exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2018-11-05

SQLMAP - Automatic SQL Injection Tool 1.2.11
Posted Nov 5, 2018
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | a9d7bfaaf92f19c1ed60b95a08605587d7c898a4d417af93dce53aef37b14ae0
TOR Virtual Network Tunneling Tool 0.3.4.9
Posted Nov 5, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.4.9 is the second stable release in its series. It backports numerous fixes, including a fix for a bandwidth management bug that was causing memory exhaustion on relays. Anyone running an earlier version of Tor 0.3.4.9 should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 1a171081f02b9a6ff9e28c0898defb7670e5bbb3bdbcaddfcf4e4304aedd164a
Ubuntu Security Notice USN-3807-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3807-1 - Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
SHA-256 | 1672bb9fbccc6d9a67d8cc1843252d71333c8f230d66040bb5bbbb3f13136bd9
Morris Worm sendmail Debug Mode Shell Escape
Posted Nov 5, 2018
Authored by wvu, Robert Tappan Morris, Cliff Stoll | Site metasploit.com

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.

tags | exploit, worm, shell
systems | unix
SHA-256 | 1a4e5d53d0016bdb16eb6f683c07b76aba09a90bfa3bac11eb076eeaae1e53ef
blueimp jQuery Arbitrary File Upload
Posted Nov 5, 2018
Authored by Larry W. Cashdollar, wvu, Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability. This vulnerability has been exploited in the wild since at least 2015 and was publicly disclosed to the vendor in 2018. It has been present since the .htaccess change in Apache 2.3.9. This Metasploit module provides a generic exploit against the jQuery widget.

tags | exploit, arbitrary, php, file upload
advisories | CVE-2018-9206
SHA-256 | d34fb14aa9b4338617c18788b969d61c2e2bb73edfa259074f37f0336142d5c4
Morris Worm fingerd Stack Buffer Overflow
Posted Nov 5, 2018
Authored by wvu, Robert Tappan Morris, Cliff Stoll | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.

tags | exploit, worm, overflow
SHA-256 | 5f407350c1d9280dd4c5077754d558bd32be9404ebe5f76676b4a472abb2658d
Red Hat Security Advisory 2018-3470-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3470-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-10858, CVE-2018-10873, CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661
SHA-256 | 9e8155ff0d32478283821315ef01b373ffb94a7f3e9c04679d7c9bfd1ff773d5
Voovi Social Networking Script 1.0 SQL Injection
Posted Nov 5, 2018
Authored by Ihsan Sencan

Voovi Social Networking Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f0128d91339dcb1d04443269eb6a3215882d95f15112863f14f727f018d20927
Red Hat Security Advisory 2018-3500-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3500-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a buffer over-read vulnerability.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
SHA-256 | 0d5f60c494cc3604270bf4eaaf205f10c2b734964f2470dcd3070fb4057fce86
CMS Made Simple 2.2.7 Remote Code Execution
Posted Nov 5, 2018
Authored by Lucian Ioan Nitescu

CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-10517
SHA-256 | e30f665c7a1302099ce1c4a4bf718d695d37f2d86f461be39a21d97d6cc215c3
Microsoft Security Bulletin CVE Revision Increment For November, 2018
Posted Nov 5, 2018
Site microsoft.com

This Microsoft bulletin summary lists CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2018-8427, CVE-2018-8432
SHA-256 | 1c997eefe07f343e4712019c94452ef9d4211e64a50c53e1dcbf0f5060e96498
Ubuntu Security Notice USN-3806-1
Posted Nov 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3806-1 - Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15688
SHA-256 | 6d13a38ec3abb0e91c22eac28ed96584407b6677a1bca9ab9e9cd4ddac837b0c
PHP Proxy 3.0.3 Local File Inclusion
Posted Nov 5, 2018
Authored by Ozkan Mustafa Akkus

PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
SHA-256 | dffb16fd5dcca96ba5c62bd762844e37e240a8911e5830318f355543e1b23cce
CentOS Web Panel 0.9.8.740 Root Account Takeover / Command Execution
Posted Nov 5, 2018
Authored by Numan OZDEMIR

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.

tags | exploit, remote, web, vulnerability, code execution, xss, csrf
systems | linux, centos
advisories | CVE-2018-18772, CVE-2018-18773, CVE-2018-18774
SHA-256 | 5a8b5c22b6f88d4b23b7a0d7443350b170fd00adeeb921e879705dd19fe1cdd5
Red Hat Security Advisory 2018-3466-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-1000544
SHA-256 | 5598621deef059703cd9fbb8a0f15cba0a7fbdec712ed1910dcded698d246f26
Mongo Web Admin 6.0 Information Disclosure
Posted Nov 5, 2018
Authored by Ihsan Sencan

Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.

tags | exploit, web, info disclosure
SHA-256 | c5e83e4d632eb4ecdf7f9534db18247f1f4023aef92c224a8d390573271de393
Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference
Posted Nov 5, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.

tags | exploit
SHA-256 | 8ca11f831d3820d1e2339af6e707d00282811fa4d36b64506d31c2b57b55f2ff
QBee Camera / iSmartAlarm Credential Disclosure
Posted Nov 5, 2018
Authored by Francesco Servida

Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.

tags | advisory, tcp, info disclosure
advisories | CVE-2018-16222, CVE-2018-16223, CVE-2018-16224
SHA-256 | d563070f90b89436eb2c6f216fcab2f75a1e9b175eab98ac4ca00e526a5582cf
Poppy Web Interface Generator 0.8 Shell Upload
Posted Nov 5, 2018
Authored by Ihsan Sencan

Poppy Web Interface Generator version 0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
SHA-256 | 077897c8fd808b60282ea8e15bbee367aa94c4a6e2099d20c298453f0016fa59
Red Hat Security Advisory 2018-3463-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3463-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
SHA-256 | 650cc5315ccc3572e4d6d59101aab66a9452c810c6438274c95814e1900f1b0e
Vigin Media Hub 3.0 Denial Of Service
Posted Nov 5, 2018
Authored by Ross Inman

Virgin Media Hub version 3.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | add8681e43a28798bae5acfabda6890368cca92703d076779185d29568b13f6f
WebVet 0.1a SQL Injection
Posted Nov 5, 2018
Authored by Ihsan Sencan

WebVet version 0.1a suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f586c0d26d82a89f58b8dcd7cd412986c57964013e15dd45971a4226b4f8e032
Red Hat Security Advisory 2018-3461-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3461-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability. m

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
SHA-256 | f5964e0831c98e55dd590e18d941c2549dccc4c57b5090895a9215207d0f26d5
Advantech WebAccess SCADA 8.3.2 Remote Code Execution
Posted Nov 5, 2018
Authored by Chris Lyne

Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-15705, CVE-2018-15707
SHA-256 | 54655f065e3a495129a4eb8059227b2933475527411c65bf1abae23771430c88
Red Hat Security Advisory 2018-3462-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3462-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2018-16837
SHA-256 | 3a1e4a003455bc9744f0cfef7e2f6dda0966b038420f4b2e8e199c186b65f635
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close