exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-09-07

Apache Struts 2 Namespace Redirect OGNL Injection
Posted Sep 7, 2018
Authored by wvu, Man Yue Mo, hook-s3c, asoto-r7 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, code execution
advisories | CVE-2018-11776
SHA-256 | d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dab
Dell EMC VPlex GeoSynchrony 5.4 / 5.5 / 6.0 Insecure File Permissions
Posted Sep 7, 2018
Site emc.com

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contain an insecure file permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a man-in-the-middle attack on the VPN traffic.

tags | advisory, remote
advisories | CVE-2018-11078
SHA-256 | 61685abfda52cbfe34ab599da26d62776e3c243f5fe467d66cfe2e326b577e81
QNAP Photo Station 5.7.0 Cross Site Scripting
Posted Sep 7, 2018
Authored by Mitsuaki Shiraishi

QNAP Photo Station version 5.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-0715
SHA-256 | 6f8b1e997128cc4ac58c6c0f62ce744a696945567e0062420eddd4fbaa25ab43
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
Posted Sep 7, 2018
Authored by Sameer Goyal

Tenable WAS-Scanner version 7.4.1708 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | f6abb5ee36d02b2bef24e464cfd319bc4fb94400c1fa3819553e75be5a768531
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Posted Sep 7, 2018
Authored by Carlos Avila

Softneta MedDream PACS Server Premium version 6.7.1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 194ac197adc1113681f2469fa338d08273a5ee040d21692b985a3a36c07de39d
Softneta MedDream PACS Server Premium 6.7.1.1 SQL Injection
Posted Sep 7, 2018
Authored by Carlos Avila

MedDream PACS Server Premium version 6.7.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d808855c26366de2a644f78799999dc698975c07b3a41b5939697b9c5448dea5
iSmartViewPro 1.5 Local Buffer Overflow
Posted Sep 7, 2018
Authored by Gionathan Reale

iSmartViewPro version 1.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3ccea7524fc7185cc2b24fb7a9001df01667d74b4cb61e0e503f361072e513e0
WordPress Ajax BootModal Login 1.4.3 CAPTCHA Issue
Posted Sep 7, 2018
Authored by Lyderic Lefebvre, Fabien Haureils

WordPress Ajax BootModal Login plugin version 1.4.3 suffers from a CAPTCHA bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-15876
SHA-256 | 991000b519080f0b704ea5cde33ec9474cf7a17fe94e2852cd83734955e20f06
Dell EMC Isilon OneFS / IsilonSD Edge Remote Kernel Crash
Posted Sep 7, 2018
Site emc.com

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote kernel crash vulnerability in the isi_drive_d process. An unauthenticated attacker may potentially exploit this vulnerability to crash the server operating system by sending specially crafted input data to the affected system.

tags | advisory, remote, kernel
advisories | CVE-2018-11071
SHA-256 | 73b9f201cb28fbeddb6e452c427449c628770a38dc61496947a024292e9fc08c
RSA BSAFE SSL-J / Crypto-J Heap Clearing / Timing Channel
Posted Sep 7, 2018
Site emc.com

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

tags | advisory, remote, crypto
advisories | CVE-2018-11068, CVE-2018-11069, CVE-2018-11070
SHA-256 | 1d4172c4c86ce8ccc2a9a8e1b830a45d85684dcdd0d15f64044487bd617a938e
DVD Photo Slideshow Professional 8.07 Buffer Overflow
Posted Sep 7, 2018
Authored by T3jv1l

DVD Photo Slideshow Professional version 8.07 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7466f8798884333013b9d57a67c1923161bd2ea8a5c5c3795f2945ffd8113b7a
Subsonic Music Streamer 4.4 For Android Improper Certificate Validation
Posted Sep 7, 2018
Authored by Andrew Klaus

Subsonic Music Streamer version 4.4 suffers from an improper certificate validation vulnerability.

tags | advisory
advisories | CVE-2018-15898
SHA-256 | f7f53b635f997e2cd5340af1d92833a14752efed2260921f9403d2e91f9f5fc0
DSub For Subsonic 5.4.1 Improper Certificate Validation
Posted Sep 7, 2018
Authored by Andrew Klaus

DSub for Subsonic version 5.4.1 suffers from an improper certificate validation vulnerability.

tags | advisory
advisories | CVE-2018-1000664
SHA-256 | 370704c68c165cc35ae66d964e40aba2fe2d033e452e2d6c15489ec1efdeb3a2
TestSSL 2.9.5-7
Posted Sep 7, 2018
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains a few bugfixes only.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | cefa572026119fbc872d24dc0fcec64a105b0e11a85291b48f0e5ef494f55517
Ubuntu Security Notice USN-3761-1
Posted Sep 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3761-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-12375, CVE-2018-12378, CVE-2018-12383
SHA-256 | 5250f9b22135e87b334a076a8fd606b93af51fe81a2760f9e0440c740663d869
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close