Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-07-06 to 2016-07-07

GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
MD5 | c1bff7c5ea44db8d87e028c13050cabc
EMC Avamar Data Store / Virtual Edition Unauthorized Data Access
Posted Jul 6, 2016
Site emc.com

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) have released a fix for a vulnerability that may potentially lead to denial of service and data disclosure. When restoring backups of Linux Avamar clients using the web restore interface, a malicious Avamar Client user may read and/or delete critical directories on the Avamar Server. This may lead to a denial-of-service attack on the Avamar Server, or unauthorized access to Avamar Server data by the malicious Avamar Client user. All supported versions prior to 7.3.0 of EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) are affected.

tags | advisory, web, denial of service
systems | linux
advisories | CVE-2016-0906
MD5 | e6e3fa75291ed5bfed25feb5eeac25eb
AWBS 2.9.6 SQL Injection / Cross Site Scripting
Posted Jul 6, 2016
Authored by Bikramaditya Guha | Site zeroscience.mk

AWBS version 2.9.6 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 3f052dc95ade201ec8794449dd308bd1
RS232-NET Converter (JTC-200) CSRF / Weak Credentials / Unauthenticated Access
Posted Jul 6, 2016
Authored by Karn Ganeshen

RS232-NET Converter (JTC-200) suffers from cross site request forgery and weak credential management vulnerabilities along with unauthenticated access over telnet.

tags | exploit, vulnerability, bypass, csrf
MD5 | 95d9eee550ca7a6c748d43980a13c9a7
CIMA DocuClass ECM CSRF / XSS / SQL Injection
Posted Jul 6, 2016
Authored by Karn Ganeshen

CIMA DocuClass ECM suffers from cross site request forgery, cross site scripting, direct object reference, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 39195591cc4aeb66a93e69cc233cb79f
OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 6, 2016
Authored by Florian Nivette

OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.

tags | exploit, vulnerability, xss, csrf
MD5 | d08b55d4cddcfa29542877d785df8a81
PrinceXML Wrapper Class Command Injection
Posted Jul 6, 2016
Authored by Brandon Perry

Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 4ca94581a27f577b94c4c76b397e90dc
Micron CMS 5.3 SQL Injection
Posted Jul 6, 2016
Authored by mr_mask_black | Site vulnerability-lab.com

Micron CMS version 5.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9ced17cd4fd4ba8aca1fd692c4d4d498
GNU Transport Layer Security Library 3.4.14
Posted Jul 6, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
MD5 | ad3e269a6793424d5d21c9626e1c9ef1
Samsung Android JACK Privilege Escalation
Posted Jul 6, 2016
Authored by Google Security Research, Mark Brand

The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK and appears to suffer from a privilege escalation vulnerability.

tags | advisory
systems | linux
MD5 | cb942ef82a22bd3ecbe7f271d98180f2
Samsung Android JACK ASLR Bypass
Posted Jul 6, 2016
Authored by Google Security Research, Mark Brand

The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The common JACK configuration on Linux systems appears to be a JACK server running under the current user account, and interacting with JACK clients from the same user account; so with a minimal privilege difference; this is not the case with the configuration on Android, where the JACK service runs as a more privileged user in a less restrictive SELinux domain to the clients that can connect to it. The JACK shared memory implementation uses the struct jack_shm_info_t defined in /common/shm.h to do some bookkeeping. This struct is stored at the start of every JackShmAble object. This means that whenever the JACK server creates an object backed by shared memory, it also stores a pointer to that object (in the address space of the JACK server), allowing a malicious client to bypass ASLR in the JACK server process.

tags | advisory
systems | linux
MD5 | 8288db414362e6a728044ca93ad526bf
GNU Transport Layer Security Library 3.3.24
Posted Jul 6, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
MD5 | 4057aa38fcceda709b73f4179ca0a21a
Teampass 2.1.26 Arbitrary File Upload
Posted Jul 6, 2016
Authored by Peter Kok | Site vulnerability-lab.com

Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.

tags | exploit, remote, code execution, file upload
MD5 | f26594fd5dac0172639bf267355e99df
IBM BlueMix Cloud Script Insertion
Posted Jul 6, 2016
Authored by Digvijay Singh | Site vulnerability-lab.com

IBM BlueMix Cloud suffers from a client-side malicious script insertion vulnerability.

tags | exploit
MD5 | 4f68574b29f36f803aa87b56a6d8f4a8
Packet Fence 6.2.0
Posted Jul 6, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Updated translations, versions, and news.
tags | tool, remote
systems | unix
MD5 | 78b59a22154f59c325ec95358d561291
Nagios XI Chained Remote Code Execution
Posted Jul 6, 2016
Authored by wvu, Francesco Oddo | Site metasploit.com

This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.

tags | exploit, shell, root, sql injection, file upload
MD5 | f70bea86a23da44db72654aedbe0c274
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close