exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2018-12-04

HP Intelligent Management Java Deserialization Remote Code Execution
Posted Dec 4, 2018
Authored by mr_me, Carsten MaartmannMoe | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

tags | exploit, remote, arbitrary, tcp
advisories | CVE-2017-12557
SHA-256 | d80500f62044dc3f7dc37c282b30194790326326fe1303d664ec78ee54518ad4
Emacs movemail Privilege Escalation
Posted Dec 4, 2018
Authored by wvu, Cliff Stoll, Markus Hess | Site metasploit.com

This Metasploit module exploits a SUID installation of the Emacs movemail utility to run a command as root by writing to 4.3BSD's /usr/lib/crontab.local. The vulnerability is documented in Cliff Stoll's book The Cuckoo's Egg.

tags | exploit, local, root
SHA-256 | 9a45ef7c2c0d7e05f3ad54afa5cf8a4f5e411cdd781a161604fbfb0258e39186
Hashcat Advanced Password Recovery 5.1.0 Source Code
Posted Dec 4, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Added new options and hash modes. Various other fixes and improvements.
tags | tool, cracker
systems | unix
SHA-256 | 283beaa68e1eab41de080a58bb92349c8e47a2bb1b93d10f36ea30f418f1e338
Hashcat Advanced Password Recovery 5.1.0 Binary Release
Posted Dec 4, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Added many new options and hash modes. Various other fixes and improvements.
tags | tool, cracker
SHA-256 | d3b98f183be2b676d1d9734ac40d80b79e9b53fac32045636682ca10970c8edb
Clam AntiVirus Toolkit 0.101.0
Posted Dec 4, 2018
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.101.0 is a feature release with an assortment of improvements that they authors have cooked up over the past 6 months.
tags | tool, virus
systems | unix
SHA-256 | f12a5ad86bc4e0bde6cad2d30c49c7daab184cba7ce631909434b5d9533a5ad2
NEC Univerge Sv9100 WebPro 6.00.00 Predictable Session ID / Cleartext Passwords
Posted Dec 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-11741, CVE-2018-11742
SHA-256 | a98260d96973f77023baa2984d22f2c53c26e72d88408163fbadc069bbb33da3
CubeCart 6.2.2 Cross Site Scripting
Posted Dec 4, 2018
Authored by Zekvan Arslan | Site netsparker.com

CubeCart version 6.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20703
SHA-256 | 2f559e05f4904615335fce184135337b0008141c5e384fedc121032b0dca9264
FreshRSS 1.11.1 Cross Site Scripting
Posted Dec 4, 2018
Authored by Omar Kurt | Site netsparker.com

FreshRSS version 1.11.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19782
SHA-256 | 0a8b9cb9503f9da864c10c7b265beceb73eeafd5015654419b4bd75d732eefb9
Joomla! JE Photo Gallery 1.1 SQL Injection
Posted Dec 4, 2018
Authored by Ihsan Sencan

Joomla! JE Photo Gallery component version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 28a21ea52a87a4c4cbd63523b900d993bd1a8bcb09e6536dea55102c2e62ab5a
PHP Server Monitor 3.3.1 Cross Site Request Forgery
Posted Dec 4, 2018
Authored by Javier Olmedo

PHP Server Monitor version 3.3.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
SHA-256 | d94289a27ecb3b1982a623c3c4d56b22d7b8c406405a0a88642bf566b1b57e03
Apache Superset 0.23 Remote Code Execution
Posted Dec 4, 2018
Authored by David May

Apache Superset version 0.23 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-8021
SHA-256 | 6269d36c1d5a537811baefe01271be9fbe27687ebae84b1544e4aae784b06c32
PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure
Posted Dec 4, 2018
Authored by ParagonSec

PaloAlto Networks Expedition Migration Tool version 1.0.106 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | f24c7c978f7320bb915189b7d445fdafb8a66dd4274c40db4e41a3cfebe3caa6
Rockwell Automation Allen-Bradley PowerMonitor 1000 XSS
Posted Dec 4, 2018
Authored by Luca.Chiou

Rockwell Automation Allen-Bradley PowerMonitor 1000 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 579a0c34c622de04394e6d8a9e45c4d4650ab4393f5e5b1ea84531f0e8f66826
Fleetco Fleet Maintenance Management 1.2 Remote Code Execution
Posted Dec 4, 2018
Authored by Ozkan Mustafa Akkus

Fleetco Fleet Maintenance Management version 1.2 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | b70ed3fd76e400e64cbe5dd15879c1855143faaaaf77616cb76e7a9524963a01
Red Hat Security Advisory 2018-3761-01
Posted Dec 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3761-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include an incomplete fix for CVE-2018-16509.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-16863
SHA-256 | cb321dd31dcd45f0ecfbc84a0c293bb113016a9ba1f0ebe93498055a70f89b5c
Red Hat Security Advisory 2018-3760-01
Posted Dec 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3760-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-16509
SHA-256 | c0b5e2769486069d204e50f7e3f88899e3ecec392143407a2813ee619249a793
Ubuntu Security Notice USN-3836-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3836-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
SHA-256 | 381aa075aa2708693455c43a91237a24db2a3c496d9a9b5a2b1927429cfebeb4
Ubuntu Security Notice USN-3835-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3835-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
SHA-256 | 0d98e117a7daeada246e248b8dd8991176e44f3691e448cdd5919caf358556aa
WordPress cart66 cart66-lite 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress cart66 cart66-lite plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | ee8f531b759db2ee80fc7042686ab12d557f651f4cf9e44d8cb49c029e2daf8d
WordPress zerotolaunch 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress zerotolaunch plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | f8f5cef6c549813c211de841059f21aab347f95e2a2b6ccf12c265800b48c58b
WordPress wp-contactpage-designer 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress wp-contactpage-designer plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | db14c0b13112b3acfe40e657e26c6830ce9b924516c21dde3f3b229924e2ca04
WordPress rss-feed-post-generator-echo 1.0.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress rss-feed-post-generator-echo plugin version 1.0.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 0494a60b430468fb725d88318192870b903d034fe273171e509ee9f697b17b8d
WordPress BlackHawk 1.0 Open Redirection
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress BlackHawk theme version 1.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 89fe061d85b8251dcb656a3950fbece58a04bad1e156686ec04cbff5cb930c1f
WordPress BackWpUP 3.6.6 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress BackWpUP plugin version 3.6.6 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | d3484d28815bd05fac8a270ba486046035d991e7aa7ce3246f84586b05defb55
KC GRUP Web Design 1.0 SQL Injection
Posted Dec 4, 2018
Authored by KingSkrupellos

KC GRUP Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | c1a289d2cefca352a53ba3b71f5f5957fe0bd6368b177aa249d197e6da79c5ad
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close