what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2019-01-07

Clam AntiVirus Toolkit 0.101.1
Posted Jan 7, 2019
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 specifically for developers that depend on libclamav.
tags | tool, virus
systems | unix
MD5 | 9c137d6172f6e132e08e61fe25b636f8
SQLMAP - Automatic SQL Injection Tool 1.3
Posted Jan 7, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 1a3875f12c086f1c3924014c72cdc928
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, javascript, xss, file upload
MD5 | c29aaada51feda9d709457babad0536e
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | a2b93d0ff2e78ec2b0c4b4e70abb218f
cryptmount Filesystem Manager 5.3.1
Posted Jan 7, 2019
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Fixed memory cleanup error on closedown when using multiple targets. Fixed memory cleanup error on closedown when using multiple targets.
tags | tool, kernel, encryption
systems | linux, unix
MD5 | 7c6d76adbd6bd418a0d92e55a6c93e65
Botan C++ Crypto Algorithms Library 2.9.0
Posted Jan 7, 2019
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version. Addressed a side channel during ECC key generation, which used an unblinded Montgomery ladder. Various other updates.
tags | library
advisories | CVE-2018-20187
MD5 | db8403d6a2f10c20fde3f3c76be9a045
RSA Authentication Manager Path Traversal
Posted Jan 7, 2019
Authored by Dell Product Security Incident Response Team | Site dellemc.com

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

tags | advisory, local
advisories | CVE-2018-15782
MD5 | 931d37612cf8560f64b71f15da93dbc1
Ajera Timesheets 9.10.16 Deserialization
Posted Jan 7, 2019
Authored by Anthony Cole

Ajera Timesheets versions 9.10.16 and below suffer from a vulnerability where it performs deserialization of untrusted data.

tags | exploit
advisories | CVE-2018-20221
MD5 | 1272ed59c508f5ec8287034f2e49373c
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
Posted Jan 7, 2019
Authored by Secator

Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf
advisories | CVE-2018-12609, CVE-2018-12610, CVE-2018-12611
MD5 | 048df77a1ab85eecdd23b8f1251c22b1
Roxy Fileman 1.4.5 File Upload / Directory Traversal
Posted Jan 7, 2019
Authored by Pongtorn Angsuchotmetee, Vittawat Masaree

Roxy Fileman version 1.4.5 suffers from remote file upload and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion, file upload
advisories | CVE-2018-20525, CVE-2018-20526
MD5 | f18d3ae1fe4f8aea768cdfcb18391024
Red Hat Security Advisory 2019-0031-01
Posted Jan 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0031-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telco Update Service for Red Hat Enterprise Linux 6.6 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.

tags | advisory
systems | linux, redhat
MD5 | 8370adc27f721cf592443d2b0db85d5b
KioWare Server 4.9.6 Privilege Escalation
Posted Jan 7, 2019
Authored by Hashim Jawad

KioWare Server version 4.9.6 suffers from a weak folder privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-18435
MD5 | 52b9ccb56af481db3f28c3db93cc44ec
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
Posted Jan 7, 2019
Authored by Nathu Nandwani

Huawei E5330 version 21.210.09.00.158 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-5395
MD5 | b4ab974cc268104037de8b96be8e499d
TWiki 6.0.2 Cross Site Scripting
Posted Jan 7, 2019
Authored by Jiawang Zhang

TWiki version 6.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20212
MD5 | 77329b23c07ccc26bedc1f9dc7da39ad
BMC Network Automation 8.7.00.000 Session Hijacking
Posted Jan 7, 2019
Authored by Filip Palian

The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable.

tags | exploit, remote
MD5 | c415e423f050fe4320c681efd6d296d5
MyT Project Management 1.5.1 SQL Injection
Posted Jan 7, 2019
Authored by Mehmet Onder Key

MyT Project Management version 1.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1ca272fc08b059d39809d7b3004e031e
WordPress UserPro Privilege Escalation
Posted Jan 7, 2019
Authored by Noman Riffat

WordPress UserPro plugin versions prior to 4.9.21 suffers from a user registration privilege escalation vulnerability.

tags | exploit
MD5 | bb6eb6c67495541360a8ed0a1a32692b
BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
Posted Jan 7, 2019
Authored by Filip Palian

BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-18862
MD5 | 183faa5958c41b0ce055d4b97e568dff
phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 7, 2019
Authored by Ozer Goker

phpMoAdmin version 1.1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 946994c07239d91153a9ec3e2374c276
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting
Posted Jan 7, 2019
Authored by Kumar Saurav

PLC Wireless Router GPN2.4P21-C-CN suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20326
MD5 | 85888286765ac199ab91adba0f2b53bc
Base Soundtouch 18.1.4 Cross Site Scripting
Posted Jan 7, 2019
Authored by Tim Schughart

Base Soundtouch iOS application version 18.1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | ios
advisories | CVE-2018-12638
MD5 | 49c49a5038a429f43d29d588d692f381
Webgalamb Information Disclosure / XSS / CSRF / SQL Injection
Posted Jan 7, 2019
Authored by Daniel Jones

Webgalamb suffers from remote code execution, cross site request forgery, cross site scripting, information leakage, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, info disclosure, csrf
advisories | CVE-2018-19509, CVE-2018-19510, CVE-2018-19511, CVE-2018-19512, CVE-2018-19513, CVE-2018-19514, CVE-2018-19515
MD5 | 1c993ff1caf37847e75ec6a54088c49a
MyBB OUGC Awards 1.8.3 Cross Site Scripting
Posted Jan 7, 2019
Authored by 0xB9

MyBB OUGC Awards plugin version 1.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-3501
MD5 | aafeaac768d286f9cd69148f66e42f7c
Samhain File Integrity Checker 4.3.2
Posted Jan 7, 2019
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 7871b2482f67b7a3aa3aa9b01aaa92d8
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close