exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2018-10-23

Faraday 3.2
Posted Oct 23, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added logical operator AND to status report search. Restkit dependency removed. Improvement on manage.py change-password. Added feature to show only unconfirmed vulns. Added ssl information to manage.py status-check. Updated wpscan plugin to support latest version. Allowed workspace names starting with numbers.
tags | tool, rootkit
systems | unix
SHA-256 | 4d83dd2cb588186032dc024e4d9adfb8b6c6e6badf4d60e6ec4228200b4eadf4
Ansvif 1.11a
Posted Oct 23, 2018
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This is an initial Android pre-release.
tags | tool, fuzzer
systems | unix
SHA-256 | 7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244ba
Ubuntu Security Notice USN-3799-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3799-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-3133, CVE-2018-3156, CVE-2018-3173, CVE-2018-3200, CVE-2018-3277, CVE-2018-3284
SHA-256 | 373176b69d28c5401867b4f69957eb471b3dcf79c5540b6ef157d1da8944e3ac
ServersCheck Monitoring Software 14.3.3 SQL Injection
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18550
SHA-256 | b267f07255ac1f9527b94b152495c2752caa4c5090beb524c804d4da1757120b
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
Posted Oct 23, 2018
Authored by Sergey Gordeychik, Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky

The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.

tags | advisory, remote, spoof, vulnerability, sql injection, file inclusion
advisories | CVE-2012-2104, CVE-2016-4793, CVE-2018-17444, CVE-2018-17445, CVE-2018-17446, CVE-2018-17447, CVE-2018-17448
SHA-256 | e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870
Ubuntu Security Notice USN-3788-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3788-2 - USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-17407
SHA-256 | 2d47b8bdf8609bcc81a667f1522f2669d082a623dae2f92d06e0b23cbe237c2e
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
SHA-256 | 769cc3a35204cab453698f34a6b0570d79e3ff0a88450698a2577c0e6fc6a664
CommuniGatePro Pronto Webmail 6.2 Cross Site Scripting
Posted Oct 23, 2018
Authored by Boumediene Kaddour

CommuniGatePro Pronto webmail version 6.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18621
SHA-256 | a535a63c85dc9cfff4acf85a2aa9f680d4de5f3f74f0f55765388bb0812e708d
Ubuntu Security Notice USN-3798-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3798-2 - USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299, CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518
SHA-256 | fd020e9154c2daad496c63782c19bbe804be952aa986f8f81262d8b5a00966e9
ServersCheck Monitoring Software 14.3.3 Cross Site Scripting
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18551
SHA-256 | f72e50d49c38f1006ec46a87b034d9463e5d15724a14d0dd13e5b11b88e2ed16
MGB OpenSource Guestbook 0.7.0.2 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

MGB OpenSource Guestbook version 0.7.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 58a47c1a4b51e7cc54fa29393ec63e4f2e29fe080bea156021641e14cdcf90f3
Microsoft Active Directory Federated Services (ADFS) User Enumeration
Posted Oct 23, 2018
Authored by Joshua Platz

Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.

tags | exploit
SHA-256 | b3eae50ee8fce1eb1e74559f4e6977c7d9770c9481f60f81641dd138862d381c
Ubuntu Security Notice USN-3798-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3798-1 - Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299, CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518
SHA-256 | 99fd6b610927b5b8387a7632ff8dda5701451a4843acca90e6d3e48acd81d539
Appsource School Management System 1.0 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

Appsource School Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 20c763e9dce88a46c6702b4fd1be556e7540f0cfef7110f6b631798ea30f184d
SIPPTS 1.2.2
Posted Oct 23, 2018
Authored by Pepelux

SIPPTS is a set of tools to audit VoIP servers and devices using the SIP protocol. It is a set of perl scripts that allow you to identify extensions, remotely crack passwords, check for missing authentication to make phone calls, and more.

tags | tool, perl, telephony, protocol
SHA-256 | 3b3b1fe11ef018073d9b9a1c65106f80b2f32f55cf4755c36a56b598a19853c2
Ubuntu Security Notice USN-3797-2
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3797-2 - USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363
SHA-256 | fcfe969ee2f2de30c48af096d0d90e976029649357ff3de4385bb752f9ff023a
ServersCheck Monitoring Software 14.3.3 Arbitrary File Write / DoS
Posted Oct 23, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

ServersCheck Monitoring Software versions up through suffer from arbitrary file write and denial of service vulnerabilities.

tags | exploit, denial of service, arbitrary, vulnerability
advisories | CVE-2018-18552
SHA-256 | 4ebead7b46a1d1e991394ad4c30c83330e9888c182a2de36c0ae44b6fcbbb87f
SIM-PKH 2.4.1 Shell Upload
Posted Oct 23, 2018
Authored by Ihsan Sencan

SIM-PKH version 2.4.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | a484687a4acfa5a267e0dc6d475f82085f26a85fa66fa1d3c43ff891fde90d64
SIM-PKH 2.4.1 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

SIM-PKH version 2.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2cfed2b6036be41f70cbed5de0919e179e4a0173108f8768c2fef72a45d53588
School ERP Pro+Responsive 1.0 SQL Injection
Posted Oct 23, 2018
Authored by Ihsan Sencan

School ERP Pro+Responsive version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d6108a386efcfc3a13be29e5e18dfcbc039b3d8f1b425d438bef860adbbe8a76
School ERP Pro+Responsive 1.0 Arbitrary File Download
Posted Oct 23, 2018
Authored by Ihsan Sencan

School ERP Pro+Responsive version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | f453c3b6b1968d9387c3d915233e2898c47d4bb03dee93f785faaf4332d63d2f
Ubuntu Security Notice USN-3797-1
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3797-1 - Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service. It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363
SHA-256 | 238ceea5929a80898d5da54f43ed9ee667e49e84560780dbb617b5dff7489b20
RootedCON 2019 Call For Papers
Posted Oct 23, 2018
Site rootedcon.com

RootedCON is a technology congress that will be held in Madrid (Spain) March 28th through the 30th, 2019. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.

tags | paper, conference
SHA-256 | 79d3a588434e8b0b88328b69198a6e5e0502a02704835ba28667f4ee4e5ef676
Bitdefender GravityZone Installer Signature Bypass / Code Execution
Posted Oct 23, 2018
Authored by Kyriakos Economou | Site labs.nettitude.com

The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.

tags | advisory, code execution
advisories | CVE-2018-8955
SHA-256 | fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close