exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-10-04

D-Link Central WiFiManager Software Controller Code Execution / XSS
Posted Oct 4, 2018
Authored by Core Security Technologies, Julian Munoz | Site coresecurity.com

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2018-17440, CVE-2018-17441, CVE-2018-17442, CVE-2018-17443
SHA-256 | 0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115
Ubuntu Security Notice USN-3783-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3783-1 - Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-11763, CVE-2018-1302, CVE-2018-1333
SHA-256 | 0bf160359c3f6f2882ea37edf08dbc0e4c246a9e6f1220def36a082123ead78a
Debian Security Advisory 4310-1
Posted Oct 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12386, CVE-2018-12387
SHA-256 | edbb1cf8b0b9f5831faa87650ee6af1af53f44820683e261ff3597ceb64387f1
Ubuntu Security Notice USN-3778-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2018-12385, CVE-2018-12386, CVE-2018-12387
SHA-256 | a69ab9fe6502be4b61f6561f6d0e2050616a619735003e0abb30915f7a0370a6
VMware Security Advisory 2018-0024
Posted Oct 4, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0024 - VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-6979
SHA-256 | 70016a84f7fc8db00f6df3e3fc7ea2a353556b33ea46d1a8c03e856269049083
ISPConfig Remote Command Execution
Posted Oct 4, 2018
Authored by 0x09AL

ISPConfig versions prior to 3.1.13 remote command execution exploit.

tags | exploit, remote
SHA-256 | d902a9faac34d18db1b38cc1c7a892978938df551e5cee83434451d9425ce20d
Intel ME Manufacturing Mode Detection Tools
Posted Oct 4, 2018
Authored by Dmitry Sklyarov, Maxim Goryachy, Mark Ermolov | Site ptsecurity.com

Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take advantage of. When Manufacturing Mode is enabled, Intel ME allows execution of the command which makes the ME region writable via the SPI controller built into the motherboard. The ability to run code and send commands to Intel ME on the attacked system allows the attacker to rewrite the Intel ME firmware onto another version. So the attacker is able to deploy the firmware which is vulnerable to INTEL-SA-00086 and execute arbitrary code on Intel ME even if the system is patched. This archive contains Python 2.7 scripts for checking the state of the Intel ME Manufacturing Mode.

tags | tool, arbitrary, scanner, python
systems | unix
advisories | CVE-2018-4251
SHA-256 | 235b70227bc92b3231532b82cf626382fd758eae4bb791331c523d42092038ba
WordPress Pie Register 3.0.15 Cross Site Scripting
Posted Oct 4, 2018
Authored by Socket_0x03

WordPress Pie Register plugin version 3.0.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1053dc48ecf443c8439938d702310bcc74cfe8131561cf323ad3d1c31d8388e5
virtualenv 16.0.0 Sandbox Escape
Posted Oct 4, 2018
Authored by vr_system

virtualenv version 16.0.0 suffers from a sandbox escape vulnerability.

tags | exploit
advisories | CVE-2018-17793
SHA-256 | 8e6afdc890adccf233c505e364f3e3fada6f261e38532e5a1abe218e65d28b5a
NICO-FTP 3.0.1.19 SEH Buffer Overflow
Posted Oct 4, 2018
Authored by Miguel Mendez Z

NICO-FTP version 3.0.1.19 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 46ed36dcfa5dc91a84088309aee7e9990071028b3e39d8631d538881729b005d
LayerBB Forum 1.1.1 SQL Injection
Posted Oct 4, 2018
Authored by Ihsan Sencan

LayerBB Forum version 1.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ad0b4e2ca43960090253d92fed5d05123ff53fcfa9dc273f3c958c5203a88554
Linux/x86 execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode
Posted Oct 4, 2018
Authored by Pedro Cabral

50 bytes small Linux/x86 execve(/bin/sh) + NOT +SHIFT-N+ XOR-N encoded shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | f7dd96eaac3df037d071ccc666a335af92f650a8694889a5fa81475074f97603
Ubuntu Security Notice USN-3785-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, memory leak
systems | linux, ubuntu
advisories | CVE-2018-14434, CVE-2018-14437, CVE-2018-14551, CVE-2018-16323, CVE-2018-16640, CVE-2018-16642, CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749, CVE-2018-16750
SHA-256 | 7f60cc2951e68a53904d590ddb4ab1b7e34891df9af3e2b779af6f1e5852a37e
Ubuntu Security Notice USN-3784-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3784-1 - As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files.

tags | advisory
systems | linux, ubuntu
SHA-256 | 42e7701d35e91ccf63b09f590147af231dc2559f0d994898106784abe916ba39
Photo Nettoyeur 1.4.5 Insecure File Permission
Posted Oct 4, 2018
Authored by ZwX

Photo Nettoyeur version 1.4.5 suffers from an insecure file permission vulnerability.

tags | exploit
SHA-256 | 7e49670fd6392daab7eb415ad0b29ec24e231799756673f9de74c83502e5c152
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close