exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files Date: 2021-10-07

Wireshark Analyzer 3.4.9
Posted Oct 7, 2021
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 12 bug fixes. Updated protocol support for AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL, GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE 802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T, NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS Monitoring. New and updated capture file support for CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | b97e9d97fc8d77f514d5b92a2cf045f1
VMware vCenter Server Analytics (CEIP) Service File Upload
Posted Oct 7, 2021
Authored by VMware, Derek Abdine, wvu, Sergey Gerasimov, George Noseevich | Site metasploit.com

This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.

tags | exploit, shell, root, file upload
advisories | CVE-2021-22005
MD5 | d46c0245ccc36fc657f9f4ef1767092a
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation
Posted Oct 7, 2021
Authored by Brendan Coles, Andy Nguyen, Szymon Janusz | Site metasploit.com

A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through user name space. Kernels up to and including 5.11 are vulnerable.

tags | exploit, denial of service, kernel
systems | linux
advisories | CVE-2021-22555
MD5 | 3c40cc9dfa13bbdcb5e222fd6d854f8a
Ubuntu Security Notice USN-5105-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5105-1 - It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-28473
MD5 | 9dfd82c106b6f6b0a66213ce2a7ccc0a
nullcon Goa 2022 Call For Papers
Posted Oct 7, 2021
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place in March of 2022.

tags | paper, conference
MD5 | 69c3cffe292da7d9a05952215758b5e6
Online Traffic Offense Management System 1.0 SQL Injection
Posted Oct 7, 2021
Authored by snup

Online Traffic Offense Management System version 1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Justin White in August of 2021.

tags | exploit, remote, vulnerability, sql injection
MD5 | 712b2cf9632e37b1e352f0d218fcb046
Online Traffic Offense Management System 1.0 Cross Site Scripting
Posted Oct 7, 2021
Authored by snup

Online Traffic Offense Management System version 1.0 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 45b6e51d7759554a91843bef106f82e3
Online Traffic Offense Management System 1.0 Shell Upload
Posted Oct 7, 2021
Authored by snup

Online Traffic Offense Management System version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 49a9a35505dbb9ef31bd821563cd591f
Ubuntu Security Notice USN-5106-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5106-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26541, CVE-2021-22543, CVE-2021-3612, CVE-2021-38160, CVE-2021-38199, CVE-2021-41073
MD5 | 44f1cb6d4e6bc787eb2a64281fc880a2
Simple Online College Entrance Exam System 1.0 SQL Injection
Posted Oct 7, 2021
Authored by Mevlut Yilmaz

Simple Online College Entrance Exam System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 13ddfc3db5cf5a6c83afdfffc8bd719f
Online DJ Booking Management System 1.0 Cross Site Scripting
Posted Oct 7, 2021
Authored by Yash Mahajan

Online DJ Booking Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5dc0dde95a2d29cf129c73533471c63b
Red Hat Security Advisory 2021-3743-01
Posted Oct 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3743-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2021-41079
MD5 | 7c0d66a99716232d07c2ee5e7c36f553
Windows/x86 Bind TCP Shellcode
Posted Oct 7, 2021
Authored by h4pp1n3ss

Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.

tags | x86, tcp, shellcode
systems | windows
MD5 | 736f21ab958a376512c0d0673c8c0979
Google SLO-Generator 2.0.0 Code Execution
Posted Oct 7, 2021
Authored by Kiran Ghimire

Google SLO-Generator versions 2.0.0 and below suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2021-22557
MD5 | 7501ed60c77636b8e341c9d98a19821f
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close