exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-03-07

Ubuntu Security Notice USN-3904-1
Posted Mar 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3904-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU.

tags | advisory, local
systems | linux, ubuntu
MD5 | fd0ff441d79231dc2569fe809743e7e0
Oracle Weblogic Server Deserialization Remote Command Execution
Posted Mar 7, 2019
Authored by Allyshka

Oracle Weblogic Server deserialization remote command execution exploit with patch bypass.

tags | exploit, remote
advisories | CVE-2018-2628, CVE-2018-3245
MD5 | 3550463dbd175f8b7fc81820ea8d90f9
Red Hat Security Advisory 2019-0474-01
Posted Mar 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0474-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Issues addressed include a buffer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2018-11212, CVE-2018-12547, CVE-2019-2422
MD5 | 36c60803f3aadc3f85b01bde7a75c4a4
Kados R10 GreenBee SQL Injection
Posted Mar 7, 2019
Authored by Mehmet Emiroglu

Kados R10 GreenBee suffers from a remote SQL injection vulnerability in the menu_lev1 parameter.

tags | exploit, remote, sql injection
MD5 | 19fa05383b2bd89cbd9072343ffffd10
OrientDB 3.0.17 GA Community Edition XSS / CSRF
Posted Mar 7, 2019
Authored by Ozer Goker

OrientDB version 3.0.17 GA Community Edition suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7f5a2fb2ec857569b12ec32ef1b6b35b
QNAP TS-431 QTS Remote Command Execution
Posted Mar 7, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.

tags | exploit, web, shell, php
MD5 | a35108ec28d9740153245bbe67cbb79a
Red Hat Security Advisory 2019-0473-01
Posted Mar 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0473-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Issues addressed include a buffer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2018-11212, CVE-2018-12547, CVE-2019-2422
MD5 | 4c01bd56de764dd217400b0a7d8296e5
Anyburn 4.x x86 Buffer Overflow
Posted Mar 7, 2019
Authored by Hodorsec

Anyburn version 4.3 x86 "Copy disc to image file" buffer overflow SEH unicode exploit.

tags | exploit, overflow, x86
MD5 | 8e92d805dee2a379fca84a0aa0ea1dda
Sparkasse Cross Site Scripting
Posted Mar 7, 2019
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the Sparkasse online service web-application.

tags | exploit, web, vulnerability
MD5 | 40ab69f0309c212c4b750c71a779f73e
Insertion Encoder / Decoder Shellcode
Posted Mar 7, 2019
Authored by Daniele Votta

Linux/x86 insertion encoder and decoder shellcode.

tags | x86, shellcode
systems | linux
MD5 | e5cecc39dc9c9a7ebbb0f0c5a9755667
Red Hat Security Advisory 2019-0472-01
Posted Mar 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0472-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Issues addressed include a buffer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2018-11212, CVE-2018-12547, CVE-2018-12549, CVE-2019-2422, CVE-2019-2449
MD5 | 2953d3ec58aecdfdeff9fab2a6f5be93
phpBB 3.2.3 Remote Code Execution
Posted Mar 7, 2019
Authored by Allyshka

phpBB version 3.2.3 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 8ca59c23e92d1832170ab7f729c76011
File Transfer Skills In The Red Team Post Penetration Test
Posted Mar 7, 2019
Authored by xax007

Whitepaper called File transfer skills in the red team post penetration test.

tags | paper
MD5 | 9afe5f91a9c54df50eebf28e7275df4e
SPOILER: Speculative Load Hazards Boost Rowhammer And Cache Attacks
Posted Mar 7, 2019
Authored by Ahmad Moghimi, Moritz Krebbel, Saad Islam, Berk Sunar, Berk Gulmezoglu, Thomas Eisenbarth, Ida Bruhns

Whitepaper called SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. This research was produced jointly between Worcester Polytechnic Institute and University of Lubeck. It has been noted that software mitigations tied to Spectre will not mitigate this newly identified issue.

tags | paper
MD5 | b6ba3b01a09c79386f413c930ccf0a61
FreeBSD Intel SYSRET Privilege Escalation
Posted Mar 7, 2019
Authored by Rafal Wojtczuk, Brendan Coles, John Baldwin, iZsh | Site metasploit.com

This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution.

tags | exploit, x86, kernel, code execution
systems | freebsd, bsd
advisories | CVE-2012-0217
MD5 | 3c4bc514cf25ebc9c86255e4a4f4d06e
Android su Privilege Escalation
Posted Mar 7, 2019
Site metasploit.com

This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The command stager will write a payload binary to a temporary directory, make it executable, execute it in the background, and finally delete the executable. On most devices the su binary will pop-up a prompt on the device asking the user for permission.

tags | exploit, root
MD5 | 3d450f6a5cba9fcc277774bbb95abdb6
Stegano 0.9.1
Posted Mar 7, 2019
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Updated Pillow dependency in order to fix a bug when opening some PNG files.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 785c5739dc98309fd35a9c1f45581229
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close