exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2015-12-08 to 2015-12-09

Microsoft Office / COM Object DLL Planting With Els.dll
Posted Dec 8, 2015
Authored by Google Security Research, scvitti

It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.

tags | exploit, proof of concept
systems | linux, windows
advisories | CVE-2015-6128
SHA-256 | 46d45bad78cc0769fb766cd7589210d99767133fd5d226273173fe717d826a5e
dotCMS 3.2.4 CSRF / XSS / Open Redirect
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | bbb9a245c1b76c149bcb358364c5ed5c4fd2bf936261edd5c955bc0351dc7cb1
Microsoft Security Bulletin Summary For December, 2015
Posted Dec 8, 2015
Site microsoft.com

This bulletin summary lists twelve released Microsoft security bulletins for December, 2015.

tags | advisory
SHA-256 | ca328e5637bbd066291f983bf1badf7b4e7b35d95ade5f0aa4586ee7d51b7610
Red Hat Security Advisory 2015-2579-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2579-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
SHA-256 | 7adc2c95a90db0d9990222bb5593457949914b69ecae0ba90e19645906c7f170
Red Hat Security Advisory 2015-2578-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2578-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
SHA-256 | 11d49327f51d20383027a6e0ebd090140db8edb804834efaab6040d374895db4
ASP Dynamika 2.5 Cross Site Scripting
Posted Dec 8, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
SHA-256 | 03ca5035c8a555789ffc39c66287fa1aa9631adb55c10abcd347b9d848a316c2
oclHashcat for AMD 2.01
Posted Dec 8, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Various updates.
tags | tool, cracker
SHA-256 | 2295ef2574e566e8cd70fc08c1022f3560fd7eb43fee05ca4002d1563fa748aa
oclHashcat For NVidia 2.01
Posted Dec 8, 2015
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Various updates.
tags | tool, cracker
SHA-256 | ca5b5c6b00e24ea51fa336f9b6e83e87b30503c34fddb64f94d1c673e2ef55cf
Packet Fence 5.5.2
Posted Dec 8, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed circular dependency. Various other updates.
tags | tool, remote
systems | unix
SHA-256 | 532230a9f81e541b2804d44d6b860d5dda030b985520791ef4efac2b6ad70d44
phpFileManager 0.9.8 Remote Code Execution
Posted Dec 8, 2015
Authored by Jay Turla, hyp3rlinx | Site hyp3rlinx.altervista.org

This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

tags | exploit, remote, code execution
SHA-256 | 6deaa42854a12bc36ae3c7e06620c542ad37b9dff69c0ee0a7ea8a418934ad50
Red Hat Security Advisory 2015-2551-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2551-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information.

tags | advisory, web, local, ruby
systems | linux, redhat
advisories | CVE-2015-7502
SHA-256 | 0e2a00eaf5e59d21d582cf1da633d2a7689b72410a24a608a4ece80cc47f7a6e
Red Hat Security Advisory 2015-2561-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2561-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.

tags | advisory, remote, arbitrary
systems | linux, redhat
SHA-256 | d6256e53c301af85e611e6989e5989d92c2a24ac658ddb8a80f76a3417ad1096
Red Hat Security Advisory 2015-2552-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2552-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
SHA-256 | 421ad6b6ea77c1424cf5e393206e57d786896019194f078c110c0d12105ef4ca
OpenMRS 2.3 (1.11.4) XXE Injection
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be exploited to e.g. disclose data from local resources or cause a DoS condition (billion laughs) via a specially crafted XML file including external entity references.

tags | exploit, local, xxe
SHA-256 | 070b2c30afd808c338b88609b0c09df9664f1cb7251179abf50e418c628aac90
OpenMRS 2.3 (1.11.4) Expression Language Injection
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from an expression language injection vulnerability that can lead to arbitrary java code being executed.

tags | exploit, java, arbitrary
SHA-256 | 5c4dab04f428aa0abb317abe8b8303796aa919e07d939ded543c5122728dec5d
OpenMRS 2.3 (1.11.4) Cross Site Scripting
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8ddc6fc943cbdcc85d0e438e0ba30364f3e257d65174500b5b0e6a3e76e1cc3f
SHAREit WebShare 2.3.80 Cross Site Scripting
Posted Dec 8, 2015
Authored by Mahdi.Hidden

SHAREit WebShare version 2.3.80 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c500140027d0231781da834d5e53ee17c27fc8c506906202157807fcc3638199
OpenMRS 2.3 (1.11.4) Local File Disclosure
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from a local file disclosure vulnerability.

tags | exploit, local
SHA-256 | 72124e8162958bf12591414a483ea21db4df22c19164f3fc027f91ff1b4a9880
sysPass 1.1.2.23 Cross Site Scripting
Posted Dec 8, 2015
Authored by Daniele Salaris | Site syss.de

sysPass versions 1.1.2.23 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fccd3f6bd7b3f2d36da082f59aaa70d871cc6f8aa84ce409fb7f5e31656b9346
PHP Utility Belt Remote Code Execution
Posted Dec 8, 2015
Authored by WICS

PHP Utility Belt suffers from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
SHA-256 | ba341d0be863b216c242d86dc40d8d7419776d686e9bcdf09a435b886ef684f1
JRSoft InnoSetup DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

JRSoft InnoSetup executable installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 23c3a9d703e6f64f18b7c20de18f64f87a8815cce1acfca84716961420cfefe4
NSIS DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

The executable installer for Nullsoft Scriptable Install System suffers from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | ccdd46e5818b0dbedc4279878178a5cf6e2457038d1d43966c56612639a16f64
VLC DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

The executable installer for the VideoLAN Client suffers from DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | 06d549ebc07d5067e07e42895a4d82a9fa7b46ae2fc9574aec65049b635ccd48
SumatraPDF DLL Hijack
Posted Dec 8, 2015
Authored by Stefan Kanthak

SumatraPDF suffers from multiple DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | 27dc14dd449f0656362e2a1fa165d4528d2383f2dcf213a1d7c74b9e5a2afc1e
YesWiki 1 / 2 File Upload / Directory Traversal
Posted Dec 8, 2015
Authored by indoushka

YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
SHA-256 | ee86e160c76d7dc73d0165e915aca4364f9f5d3507ade379098299763d7ce7ff
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close