exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-07-28 to 2016-07-29

Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (3)
Posted Jul 28, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.008 and Load Balancer Firmware <= v5.4.0.004 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, root
SHA-256 | ada1acb74888da1ee068093d1bfd8b3f3fa7cbe886c53bffebec80de7451a35e
WordPress Ultimate Product Catalog 3.9.8 SQL Injection
Posted Jul 28, 2016
Authored by Joaquin Ramirez Martinez

WordPress Ultimate Product Catalog plugin versions 3.9.8 and below suffer from a remote unauthenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bacab668e9242da4ccd6ac7578697bc74b3ca2afbaf088e2ffe1dba9f652000
Linux ARM/ARM64 perf_event_open() Arbitrary Memory Read
Posted Jul 28, 2016
Authored by Jann Horn, Google Security Research

Linux ARM/ARM64 architectures suffer from an arbitrary memory read vulnerability in perf_event_open().

tags | exploit, arbitrary
systems | linux
SHA-256 | d93d6ea3ad561c8f7d1736c08ffd738028f0f1563210cd2723d3dd9167a9b0bc
Exponent CMS 2.3.9 XSS / User Injection
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability that allows for user account addition.

tags | exploit, xss
SHA-256 | 423cf5f16e0bc3e2b68f98c0ffbfb9ff0056a53477952e4c8a5336cbd334fcf1
Zortam Media Studio 20.60 Buffer Overflow
Posted Jul 28, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

Zortam Media Studio version 20.60 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 60f4ac036146a9137d475523420c506dc7dcbe9ef06f4a36f384d1f5d5bb0db1
Debian Security Advisory 3633-1
Posted Jul 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3633-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-8338, CVE-2016-4480, CVE-2016-4962, CVE-2016-5242, CVE-2016-6258
SHA-256 | 69e2b39b3913e68cc3897dadfc8422de8be200cf50452bcb270d6b48048d7d24
Saveya Script Insertion
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Saveya suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | 5551173a26e0ebd8d02b44aefec2da15f69c5fefb72772e0228d85ebfaa58bcc
Zoll Checklist 1.2.2 Script Insertion
Posted Jul 28, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Zoll Checklist version 1.2.2 suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | eded9a2d4136f497a7b8aa4fc8fae14d8f6c7b0c761dd5482b1e3db648ac5264
AppArmor aa_fs_seq_hash_show Reference Count Leak
Posted Jul 28, 2016
Authored by Google Security Research, Mark Brand

AppArmor has a reference count leak in aa_fs_seq_hash_show that can be used to overflow the reference counter and trigger a kernel use-after-free.

tags | exploit, overflow, kernel
SHA-256 | aeb4adc2c9454e00e280467d5afe605088bc235c957b16c9ba2883396aeb3993
Wireshark Analyzer 2.0.5
Posted Jul 28, 2016
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Various updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 0ce0241330828973f5b4efee422a3760cab8ce0b41e7721c4b9fd185be1bb10b
AXIS Authenticated Remote Command Execution
Posted Jul 28, 2016
Authored by OrwellLabs | Site orwelllabs.com

Multiple products from AXIS suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2015-8257
SHA-256 | 5d3626abb1ca74ae36c7f97673ca1ac0fa4274ea3398a978924fd38256827c7b
Avaya VOSS 4.1.0.0 SPB Traffic Traversal
Posted Jul 28, 2016
Authored by Jason Ostrom, Samuel Neves, Salim Neino

Avaya Fabric Connect VSP, under specific conditions, can accept and process specially crafted and spoofed Ethernet frames, which can lead to unauthorized access to devices intended to be secured from untrusted traffic sources. The vulnerability is caused by mishandling VLAN and I-SID indexes within the Fabric infrastructure. Version 4.1.0.0 is affected.

tags | advisory, spoof, file inclusion
advisories | CVE-2016-2783
SHA-256 | febf9c8d06e60cb5763c39467e3b800a3a47afa1bfb25a99e6dbc40ebfbb1519
Red Hat Security Advisory 2016-1519-01
Posted Jul 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1519-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.6 release serves as a replacement for JBoss Operations Network 3.3.5, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5220, CVE-2016-0800, CVE-2016-3737
SHA-256 | 9e8eda7cc87b09b7d965a2368ef110c52ca58a71169b633cc43b9d107529ee95
Debian Security Advisory 3632-1
Posted Jul 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3632-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
SHA-256 | 1034107a2809d4f21af57f0bbc38fd4ea778e2457506a9b747c59bfab574464b
LastPass 4.1.20a Communication Design Flaw
Posted Jul 28, 2016
Authored by Tavis Ormandy, Google Security Research

LastPass version 4.1.20a on Windows suffers from some issues where the add-on works by injecting elements and event handlers into the page. The attached proof of concept will delete a given file.

tags | exploit, proof of concept
systems | windows
SHA-256 | 251e29ebd27cfc49ad197f0294b26341778ad40b289cfd17cf8122679ada2ce7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close