exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-04-04

Stegano 0.9.2
Posted Apr 4, 2019
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Updated Pillow dependency to version 6.0.0 in order to fix a bug when opening some PNG files.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 2d3651e2af953902431ca3f079d5b496
WordPress 5.0.0 crop-image Shell Upload
Posted Apr 4, 2019
Authored by RIPSTECH Technology, Wilfried Becard | Site metasploit.com

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

tags | exploit, local, file inclusion
systems | unix
advisories | CVE-2019-8942, CVE-2019-8943
MD5 | 7a9d7962c7566662c546f3360497c2ce
Faraday 3.7.0
Posted Apr 4, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: New feature vulnerability preview to view vulnerability data. Updated Fierce Plugin. Import can be done from GTK console. Updated Goohost plugin and now Faraday imports Goohost .txt report. Updated plugin for supporting WPScan v-3.4.5. Various other additions and updates.
tags | tool, rootkit
systems | unix
MD5 | 2c61e18d0d5064448f2e903b816c40c2
FreeSMS 2.1.2 SQL Injection
Posted Apr 4, 2019
Authored by Yilmaz Degirmenci

FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 316f4f93b8f9e38f9d63848a54a5780d
Manage Engine ServiceDesk Plus 9.3 Privilege Escalation
Posted Apr 4, 2019
Authored by Ata Hakcil, Melih Kaan Yildiz

Manage Engine ServiceDesk Plus version 9.3 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 1002f34a48dca093d9f6ba8b13e8de38
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow
Posted Apr 4, 2019
Authored by Peyman Forouzan

AIDA64 Extreme version 5.99.5900 logging SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | fb5c4a6cf9ca1e18531efbe7ee7e4921
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery
Posted Apr 4, 2019
Authored by panVagenas

WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8c0bd2ff5a15ebfbedbed8b0189b5608
Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF
Posted Apr 4, 2019
Authored by Dan Fabian

Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities.

tags | exploit, root, vulnerability, info disclosure, csrf
MD5 | a40592492ffe2815d8e24f02bc4755da
Ubuntu Security Notice USN-3936-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3936-1 - It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9210
MD5 | afc68be4b0825b647878ffa93501ccc3
Ubuntu Security Notice USN-3937-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
MD5 | 4c5be938f6500ff73e08b36e651987a9
Gentoo Linux Security Advisory 201904-09
Posted Apr 4, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-9 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.10.3-r2 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | bb20a6ef08ff0872451ca9fe79100fb3
Debian Security Advisory 4423-1
Posted Apr 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4423-1 - Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898
MD5 | 275bce06f569381caffe03f4077eb7f2
Magic ISO Maker 5.5 Build 281 Denial Of Service
Posted Apr 4, 2019
Authored by Alejandra Sanchez

Magic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | d41b73f334ba66052eaf185775b1a2cb
Chrome 73.0.3683.86 Stable Proof Of Concept
Posted Apr 4, 2019
Authored by Istvan Kurucsai

Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.

tags | exploit, javascript
systems | windows
MD5 | 3942490d2a3c9f4e77eb820e2de2a909
Apache 2.4.38 Root Privilege Escalation
Posted Apr 4, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.

tags | exploit, arbitrary, local, root
advisories | CVE-2019-0211
MD5 | a10477996e9695e8e509d183fa786a50
AIDA64 Engineer 5.99.4900 Buffer Overflow
Posted Apr 4, 2019
Authored by Anurag Srivastava, Vardan Bansal

AIDA64 Engineer version 5.99.4900 Load from file field SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2019-10843
MD5 | d8c1dcc0b87d50428eef0b3a500afadd
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close