Twenty Year Anniversary
Showing 1 - 25 of 32 RSS Feed

Files Date: 2018-11-05

SQLMAP - Automatic SQL Injection Tool 1.2.11
Posted Nov 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 5fdd5bb9be166686620512abe0f11658
TOR Virtual Network Tunneling Tool 0.3.4.9
Posted Nov 5, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.4.9 is the second stable release in its series. It backports numerous fixes, including a fix for a bandwidth management bug that was causing memory exhaustion on relays. Anyone running an earlier version of Tor 0.3.4.9 should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 8a303c7c2491cd27b1646f6efdc4a5d0
Ubuntu Security Notice USN-3807-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3807-1 - Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 7090d9f77e278da5d5637637cbc3037c
Morris Worm sendmail Debug Mode Shell Escape
Posted Nov 5, 2018
Authored by wvu, Robert Tappan Morris, Cliff Stoll | Site metasploit.com

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.

tags | exploit, worm, shell
systems | unix
MD5 | 916044331d126eab8e387612884dc927
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
MD5 | dc66674939d313842bacc7cddcbdd16c
Morris Worm fingerd Stack Buffer Overflow
Posted Nov 5, 2018
Authored by wvu, Robert Tappan Morris, Cliff Stoll | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.

tags | exploit, worm, overflow
MD5 | ed1eb77912bc6cc0c8fcd9813c7bc2b6
Red Hat Security Advisory 2018-3470-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-10858, CVE-2018-10873, CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661
MD5 | 63c838780096bd8787d4d61edcc97a96
Voovi Social Networking Script 1.0 SQL Injection
Posted Nov 5, 2018
Authored by Ihsan Sencan

Voovi Social Networking Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 21fa2251f9c25c90d8e7a2c7a2dd9a48
Red Hat Security Advisory 2018-3500-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3500-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a buffer over-read vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
MD5 | 86abc3e451b118488a62522bda270260
CMS Made Simple 2.2.7 Remote Code Execution
Posted Nov 5, 2018
Authored by Lucian Ioan Nitescu

CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-10517
MD5 | 95bdf9a227120d10805c8f1a40f72d42
Microsoft Security Bulletin CVE Revision Increment For November, 2018
Posted Nov 5, 2018
Site microsoft.com

This Microsoft bulletin summary lists CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2018-8427, CVE-2018-8432
MD5 | bd74e70fe5fc8653f0c39b22b36abbdd
Ubuntu Security Notice USN-3806-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3806-1 - Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
MD5 | 35680bf8b4d43558d98d86f89f440cf6
PHP Proxy 3.0.3 Local File Inclusion
Posted Nov 5, 2018
Authored by Ozkan Mustafa Akkus

PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
MD5 | 87c29784be880e65ee17bc44869c13be
CentOS Web Panel 0.9.8.740 Root Account Takeover / Command Execution
Posted Nov 5, 2018
Authored by Numan OZDEMIR

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.

tags | exploit, remote, web, vulnerability, code execution, xss, csrf
systems | linux, centos
advisories | CVE-2018-18772, CVE-2018-18773, CVE-2018-18774
MD5 | 4423810363465943242d5484d215e474
Red Hat Security Advisory 2018-3466-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-1000544
MD5 | c8fd9daeba7ca15104e6c47fe5878c20
Mongo Web Admin 6.0 Information Disclosure
Posted Nov 5, 2018
Authored by Ihsan Sencan

Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.

tags | exploit, web, info disclosure
MD5 | eece1ca5b96e7fa9c81d88136d34a031
Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference
Posted Nov 5, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.

tags | exploit
MD5 | 25fc4b591fd4c93897c9727e2564bf0f
QBee Camera / iSmartAlarm Credential Disclosure
Posted Nov 5, 2018
Authored by Francesco Servida

Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.

tags | advisory, tcp, info disclosure
advisories | CVE-2018-16222, CVE-2018-16223, CVE-2018-16224
MD5 | d1ee6a56a2f2111ec9deee9f74a7989d
Poppy Web Interface Generator 0.8 Shell Upload
Posted Nov 5, 2018
Authored by Ihsan Sencan

Poppy Web Interface Generator version 0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
MD5 | eca601b2e8566420184951b2fc2bb286
Red Hat Security Advisory 2018-3463-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3463-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | 3b32d784757531f94cee253144a6bb11
Vigin Media Hub 3.0 Denial Of Service
Posted Nov 5, 2018
Authored by Ross Inman

Virgin Media Hub version 3.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | c9d1f34eb28a7e6afb733a68bb904ed2
WebVet 0.1a SQL Injection
Posted Nov 5, 2018
Authored by Ihsan Sencan

WebVet version 0.1a suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 60fcd1d36927a55c5aca7ee2eb1c29b2
Red Hat Security Advisory 2018-3461-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3461-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability. m

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | 22baaf41373533f294edce75a9651914
Advantech WebAccess SCADA 8.3.2 Remote Code Execution
Posted Nov 5, 2018
Authored by Chris Lyne

Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-15705, CVE-2018-15707
MD5 | 727aaf04dd2f0fb7bd5914eeb8b226cf
Red Hat Security Advisory 2018-3462-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3462-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
MD5 | cff9950ad386d883ba3b64759ae0c76a
Page 1 of 2
Back12Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close