what you don't know can hurt you
Showing 1 - 25 of 40 RSS Feed

Files Date: 2018-12-04

HP Intelligent Management Java Deserialization Remote Code Execution
Posted Dec 4, 2018
Authored by mr_me, Carsten MaartmannMoe | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

tags | exploit, remote, arbitrary, tcp
advisories | CVE-2017-12557
MD5 | 7f78f8ca23ae637a5eaf4c38011cf48c
Emacs movemail Privilege Escalation
Posted Dec 4, 2018
Authored by wvu, Cliff Stoll, Markus Hess | Site metasploit.com

This Metasploit module exploits a SUID installation of the Emacs movemail utility to run a command as root by writing to 4.3BSD's /usr/lib/crontab.local. The vulnerability is documented in Cliff Stoll's book The Cuckoo's Egg.

tags | exploit, local, root
MD5 | 20bfe67322d67a400db20aaa251d6ccc
Hashcat Advanced Password Recovery 5.1.0 Source Code
Posted Dec 4, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Added new options and hash modes. Various other fixes and improvements.
tags | tool, cracker
systems | unix
MD5 | 59542bf01a07362a90de069ca562ab49
Hashcat Advanced Password Recovery 5.1.0 Binary Release
Posted Dec 4, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Added many new options and hash modes. Various other fixes and improvements.
tags | tool, cracker
MD5 | 0c9f137773ff425f167b1a10a2c3589b
Clam AntiVirus Toolkit 0.101.0
Posted Dec 4, 2018
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.101.0 is a feature release with an assortment of improvements that they authors have cooked up over the past 6 months.
tags | tool, virus
systems | unix
MD5 | 47c36d13ac814b9e29ed6f5fc1691373
NEC Univerge Sv9100 WebPro 6.00.00 Predictable Session ID / Cleartext Passwords
Posted Dec 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NEC Univerge Sv9100 WebPro version 6.00.00 suffers from predictable session identifiers and cleartext password vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-11741, CVE-2018-11742
MD5 | 9a52c2a9711824e6df44c4ff715eb9fd
CubeCart 6.2.2 Cross Site Scripting
Posted Dec 4, 2018
Authored by Zekvan Arslan | Site netsparker.com

CubeCart version 6.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20703
MD5 | 13df42f158ae9adc762b83e8aac3e65b
FreshRSS 1.11.1 Cross Site Scripting
Posted Dec 4, 2018
Authored by Omar Kurt | Site netsparker.com

FreshRSS version 1.11.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19782
MD5 | 74bc777ad5c2752f2c91b4ea6f5d5585
Joomla! JE Photo Gallery 1.1 SQL Injection
Posted Dec 4, 2018
Authored by Ihsan Sencan

Joomla! JE Photo Gallery component version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 88144fa68a6daaa6a041b5e07e3f3259
PHP Server Monitor 3.3.1 Cross Site Request Forgery
Posted Dec 4, 2018
Authored by Javier Olmedo

PHP Server Monitor version 3.3.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | 5fe1c2f708db2fb89bc73606a4894920
Apache Superset 0.23 Remote Code Execution
Posted Dec 4, 2018
Authored by David May

Apache Superset version 0.23 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-8021
MD5 | 305275d8190fc1d2cd63df2160eca91c
PaloAlto Networks Expedition Migration Tool 1.0.106 Information Disclosure
Posted Dec 4, 2018
Authored by ParagonSec

PaloAlto Networks Expedition Migration Tool version 1.0.106 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
MD5 | fe6d82a5c286b194a8285c734115a375
Rockwell Automation Allen-Bradley PowerMonitor 1000 XSS
Posted Dec 4, 2018
Authored by Luca.Chiou

Rockwell Automation Allen-Bradley PowerMonitor 1000 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | add03ab90e2fd130faf17e8ef54767ab
Fleetco Fleet Maintenance Management 1.2 Remote Code Execution
Posted Dec 4, 2018
Authored by Ozkan Mustafa Akkus

Fleetco Fleet Maintenance Management version 1.2 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 9eb9d36947ca1f5f850e77fa55b31d58
Red Hat Security Advisory 2018-3761-01
Posted Dec 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3761-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include an incomplete fix for CVE-2018-16509.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-16863
MD5 | fab247575af157a9aa42cb53ef3cd5b0
Red Hat Security Advisory 2018-3760-01
Posted Dec 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3760-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-16509
MD5 | aae7b665d40c5fe9ba0152475b374da5
Ubuntu Security Notice USN-3836-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3836-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
MD5 | 158521f793a16089323ee0be9c6ad5ce
Ubuntu Security Notice USN-3835-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3835-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
MD5 | 797f806913c130a0d4051adda370818d
WordPress cart66 cart66-lite 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress cart66 cart66-lite plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d65921f894f19496031d5e0f755c0975
WordPress zerotolaunch 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress zerotolaunch plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | f882b10411cfa34c9507851fa9b9b1f3
WordPress wp-contactpage-designer 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress wp-contactpage-designer plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | cc2276414ca172ae00efcb637b60a0c4
WordPress rss-feed-post-generator-echo 1.0.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress rss-feed-post-generator-echo plugin version 1.0.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 70dee63e933f4d0241390d46c548331d
WordPress BlackHawk 1.0 Open Redirection
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress BlackHawk theme version 1.0 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 8637148cf6e7634da3d020391c1054f2
WordPress BackWpUP 3.6.6 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress BackWpUP plugin version 3.6.6 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 9bc78c5d302dc148f194ba711d57e72e
KC GRUP Web Design 1.0 SQL Injection
Posted Dec 4, 2018
Authored by KingSkrupellos

KC GRUP Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 4a961ba375685bf4edbb7386d1990d4e
Page 1 of 2
Back12Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    7 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close