exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2018-10-01

Aircrack-ng Wireless Network Tools 1.4
Posted Oct 1, 2018
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Added PMKID cracking. Serious speed up and memory usage decrease when loading large files (multiple Gb) using AVL trees. Added hwloc (Hardware Locality) to improve performance. Tons of other additions, fixes, and improvements.
tags | tool, wireless
systems | unix
SHA-256 | 96092a8af7af27cdc1923cd5167dfca4a17e9f5fd866973b7b6eb6d3b479e13b
Botan C++ Crypto Algorithms Library 2.8.0
Posted Oct 1, 2018
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Add support for using Apple CommonCrypto library for hashing (GH #1667), cipher modes (GH #1674) and block ciphers (GH #1673). Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default TLS policy. Various other updates.
tags | library
SHA-256 | e7159b127e91e0c158245d61c638c50d443ec7b440b6b0161328c47b3aba3960
Billion ADSL Router 400G 20151105641 Cross Site Scripting
Posted Oct 1, 2018
Authored by Cakes

Billion ADSL Router 400G 20151105641 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 415c685c617ce523b01cf4d0c2437a1dc1cb5b9fafbc69916fe6af6299b6cdff
Flippa Marketplace Clone 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Flippa Marketplace Clone version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4743df958f53549f0e6c211f5a61809ea6bd945d75b74d048ba3048c502a3d57
Binary MLM Software 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Binary MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9bf8aeb8aa0e6a5f74cf53040725bd5de169a295f71851dafd60a7a5ec55df55
Singleleg MLM Software 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d567cb9240070d11d34b1d4231bc49b0f5c2eba220cc2055f4fde3c19f230e68
Education Website 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Education Website version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8087ab6f403857da16b8b445818f96a6d988a7f2d4fbbd0214656664dcf877c9
Hotel Booking Engine 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c06063c181b8a275f74850aa6ffe245560b0313d57663160b702f6f98773d7a8
H2 Database 1.4.196 Remote Code Execution
Posted Oct 1, 2018
Authored by h4ckNinja

H2 Database version 1.4.196 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 19f88acd5386a684f32bd72ab5812fbec9a7738e9175f9dc0f9eb88aae5b4cc6
Debian/Ubuntu AppArmor evince Policy Bypass
Posted Oct 1, 2018
Authored by Jann Horn, Google Security Research

The Debian/Ubuntu AppArmor policy for evince in bypassable.

tags | exploit
systems | linux, debian, ubuntu
SHA-256 | ff472c98cc21174fede936caa3bc63c6a799eee6f6a780c628bab6a7a80777c1
Ivanti Workspace Control UNC Path Data Security Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, bypass
SHA-256 | 507e3c9cc2d0a60cb3923378de3e647c3ee8b937f4097ddf9a6615c71a46daf9
Ivanti Workspace Control Registry Stored Credentials
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, registry
systems | windows
SHA-256 | 964ae3397201993a0875edfc0ea849d24a6d6bd09383d580016c683c5209f357
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
SHA-256 | 8258dbf9be109afe0d7a02ca62f333c5c39f3e9e6c52f1ae3f17a46f22ef8eca
Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.

tags | exploit, arbitrary, bypass
SHA-256 | d22755c11b4351cbedb8fccbfeb8f10b0a0fd56433daae7099f4a1f97ebe9bcb
Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.

tags | exploit, arbitrary, bypass
SHA-256 | 247ebbfbc6e429e14f49ffdb9bfdcf441bfb4a187e2d9cb26ed36d4cf65e0153
MensaMax 4.3 Hardcoded Encryption Key Disclosure
Posted Oct 1, 2018
Authored by Stefan Pietsch

MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.

tags | exploit
advisories | CVE-2018-15752, CVE-2018-15753
SHA-256 | 3cd8065dd48d7d82f5cade11787b7892f6cea9251b6c9ac1fc349fe44dde5884
Red Hat Security Advisory 2018-2837-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2837-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
SHA-256 | e74d8bcfcf3d83f4cc64ded54ba5974e939d23143f7027db028a2743cd8a4a42
Red Hat Security Advisory 2018-2838-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2838-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
SHA-256 | 5d35c1f60c00c2122f1c90ea1e69630df4282cd9ddf9464efeec1a8ea5321850
Ubuntu Security Notice USN-3769-2
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3769-2 - USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled the deny-answer- aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5740
SHA-256 | b94b39b1ba3ac79b894e05fd7aef267282860e81872dcb797c73cd8072c4af1c
Ubuntu Security Notice USN-3773-1
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3773-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16510
SHA-256 | fe56b00a1b6eeb61fda7a2a751ea2567d18ae9a34d5f541116f103936b0481e3
WUZHICMS 2.0 Cross Site Scripting
Posted Oct 1, 2018
Authored by Renzi

WUZHICMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17832
SHA-256 | 8585ecedfca49c937d1f1d111a80fb580399dd1606d4c5e59662886f307d2809
Fork CMS 5.4.0 Cross Site Scripting / HTML Injection
Posted Oct 1, 2018
Authored by Ismail Tasdelen

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17595
SHA-256 | 5cb7c607b86aefe50fa6e7e6d7039efb7db6f355ea24a548b2a16addbe6abb47
WebKitGTK+ / WPE WebKit Code Execution / Assertion Failures
Posted Oct 1, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffers from code execution and assertion vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-4191, CVE-2018-4197, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361
SHA-256 | 074495996da503e304d7d485682ef3659399f18a284e682b03e480a897dd6754
Packet Storm New Exploits For September, 2018
Posted Oct 1, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 213 exploits added to Packet Storm in September, 2018.

tags | exploit
SHA-256 | 73c43d07576417ec5029b5ea5e41d61746c6b6b46ea3292b68f0012f15a5a28b
Zahir Enterprise Plus 6 Build 10b Buffer Overflow
Posted Oct 1, 2018
Authored by modpr0be

Zahir Enterprise Plus 6 build 10b suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6cd7f06f5f8babde60b5020ba2bff8010c6891ee9e61e0a2cdee4f0f7f78d0b1
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close