Twenty Year Anniversary
Showing 1 - 25 of 26 RSS Feed

Files Date: 2018-10-01

Aircrack-ng Wireless Network Tools 1.4
Posted Oct 1, 2018
Site aircrack-ng.org

aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).

Changes: Added PMKID cracking. Serious speed up and memory usage decrease when loading large files (multiple Gb) using AVL trees. Added hwloc (Hardware Locality) to improve performance. Tons of other additions, fixes, and improvements.
tags | tool, wireless
systems | unix
MD5 | 24e22f6f6eca1e7dc0d203e5719d3e8d
Botan C++ Crypto Algorithms Library 2.8.0
Posted Oct 1, 2018
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Add support for using Apple CommonCrypto library for hashing (GH #1667), cipher modes (GH #1674) and block ciphers (GH #1673). Support for negotiating TLS versions 1.0 and 1.1 is disabled in the default TLS policy. Various other updates.
tags | library
MD5 | aee9efa1c045b8db315c60eeee294828
Billion ADSL Router 400G 20151105641 Cross Site Scripting
Posted Oct 1, 2018
Authored by Cakes

Billion ADSL Router 400G 20151105641 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2826008e75d4ff2ccebcf0b06ed283d0
Flippa Marketplace Clone 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Flippa Marketplace Clone version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 31f599c8c254d1b2ff78601ab5e4289e
Binary MLM Software 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Binary MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9c2df885f296250cbb94200c33d4ff6f
Singleleg MLM Software 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Singleleg MLM Software version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5a55ba90db32ae7221d01ac5dfa8bdca
Education Website 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Education Website version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7d4025423a8f9c6972e2a9bdf7c13d09
Hotel Booking Engine 1.0 SQL Injection
Posted Oct 1, 2018
Authored by Ihsan Sencan

Hotel Booking Engine version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a5fd0336ab78b128bcdfd159d9b22311
H2 Database 1.4.196 Remote Code Execution
Posted Oct 1, 2018
Authored by h4ckNinja

H2 Database version 1.4.196 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 99ca89e7af7c46dcb0aed091b61be0b9
Debian/Ubuntu AppArmor evince Policy Bypass
Posted Oct 1, 2018
Authored by Jann Horn, Google Security Research

The Debian/Ubuntu AppArmor policy for evince in bypassable.

tags | exploit
systems | linux, debian, ubuntu
MD5 | 1b19708e83a1bfd77dfc118b056fc7ee
Ivanti Workspace Control UNC Path Data Security Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, bypass
MD5 | 148e251d9ddfd0423ac5e26fca7cc59a
Ivanti Workspace Control Registry Stored Credentials
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, registry
systems | windows
MD5 | 40fda4c2a16f2e00046340df84539054
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
MD5 | 7ee90d03763dd9d1bf3d0ff765a7bab3
Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.

tags | exploit, arbitrary, bypass
MD5 | 40d40eb07c533689a9146b8d54b35a20
Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.

tags | exploit, arbitrary, bypass
MD5 | 81f68b864a5e934987060adf6222477b
MensaMax 4.3 Hardcoded Encryption Key Disclosure
Posted Oct 1, 2018
Authored by Stefan Pietsch

MensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.

tags | exploit
advisories | CVE-2018-15752, CVE-2018-15753
MD5 | 0dcd056d5e6d9e0809614df5015da39d
Red Hat Security Advisory 2018-2837-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2837-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
MD5 | 9e09c8f83771273500cc9d41fa1d98f5
Red Hat Security Advisory 2018-2838-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2838-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
MD5 | 83bb53084d2d734cdf0373a138ada6da
Ubuntu Security Notice USN-3769-2
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3769-2 - USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled the deny-answer- aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5740
MD5 | 370e86743a28c073a6434d3ab804b00b
Ubuntu Security Notice USN-3773-1
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3773-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16510
MD5 | 66d7dd75858c2507bc4d9c78964b1c62
WUZHICMS 2.0 Cross Site Scripting
Posted Oct 1, 2018
Authored by Renzi

WUZHICMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17832
MD5 | f2315ff642978e331f8ad940643f802e
Fork CMS 5.4.0 Cross Site Scripting / HTML Injection
Posted Oct 1, 2018
Authored by Ismail Tasdelen

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17595
MD5 | 5e01912316465b19e47ec29e5da1b835
WebKitGTK+ / WPE WebKit Code Execution / Assertion Failures
Posted Oct 1, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffers from code execution and assertion vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-4191, CVE-2018-4197, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361
MD5 | ad55a7e2b216d2b0a62e4e888a704435
Packet Storm New Exploits For September, 2018
Posted Oct 1, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 213 exploits added to Packet Storm in September, 2018.

tags | exploit
MD5 | 6fcdf7f31877429ee0a4fe1ca34c4df5
Zahir Enterprise Plus 6 Build 10b Buffer Overflow
Posted Oct 1, 2018
Authored by modpr0be

Zahir Enterprise Plus 6 build 10b suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 940b18da86b7a956a51795fe2948d218
Page 1 of 2
Back12Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close