what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-09-07

Apache Struts 2 Namespace Redirect OGNL Injection
Posted Sep 7, 2018
Authored by wvu, Man Yue Mo, hook-s3c, asoto-r7 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, code execution
advisories | CVE-2018-11776
SHA-256 | d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dab
Dell EMC VPlex GeoSynchrony 5.4 / 5.5 / 6.0 Insecure File Permissions
Posted Sep 7, 2018
Site emc.com

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contain an insecure file permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a man-in-the-middle attack on the VPN traffic.

tags | advisory, remote
advisories | CVE-2018-11078
SHA-256 | 61685abfda52cbfe34ab599da26d62776e3c243f5fe467d66cfe2e326b577e81
QNAP Photo Station 5.7.0 Cross Site Scripting
Posted Sep 7, 2018
Authored by Mitsuaki Shiraishi

QNAP Photo Station version 5.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-0715
SHA-256 | 6f8b1e997128cc4ac58c6c0f62ce744a696945567e0062420eddd4fbaa25ab43
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
Posted Sep 7, 2018
Authored by Sameer Goyal

Tenable WAS-Scanner version 7.4.1708 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | f6abb5ee36d02b2bef24e464cfd319bc4fb94400c1fa3819553e75be5a768531
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Posted Sep 7, 2018
Authored by Carlos Avila

Softneta MedDream PACS Server Premium version 6.7.1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 194ac197adc1113681f2469fa338d08273a5ee040d21692b985a3a36c07de39d
Softneta MedDream PACS Server Premium 6.7.1.1 SQL Injection
Posted Sep 7, 2018
Authored by Carlos Avila

MedDream PACS Server Premium version 6.7.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d808855c26366de2a644f78799999dc698975c07b3a41b5939697b9c5448dea5
iSmartViewPro 1.5 Local Buffer Overflow
Posted Sep 7, 2018
Authored by Gionathan Reale

iSmartViewPro version 1.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3ccea7524fc7185cc2b24fb7a9001df01667d74b4cb61e0e503f361072e513e0
WordPress Ajax BootModal Login 1.4.3 CAPTCHA Issue
Posted Sep 7, 2018
Authored by Lyderic Lefebvre, Fabien Haureils

WordPress Ajax BootModal Login plugin version 1.4.3 suffers from a CAPTCHA bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-15876
SHA-256 | 991000b519080f0b704ea5cde33ec9474cf7a17fe94e2852cd83734955e20f06
Dell EMC Isilon OneFS / IsilonSD Edge Remote Kernel Crash
Posted Sep 7, 2018
Site emc.com

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote kernel crash vulnerability in the isi_drive_d process. An unauthenticated attacker may potentially exploit this vulnerability to crash the server operating system by sending specially crafted input data to the affected system.

tags | advisory, remote, kernel
advisories | CVE-2018-11071
SHA-256 | 73b9f201cb28fbeddb6e452c427449c628770a38dc61496947a024292e9fc08c
RSA BSAFE SSL-J / Crypto-J Heap Clearing / Timing Channel
Posted Sep 7, 2018
Site emc.com

RSA BSAFE SSL-J versions prior to 6.2.4 contain a heap inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a covert timing channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

tags | advisory, remote, cryptography
advisories | CVE-2018-11068, CVE-2018-11069, CVE-2018-11070
SHA-256 | 1d4172c4c86ce8ccc2a9a8e1b830a45d85684dcdd0d15f64044487bd617a938e
DVD Photo Slideshow Professional 8.07 Buffer Overflow
Posted Sep 7, 2018
Authored by T3jv1l

DVD Photo Slideshow Professional version 8.07 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7466f8798884333013b9d57a67c1923161bd2ea8a5c5c3795f2945ffd8113b7a
Subsonic Music Streamer 4.4 For Android Improper Certificate Validation
Posted Sep 7, 2018
Authored by Andrew Klaus

Subsonic Music Streamer version 4.4 suffers from an improper certificate validation vulnerability.

tags | advisory
advisories | CVE-2018-15898
SHA-256 | f7f53b635f997e2cd5340af1d92833a14752efed2260921f9403d2e91f9f5fc0
DSub For Subsonic 5.4.1 Improper Certificate Validation
Posted Sep 7, 2018
Authored by Andrew Klaus

DSub for Subsonic version 5.4.1 suffers from an improper certificate validation vulnerability.

tags | advisory
advisories | CVE-2018-1000664
SHA-256 | 370704c68c165cc35ae66d964e40aba2fe2d033e452e2d6c15489ec1efdeb3a2
TestSSL 2.9.5-7
Posted Sep 7, 2018
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains a few bugfixes only.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | cefa572026119fbc872d24dc0fcec64a105b0e11a85291b48f0e5ef494f55517
Ubuntu Security Notice USN-3761-1
Posted Sep 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3761-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-12375, CVE-2018-12378, CVE-2018-12383
SHA-256 | 5250f9b22135e87b334a076a8fd606b93af51fe81a2760f9e0440c740663d869
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close