what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2019-01-07

Clam AntiVirus Toolkit 0.101.1
Posted Jan 7, 2019
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 specifically for developers that depend on libclamav.
tags | tool, virus
systems | unix
SHA-256 | fa368fa9b2f57638696150c7d108b06dec284e8d8e3b8e702c784947c01fb806
SQLMAP - Automatic SQL Injection Tool 1.3
Posted Jan 7, 2019
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 7ea4684e01956e411960a5fd8a6d5b74b3f5972c2a3c6553fbd1e729819190ff
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, javascript, xss, file upload
SHA-256 | 598a926881c6e97836d593dedf16d012bf56f7039da38ead2df70ca196aa5cdf
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b07daa3fb3a1153f65a2920ef09dec167a5e3b96ec6e718666d10d63d01b3a9a
cryptmount Filesystem Manager 5.3.1
Posted Jan 7, 2019
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Fixed memory cleanup error on closedown when using multiple targets. Fixed memory cleanup error on closedown when using multiple targets.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | c531aa2286bbd194b71f103fb411c4821083317c0d1f2b700382328a57e99631
Botan C++ Crypto Algorithms Library 2.9.0
Posted Jan 7, 2019
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed bugs in TLS which caused negotiation failures when the client used an unknown signature algorithm or version. Addressed a side channel during ECC key generation, which used an unblinded Montgomery ladder. Various other updates.
tags | library
advisories | CVE-2018-20187
SHA-256 | 305564352334dd63ae63db039077d96ae52dfa57a3248871081719b6a9f2d119
RSA Authentication Manager Path Traversal
Posted Jan 7, 2019
Authored by Dell Product Security Incident Response Team | Site dellemc.com

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

tags | advisory, local
advisories | CVE-2018-15782
SHA-256 | 31eb5b4af089eeb2959522b4f783e63cd01a93916d91d8b697f658e3ada5eb0e
Ajera Timesheets 9.10.16 Deserialization
Posted Jan 7, 2019
Authored by Anthony Cole

Ajera Timesheets versions 9.10.16 and below suffer from a vulnerability where it performs deserialization of untrusted data.

tags | exploit
advisories | CVE-2018-20221
SHA-256 | d924cc5c9d6afb43a5b35465af9212eb3910f76d71f147d9517eabf50904532f
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
Posted Jan 7, 2019
Authored by Secator

Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf
advisories | CVE-2018-12609, CVE-2018-12610, CVE-2018-12611
SHA-256 | ffdbe5e04f303db5e8ad0da091038bf8976a3f72b1e572115af58f427a4f8073
Roxy Fileman 1.4.5 File Upload / Directory Traversal
Posted Jan 7, 2019
Authored by Pongtorn Angsuchotmetee, Vittawat Masaree

Roxy Fileman version 1.4.5 suffers from remote file upload and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion, file upload
advisories | CVE-2018-20525, CVE-2018-20526
SHA-256 | 436a9168298baf58a80c80d0a413d1d2bdbfe4677344354fc6cbe13a1e776811
Red Hat Security Advisory 2019-0031-01
Posted Jan 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0031-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telco Update Service for Red Hat Enterprise Linux 6.6 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | d0af511c2b6a9f8f6a107f1cdb93670c829d5d18dd0d35c745ccc119543a9cbb
KioWare Server 4.9.6 Privilege Escalation
Posted Jan 7, 2019
Authored by Hashim Jawad

KioWare Server version 4.9.6 suffers from a weak folder privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-18435
SHA-256 | 286035ee9c12f7dd3c63a25e44ac396f5c837d44c2d2623db507aa97a512b042
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
Posted Jan 7, 2019
Authored by Nathu Nandwani

Huawei E5330 version 21.210.09.00.158 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-5395
SHA-256 | 12dd7814c4179b0cffb630e3ef8d2a2c67b7b22852ce245228d07fb24fae998f
TWiki 6.0.2 Cross Site Scripting
Posted Jan 7, 2019
Authored by Jiawang Zhang

TWiki version 6.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20212
SHA-256 | 12344c33a0d166986f451979a17987cea192019740523cd407fca283dac30bef
BMC Network Automation 8.7.00.000 Session Hijacking
Posted Jan 7, 2019
Authored by Filip Palian

The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable.

tags | exploit, remote
SHA-256 | 3d15c4f8be6b2d9910c5af59812a7ff1dc6e9e70f54d19034887282552279829
MyT Project Management 1.5.1 SQL Injection
Posted Jan 7, 2019
Authored by Mehmet Onder Key

MyT Project Management version 1.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | aae916d20d56ea35cbcbd162ecf9b836d478d80d4f4ee7d7dd6736f365974a34
WordPress UserPro Privilege Escalation
Posted Jan 7, 2019
Authored by Noman Riffat

WordPress UserPro plugin versions prior to 4.9.21 suffers from a user registration privilege escalation vulnerability.

tags | exploit
SHA-256 | e76fa90e552e7d8417464f032c86740eb2c72df2dce8fbd905761334dde7363e
BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
Posted Jan 7, 2019
Authored by Filip Palian

BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-18862
SHA-256 | f91d23df9bc0097fffb3bf5213fe0b8005c3a4f47d501ca62b6106eeb36a9b3a
phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 7, 2019
Authored by Ozer Goker

phpMoAdmin version 1.1.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | df47de4cf8d4c2091cfded5f469ec3562e0ef87756bc225a2a6a2d2db28a863b
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting
Posted Jan 7, 2019
Authored by Kumar Saurav

PLC Wireless Router GPN2.4P21-C-CN suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20326
SHA-256 | 5e3eed3cc7dfe6238943eee06b1720ec305db26a66af6da527d133a5f6ff42fb
Base Soundtouch 18.1.4 Cross Site Scripting
Posted Jan 7, 2019
Authored by Tim Schughart

Base Soundtouch iOS application version 18.1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | ios
advisories | CVE-2018-12638
SHA-256 | 67c8211022b176ba9ad191b333fa8db82dec6bea662fcf9aeb2fdd2a726d151c
Webgalamb Information Disclosure / XSS / CSRF / SQL Injection
Posted Jan 7, 2019
Authored by Daniel Jones

Webgalamb suffers from remote code execution, cross site request forgery, cross site scripting, information leakage, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, info disclosure, csrf
advisories | CVE-2018-19509, CVE-2018-19510, CVE-2018-19511, CVE-2018-19512, CVE-2018-19513, CVE-2018-19514, CVE-2018-19515
SHA-256 | 6bc4ddc8420dcf22ab8b493f25ff520b6a53308cbe2a85df38161cbebee9fd5e
MyBB OUGC Awards 1.8.3 Cross Site Scripting
Posted Jan 7, 2019
Authored by 0xB9

MyBB OUGC Awards plugin version 1.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-3501
SHA-256 | 5162cdbc77bd00aa82e750e0197825914dadbca8e782cb89234062fac275c701
Samhain File Integrity Checker 4.3.2
Posted Jan 7, 2019
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | a976ba1672ed31d759268ad18b1bc8be3bcfb4c266653d0eb964c2b792004b73
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close