what you don't know can hurt you
Showing 1 - 25 of 396 RSS Feed

Files Date: 2018-11-01 to 2018-11-30

Moxa NPort W2x50A 2.1 OS Command Injection
Posted Nov 29, 2018
Authored by Maxim Khazov

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-12120, CVE-2018-19660
MD5 | 4436fd2c5b6a885f437d69ae209cde47
knc (Kerberized NetCat) Denial Of Service
Posted Nov 29, 2018
Authored by Imre Rad

knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.

tags | exploit, denial of service, proof of concept
advisories | CVE-2017-9732
MD5 | ae47c891e14b49e09ebf721184f792e1
WordPress Events Calendar Premium 1.0 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress Events Calendar Premium plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | f3e702072e979529dc3907345b7457bb
WordPress WP Complete Backup 3.0.5 Database Backup Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress WP Complete Backup plugin version 3.0.5 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | dd73ad156f43ef09af3bb4d2a2a32995
WordPress Jazzy Forms 1.1.1 Database Backup Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress Jazzy Forms plugin version 1.1.1 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 12c666cf794668e4b6fe0e8d2add465b
WordPress pm_market 1.0 Database Backup Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 51bac4932b0cf408a89137f4250c99c8
WordPress wawp_framework 1.0 Database Backup Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress wawp_framework plugin version 1.0 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 92cbc0dcfc1301b2fb06e6f3f4e4b85e
Wireshark Analyzer 2.6.5
Posted Nov 29, 2018
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5. Multiple vulnerabilities addressed.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
MD5 | e25257d5969705f2a18cae627ed42d80
Gentoo Linux Security Advisory 201811-21
Posted Nov 29, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-0733, CVE-2018-0737, CVE-2018-0739
MD5 | c1102f7b8c5b3ed0dd1aed5afd6d2486
Gentoo Linux Security Advisory 201811-22
Posted Nov 29, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6435, CVE-2014-8118, CVE-2017-7501
MD5 | b2e28734ab3686f7eae98681d8c49d65
WordPress Delme 3.0 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 8404d85fa13089eb806f6fa2ce5f1d34
WordPress user-spam-remover 1.0 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 7bbdba454a9350ef45498ab34b6aeb06
WordPress hwm_board 1.0 Arbitrary File Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | de5315dac2fe55a184fe0c475bb5ecdd
WordPress uploadingdownloading-non-latin-filename 1.1.5 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 4f695ccbfe99f60f3564d648d1aa9840
WordPress sermon-shortcodes 1.0 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | d8b0727cebd739015ee52f559b3bef46
WordPress allow-l10n-upload-filename 1.0 Arbitrary File Download
Posted Nov 29, 2018
Authored by KingSkrupellos

WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 25dcce834cbf081bdc768d8d098efc9d
Joomla Event Booking 3.8.3 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

Joomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | bb30fbb6aae1d5ac7f0b6f40c1c51a6a
Joomla DJ Image Slider 3.2.3 Database Disclosure
Posted Nov 29, 2018
Authored by KingSkrupellos

Joomla DJ Image Slider component version 3.2.3 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 0556d6c09b2008456a6ee26bc3fa6892
CORS Attacks
Posted Nov 29, 2018
Authored by Milad Khoshdel

This whitepaper focuses on attacks related to CORS, or Cross-Origin Resource Sharing.

tags | paper
MD5 | 743e4d930f2e05cb6b00ce0718319b65
Joomla Fabrik 3.9 CSRF / LFI / Shell Upload
Posted Nov 29, 2018
Authored by KingSkrupellos

Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, csrf
MD5 | cee583e8df398e9f206f9451d94be1bd
Unitrends Enterprise Backup bpserverd Privilege Escalation
Posted Nov 28, 2018
Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.

tags | exploit, remote, arbitrary, local, root, protocol, python
systems | linux
advisories | CVE-2018-6329
MD5 | 169be3643a7a30d9a8e1cb203cbc2994
Ubuntu Security Notice USN-3830-1
Posted Nov 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.

tags | advisory, java, vulnerability
systems | linux, ubuntu
MD5 | 7f51527c5d1533a10792a68047cda6da
Debian Security Advisory 4346-1
Posted Nov 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477
MD5 | f89266c182d9b77cb78d4b9d1bb90820
FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
Posted Nov 28, 2018
Authored by Jakub Jirasek | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.

tags | advisory, remote, denial of service, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2018-17157, CVE-2018-17158, CVE-2018-17159
MD5 | c429bab0bdb3143934610a88f982eccd
Htcap Analysis Tool 1.1.0
Posted Nov 28, 2018
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: In this release phantomjs has been replaced by headless chrome (nodejs + puppetter) and the crawl engine has been partially rewritten to take advantage of async/await features available in chrome.
tags | tool, web, javascript, sniffer, python
MD5 | a2f01fa9d4dd9ee08c5e81ce353b8c53
Page 1 of 16
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close