exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-04-04

Stegano 0.9.2
Posted Apr 4, 2019
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Updated Pillow dependency to version 6.0.0 in order to fix a bug when opening some PNG files.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | 491a7ed475f73b7cb958fd34d9c11a860a0158979d89768b93c42308a5c44892
WordPress 5.0.0 crop-image Shell Upload
Posted Apr 4, 2019
Authored by RIPSTECH Technology, Wilfried Becard | Site metasploit.com

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

tags | exploit, local, file inclusion
systems | unix
advisories | CVE-2019-8942, CVE-2019-8943
SHA-256 | bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41
Faraday 3.7.0
Posted Apr 4, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: New feature vulnerability preview to view vulnerability data. Updated Fierce Plugin. Import can be done from GTK console. Updated Goohost plugin and now Faraday imports Goohost .txt report. Updated plugin for supporting WPScan v-3.4.5. Various other additions and updates.
tags | tool, rootkit
systems | unix
SHA-256 | 39c2544e771695c57667b95cc34d51ec3cbf6ec1288fc8ea1981234f05246b65
FreeSMS 2.1.2 SQL Injection
Posted Apr 4, 2019
Authored by Yilmaz Degirmenci

FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f9d0f06954df7127c1f7da2c6973086ec5ed205332e214311fa7ec075f8918d2
Manage Engine ServiceDesk Plus 9.3 Privilege Escalation
Posted Apr 4, 2019
Authored by Ata Hakcil, Melih Kaan Yildiz

Manage Engine ServiceDesk Plus version 9.3 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 87787f1fb2a7439a9948e5731a3c9ebc899dcd1c11621afaedcab653880b4eb7
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow
Posted Apr 4, 2019
Authored by Peyman Forouzan

AIDA64 Extreme version 5.99.5900 logging SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 33bc00d3a310700b1a4cda4084c05d980e79a74d09218d74cc5a0b509bb40abf
WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery
Posted Apr 4, 2019
Authored by Panagiotis Vagenas

WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1c7a3b27afbbedd8d750455aa126e9363090a0ccf6ca80bf062df80fbc2c60f1
Lupusec XT2 Plus Main Panel Shared Secrets / Secret Disclosure / CSRF
Posted Apr 4, 2019
Authored by Dan Fabian

Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities.

tags | exploit, root, vulnerability, info disclosure, csrf
SHA-256 | 9c581dc92641e4428dbdc52160abc9e17d59118fbbf7c51f88f013367312c44b
Ubuntu Security Notice USN-3936-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3936-1 - It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9210
SHA-256 | 51ecf0037b21fb41d85c22d8b5ee3799c061e4d5cd9ab4d764ebeb54d48207b2
Ubuntu Security Notice USN-3937-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
SHA-256 | c17a43ba53d0845a663b1213936884d7465b45def0d79156050131ef37d78a6d
Gentoo Linux Security Advisory 201904-09
Posted Apr 4, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-9 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.10.3-r2 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | 20d19efdbab2418f08c453b6a6915acf70d4e56601ffb6928ffadad10d6dab92
Debian Security Advisory 4423-1
Posted Apr 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4423-1 - Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898
SHA-256 | 1e45ae1dc23caffe87602e1bbed82996f2591e5fb6ede15f65f06bb64b3a52ad
Magic ISO Maker 5.5 Build 281 Denial Of Service
Posted Apr 4, 2019
Authored by Alejandra Sanchez

Magic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 2880b8593afdcef3dec022df92a56b326a8b141d28605ea46320f2026a225e0f
Chrome 73.0.3683.86 Stable Proof Of Concept
Posted Apr 4, 2019
Authored by Istvan Kurucsai

Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.

tags | exploit, javascript
systems | windows
SHA-256 | ed2806699f2887002b690cf52cf4d2bf2e737c931f2b6c9116bddc399099bed4
Apache 2.4.38 Root Privilege Escalation
Posted Apr 4, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.

tags | exploit, arbitrary, local, root
advisories | CVE-2019-0211
SHA-256 | 9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bd
AIDA64 Engineer 5.99.4900 Buffer Overflow
Posted Apr 4, 2019
Authored by Anurag Srivastava, Vardan Bansal

AIDA64 Engineer version 5.99.4900 Load from file field SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2019-10843
SHA-256 | d2886dbe120be9c41a01a90ae64f8844b646245816ebbe6afd377dea5cd5ec1a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close