what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2018-11-01

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection
Posted Nov 1, 2018
Authored by LiquidWorm | Site zeroscience.mk

CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. Upon importing, the application will launch Excel program and execute the malicious macro formula.

tags | exploit, arbitrary
SHA-256 | 9934935bc5349b6cebbf4d3fe113a6d562530ce82af94be3a16bcc6ed7017ad7
Download | Favorite | View
Slackware Security Advisory - curl Updates
Posted Nov 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
SHA-256 | 65f4dbc81ad891a30f90da807afd6698f33572afbe3c1ad0ca72642554585a0e
Download | Favorite | View
Google Cardboard Android / iOS Applications Information Disclosure
Posted Nov 1, 2018
Authored by David Coomber | Site info-sec.ca

The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).

tags | advisory, info disclosure
systems | ios
SHA-256 | 42361a507af264ec429f830956d8abdd01925163d38d47dcc127b1fc891edff6
Download | Favorite | View
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
SHA-256 | 32eacd269abd3e89eabbc766ac7946e1762c239c4e1ea7feaf37f59de4e0886f
Download | Favorite | View
Brava! Enterprise / Server 16.4 Information Disclosure
Posted Nov 1, 2018
Authored by Luke Bailiff

Brava! Enterprise and Server components versions 7.5 through 16.4 suffer from a sensitive data exposure vulnerability due to weak permissions.

tags | exploit, info disclosure
SHA-256 | 22ddcecdf678369fce4fd0eec120348fb5cd6c405de17d297ede0c2e352fb5d9
Download | Favorite | View
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
SHA-256 | dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Download | Favorite | View
Packet Storm New Exploits For October, 2018
Posted Nov 1, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 252 exploits added to Packet Storm in October, 2018.

tags | exploit
SHA-256 | 2cdfde44988447d6cb183dd741826624e1b294f18ab4e409ef6ca5f2240763c8
Download | Favorite | View
Artha The Open Thesaurus 1.0.3.0 Denial Of Service
Posted Nov 1, 2018
Authored by Ihsan Sencan

Artha The Open Thesaurus version 1.0.3.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 4cf7eda53e72ff722cef8e3b66039584bc650f6cee02f93e1b4c7e096f65dc11
Download | Favorite | View
WebDrive 18.00.5057 Denial Of Service
Posted Nov 1, 2018
Authored by Victor Mondragon

WebDrive version 18.00.5057 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 0f647243a7a443c8d4ebfdf161b9b82a659bb854d5df8201be399f82f4804f4f
Download | Favorite | View
Arm Whois 3.11 Denial Of Service
Posted Nov 1, 2018
Authored by Yair Rodriguez Aparicio

Arm Whois version 3.11 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a07509b584c200cf3ce7ed1d55d762c4cd6c02aff98ce2b08e7bb8de57adcd53
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close