56b08816845e01114abfa7a0b7a31ad5ba8
Cybrotech CyBroHttpServer 1.0.3 Directory Traversal
Posted Aug 31, 2018
Authored by Emre OVUNC

Cybrotech CyBroHttpServer version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-16133
SHA-256 | 7b9c732ab95b49391cb25a863aa1969ba51ecb15bd4a8a0e7caeab1076eeef91
Nord VPN 6.14.31 Denial Of Service
Posted Aug 31, 2018
Authored by Borna Nematzadeh

Nord VPN version 6.14.31 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | e951f9644cbc57d0201f5a33382c0a9749c60a07708c0f9afcdce018e593e9dd
NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 Denial Of Service
Posted Aug 31, 2018
Authored by Victor Mondragon

NetworkActiv Web Server version 4.0 Pre-Alpha-3.7.2 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | ae999e04a2d6cad2f4feb9936d0cb7e68ca145d2af8ae75cb601034d777d684b
Trillian 6.1 Build 16 Denial Of Service
Posted Aug 31, 2018
Authored by Jose Miguel Gonzalez

Trillian version 6.1 build 16 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | de1c928ac823ef63b75409805f390d7d899c22b7b4ae83f2cae9493ef4cc2258
Easy PhotoResQ 1.0 Denial Of Service
Posted Aug 31, 2018
Authored by Gionathan Reale

Easy PhotoResQ version 1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 530ffacf17eccf9b46ccbaa478307f09bd9e22ddc709d82f9b9879aec197f45d
Episerver 7 Patch 4 XML Injection
Posted Aug 31, 2018
Authored by Jonas Lejon

Episerver version 7 patch 4 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2017-17762
SHA-256 | 8b0f7b7fc99768f17578cf411177580b97484e0238721108b9bab21d6906bb9f
phpMyAdmin 4.7.x Cross Site Request Forgery
Posted Aug 31, 2018
Authored by VulnSpy

phpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-1000499
SHA-256 | e63d2dcc5948a45882c170f9e3e441a265cf1233d27f4dee8c082aeef27611e0
Skype Empresarial Office 365 16.0.10730.20053 Denial Of Service
Posted Aug 31, 2018
Authored by Samuel Cruz

Skype Empresarial Office 365 version 16.0.10730.20053 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 3e7987d784144b91aefb2a14f3e9d598157afc82ba38c417a05ee061228b522d
Fathom 2.4 Denial Of Service
Posted Aug 31, 2018
Authored by Gionathan Reale

Fathom version 2.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 0dec82d3853c0206aa051f2aebab003420da2318e53ea332a230c36bf05ba7ad
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close