exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-06-15 to 2016-06-16

Solarwinds Virtualization Manager 6.3.1 Java Deserialization
Posted Jun 15, 2016
Authored by Nate Kettlewell

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2016-3642
SHA-256 | f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6
Bomgar Remote Support Unauthenticated Code Execution
Posted Jun 15, 2016
Authored by Markus Wulftange | Site metasploit.com

This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.

tags | exploit, remote, arbitrary, php
advisories | CVE-2015-0935
SHA-256 | 698e0392eb6fd3200601379e4e3d239ebb1d4c3143e7663f8154566abf6dec9c
Cisco Security Advisory 20160615-rv
Posted Jun 15, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
SHA-256 | 358e6cae4e6366a6f3ead0caa340bb5b6b44ff1423e6801085dae36564a1b3b2
jbFileManager Path Traversal
Posted Jun 15, 2016
Authored by HaHwul

jbFileManager suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | a79015bbb00e588181d9b153f7cac50d3cf3b638872d17a01e594029c4e6e0e5
FibeAir IP-10 Authentication Bypass
Posted Jun 15, 2016
Authored by Ian Ling

FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to their session named "ALBATROSS" with the value "0-4-11".

tags | exploit, web, bypass
SHA-256 | ba7a5b7f1fb1761939ce81f563c29620f9f70fcbfab7ade4b67161271701849e
AdobeUpdateService 3.6.0.248 Privilege Escalation
Posted Jun 15, 2016
Authored by Cyril Vallicari

AdobeUpdateService version 3.6.0.248 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 9c5f6e95b25c9460938aae0eed413db7e1da761bfa9b90122a4b4b6bfbc73e94
DDN SFA Default SSH Keys
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN controllers ship with a set of static entries within the authorized_keys file of several of the user accounts. The corresponding private keys can be obtained from publicly available sources.

tags | exploit
SHA-256 | 470b91b64442d28eebb33a4f527381613c2b67ad4b238cb3ab10d5b46ca3f8e7
BookingWizz LFI / XSS / CSRF / SQL Injection
Posted Jun 15, 2016
Authored by Mehmet Ince

BookingWizz versions prior to 5.5 suffer from having default administrative credentials, local file inclusion, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion, csrf
SHA-256 | ac3224164fc281f5e02e53dfd05ba5f33417eddad677f722aad191b3626730a1
VMware Security Advisory 2016-0009
Posted Jun 15, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0009 - VMware vCenter Server updates address an important reflective cross-site scripting issue.

tags | advisory, xss
advisories | CVE-2015-6931
SHA-256 | 812f5a6cf20427ee2f1f7b8d87d372758a2c33718f894cbf39735e6aa71fbbfb
Debian Security Advisory 3603-1
Posted Jun 15, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3603-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory
systems | linux, debian
advisories | CVE-2016-3062
SHA-256 | a05b05ce7875a8810cfc242385ff4450b36ec84fb911f7247abc21e0fc85d365
Microsoft Visio DLL Hijacking
Posted Jun 15, 2016
Authored by Yorick Koster, Securify B.V.

Microsoft Visio suffers from a DLL hijacking vulnerability.

tags | advisory
systems | windows
advisories | CVE-2016-3235
SHA-256 | 53c0212c96208c6e0d2e1e1d7370c5d98fdadabd301ae83fe691067fc4c7adc9
DDN SFA Privilege Escalation
Posted Jun 15, 2016
Authored by John Fitzpatrick

DDN SFA suffers from a privilege escalation vulnerability.

tags | advisory
SHA-256 | 8685f5cd2b43437141d6700fcd38911bb8804b7c0342311a9bbe76773a26134b
Joomla En-Masse 6.4 SQL Injection
Posted Jun 15, 2016
Authored by Hamed Izadi

Joomla En-Masse component versions 5.1 through 6.4 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09c3f40f3b2879c6fd664dafdb1b126b529437d8b3feaa1fc19423d10362f956
Mozilla Firefox DLL Hijacking
Posted Jun 15, 2016
Authored by Stefan Kanthak

The fix applied for CVE-2014-1520 does not fix a DLL hijacking issue with Mozilla Firefox's executable installer.

tags | exploit
systems | windows
advisories | CVE-2014-1520
SHA-256 | e199135bedf5e3f7e1d5caca9f00c1556e12da31282d21a64a24691d122836fc
Blat 3.2.14 Denial Of Service
Posted Jun 15, 2016
Authored by vishnu raju

Blat version 3.2.14 suffers from a stack overflow vulnerability that can trigger a denial of service condition.

tags | exploit, denial of service, overflow
SHA-256 | f7b53e61f4ab207b0afb88403d6669e16496ff7e18019caac34e370c39a3734f
Solarwinds Virtualization Manager 6.3.1 Privilege Escalation
Posted Jun 15, 2016
Authored by Nate Kettlewell

Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration of sudo.

tags | exploit
advisories | CVE-2016-3643
SHA-256 | d76585db4f9afc3a512397bd6ff0264cc58ddcbbd856e3608a54fd64cf5479b7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close