exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 447 RSS Feed

Files Date: 2016-08-01 to 2016-08-31

SimplePHPQuiz Blind SQL Injection
Posted Aug 24, 2016
Authored by HaHwul

SimplePHPQuiz suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | cf0515d4feeb9e73981e68b0f36f7a9643ae21e7ee948896683bff58c5703ee3
VMware Security Advisory 2016-0013
Posted Aug 24, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues.

tags | advisory
advisories | CVE-2016-5335, CVE-2016-5336
SHA-256 | 10ce356485ee77b9cf3bc4ec235b364612bdc4d6ed152da245e7a1e17db10900
Red Hat Security Advisory 2016-1664-01
Posted Aug 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1664-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.

tags | advisory, kernel, tcp
systems | linux, redhat
advisories | CVE-2016-5696
SHA-256 | b542c16421a0053cf74470ceee19661e1c59fcea30d437e8dabde33c44a48c25
Red Hat Security Advisory 2016-1657-01
Posted Aug 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1657-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2016-4470, CVE-2016-4565, CVE-2016-5696
SHA-256 | 4043f793bb96834574d7f4614976b19cff587e4500e977d8646b0c4f8fcb4824
WordPress Mail Master 1.0 Local File Inclusion
Posted Aug 23, 2016
Authored by Guillermo Garcia Marcos

WordPress Mail Masta plugin version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 63387cb541f174b444a7c0e37d74f3dec4201dfc93508d9f643478d039b574db
VideoIQ Camera Remote File Disclosure
Posted Aug 23, 2016
Authored by Yakir Wizman

VideoIQ Camera suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 8e79e33a110bf5cbe4ed378d41e766eceeb6fad1f062efe99f993f25713829a2
Lynis Auditing Tool 2.3.3
Posted Aug 23, 2016
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Additions include OpenStack detection, an option to disable automatic refresh of software repository, and various other new features.
tags | tool, scanner
systems | unix
SHA-256 | f012b17b705b2963294163b16293b2c2f8e11f904a7352aec9ba693e48d7a700
Red Hat Security Advisory 2016-1655-01
Posted Aug 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1655-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
SHA-256 | 4aef31c589e9eb632262467a2391d662c3f9b8731a9caabe096c9d84b5c43a8b
Red Hat Security Advisory 2016-1654-01
Posted Aug 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1654-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
SHA-256 | be57c89124c98f2cea8b05cd613985cbc6e73e7db5d4fb67260fd412e521dc99
Red Hat Security Advisory 2016-1652-01
Posted Aug 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1652-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5403
SHA-256 | 539a4dbb0d044fdb2e69eddaa74656352db4a87fa6718104e121060c02136047
Red Hat Security Advisory 2016-1653-01
Posted Aug 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1653-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
SHA-256 | 784b309832846f10d29d70069df5da9ac9c80c535442ac182995d7d0b236dbb3
Microsoft Security Bulletin Revision Increment For August, 2016
Posted Aug 23, 2016
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
SHA-256 | 5721a2c63ab52ed5630f76b062da98a13325a546d07e7b13238dec0c2a5606b7
Gnome Eye Of Gnome 3.10.2 Out-Of-Bounds Write
Posted Aug 23, 2016
Authored by Kaslov Dmitri

Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2016-6855
SHA-256 | 6b42597bb574ccc34d7ba77488acc1f56ca5d1d0f62c3ce461004f30059cb46f
WordPress Bonkersbeat / Method / Awake Arbitrary File Download
Posted Aug 23, 2016
Authored by xBADGIRL21

WordPress Bonkersbeat theme version 1.0, Method theme version 1.8, and Awake theme version 3.2 suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 377a2155b0b3a216d8785b603e4c0e98fe506d4f486ab4cbaece2ea45ce60a06
Red Hat Security Advisory 2016-1650-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2015-0204, CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 1fdd97874e8f34357aa4e0e66133e9488d4279f97fb76a354f29754e7682ff4a
Red Hat Security Advisory 2016-1649-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6f
Red Hat Security Advisory 2016-1648-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906
BENIGNCERTAIN Cisco VPN Private Key Extraction
Posted Aug 22, 2016

BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.

tags | exploit, remote
systems | cisco
SHA-256 | f1cc0ef523db5ceca559ff6245e673e90a6309eaeaf13d63e575e3e9b70a5ea8
Phoenix Exploit Kit Remote Code Execution
Posted Aug 22, 2016
Authored by Jay Turla, CrashBandicot | Site metasploit.com

This Metasploit module exploits a remote code execution in the web panel of Phoenix Exploit Kit via the geoip.php. The Phoenix Exploit Kit is a popular commercial crimeware tool that probes the browser of the visitor for the presence of outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader which then silently installs malware.

tags | exploit, java, remote, web, php, code execution
SHA-256 | aad984f8708901b83c5d2147e19d13750c153fefe31400973769c9a1fcdedf8c
Jaws CMS 1.1.1 Cross Site Request Forgery
Posted Aug 22, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

Jaws CMS version 1.1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4c7cb7244f6adffe5ed1f13324e54993002a2ec03435b20c3011a615f7c706b9
phpCollab CMS 2.5 Cross Site Request Forgery
Posted Aug 22, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

phpCollab CMS version 2.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 8f9e3cce787d1818859b78c4a1a0f36e22a4f9771670aa92f3509e1deec787c5
AVS Audio Converter 8.2.1 Buffer Overflow
Posted Aug 22, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

AVS Audio Converter version 8.2.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7afcffa21ea4851d253f1a3293dc20489b947ede25b757fba0c6ccc047eef575
ISPconfig 3.0.5.4 p6 Cross Site Scripting
Posted Aug 22, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ISPconfig version 3.0.5.4 p6 suffers from a cross site scripting vulnerability. It also leaks exception information.

tags | exploit, xss
SHA-256 | 9b4e17f23d24a8657ca32e66aeb0806fdf89bf27015fdfef444397eb7a0a7850
HP Security Bulletin HPSBNS03635 1
Posted Aug 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.

tags | advisory, remote, local, trojan, perl, php, vulnerability
advisories | CVE-2013-7456, CVE-2014-4330, CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394, CVE-2015-8607, CVE-2015-8853, CVE-2015-8865, CVE-2015-8874, CVE-2016-1238, CVE-2016-1903, CVE-2016-2381, CVE-2016-2554, CVE-2016-3074, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539
SHA-256 | d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436
ObiHai ObiPhone 1032/1062 XSS / CSRF / DoS / Command Injection
Posted Aug 22, 2016
Authored by David Tomaschik

ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, xss, info disclosure, csrf
SHA-256 | c01c956473f4e72a247182e6bcb22fe0af02e5eb1aefac7e5b88a3868d051233
Page 4 of 18
Back23456Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close