Twenty Year Anniversary
Showing 1 - 24 of 24 RSS Feed

Files Date: 2018-10-23

Faraday 3.2
Posted Oct 23, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added logical operator AND to status report search. Restkit dependency removed. Improvement on manage.py change-password. Added feature to show only unconfirmed vulns. Added ssl information to manage.py status-check. Updated wpscan plugin to support latest version. Allowed workspace names starting with numbers.
tags | tool, rootkit
systems | unix
MD5 | bead7cdf3cee4c80785604d35f1dbbcc
Ansvif 1.11a
Posted Oct 23, 2018
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This is an initial Android pre-release.
tags | tool, fuzzer
systems | unix
MD5 | 510eb1ca8408cfd8bd44114a6eab915c
Ubuntu Security Notice USN-3799-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-3133, CVE-2018-3156, CVE-2018-3173, CVE-2018-3200, CVE-2018-3277, CVE-2018-3284
MD5 | 9c6341ba7441c72524dd926ae636d826
ServersCheck Monitoring Software 14.3.3 SQL Injection
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18550
MD5 | 5f20210cc21e2f7f7eeba3f2bed4a0d4
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
Posted Oct 23, 2018
Authored by Sergey Gordeychik, Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky

The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.

tags | advisory, remote, spoof, vulnerability, sql injection, file inclusion
advisories | CVE-2012-2104, CVE-2016-4793, CVE-2018-17444, CVE-2018-17445, CVE-2018-17446, CVE-2018-17447, CVE-2018-17448
MD5 | b27e1af5d9f4b9be4c08566bac90e203
Ubuntu Security Notice USN-3788-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-17407
MD5 | 399e1f0d7ad56afe1ef3189f6bf7a64b
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
MD5 | 9d5422023e24d370d36309f152f01b10
CommuniGatePro Pronto Webmail 6.2 Cross Site Scripting
Posted Oct 23, 2018
Authored by Boumediene Kaddour

CommuniGatePro Pronto webmail version 6.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18621
MD5 | 99b80f0c277ceaafb643eb8d2aeb218b
Ubuntu Security Notice USN-3798-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299, CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518
MD5 | bfdc7594d98be96ce72f6fbcd1096bfb
ServersCheck Monitoring Software 14.3.3 Cross Site Scripting
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18551
MD5 | 2073e0a7bf80bbfb06368b74de78f83f
MGB OpenSource Guestbook 0.7.0.2 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

MGB OpenSource Guestbook version 0.7.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 843fcf17a6baad7b6180a019acb2efab
Microsoft Active Directory Federated Services (ADFS) User Enumeration
Posted Oct 23, 2018
Authored by Joshua Platz

Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.

tags | exploit
MD5 | 3c4bec5bac1f0d1cdaef48fbaafa3459
Ubuntu Security Notice USN-3798-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3798-1 - Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299, CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518
MD5 | bec3cbcb9fd27fc7ef0ed57a2e374431
Appsource School Management System 1.0 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

Appsource School Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 22a52ccf83f81c78fd2d7797c5f69108
SIPPTS 1.2.2
Posted Oct 23, 2018
Authored by Pepelux

SIPPTS is a set of tools to audit VoIP servers and devices using the SIP protocol. It is a set of perl scripts that allow you to identify extensions, remotely crack passwords, check for missing authentication to make phone calls, and more.

tags | tool, perl, telephony, protocol
MD5 | 04a6889548bba8328cf1f425eb681298
Ubuntu Security Notice USN-3797-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3797-2 - USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363
MD5 | 2eaab55602b22e543af8069fc04ce99a
ServersCheck Monitoring Software 14.3.3 Arbitrary File Write / DoS
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through suffer from arbitrary file write and denial of service vulnerabilities.

tags | exploit, denial of service, arbitrary, vulnerability
advisories | CVE-2018-18552
MD5 | 7302d602d37c84719c9794dafd55fb00
SIM-PKH 2.4.1 Shell Upload
Posted Oct 23, 2018
Authored by Ihsan Sencan

SIM-PKH version 2.4.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 36310436e663f2db517072a0396e6a67
SIM-PKH 2.4.1 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

SIM-PKH version 2.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 79daf2b42e7e3ee996cc59dfa98a2c73
School ERP Pro+Responsive 1.0 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

School ERP Pro+Responsive version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4214fcc254a0c5be27f8b7216dae577d
School ERP Pro+Responsive 1.0 Arbitrary File Download
Posted Oct 23, 2018
Authored by Ihsan Sencan

School ERP Pro+Responsive version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 00a71e9a375ac7f68fc90d6d53a960c5
Ubuntu Security Notice USN-3797-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3797-1 - Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363
MD5 | a42cb658880aceadf95b91ec149c338a
RootedCON 2019 Call For Papers
Posted Oct 23, 2018
Site rootedcon.com

RootedCON is a technology congress that will be held in Madrid (Spain) March 28th through the 30th, 2019. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.

tags | paper, conference
MD5 | b67951a78d96c7240b5a148775cb8368
Bitdefender GravityZone Installer Signature Bypass / Code Execution
Posted Oct 23, 2018
Authored by Kyriakos Economou | Site labs.nettitude.com

The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.

tags | advisory, code execution
advisories | CVE-2018-8955
MD5 | 70c78d302632054a99a0ec32acfebc2c
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close