what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2017-03-15 to 2017-03-16

Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting
Posted Mar 15, 2017
Authored by Pralhad Chaskar

Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8855
SHA-256 | 4cc41f549b88fe2837f271bf8f082e620723704c4348deca8497b1a148cac442
Steam Profile Integration 2.0.11 SQL Injection
Posted Mar 15, 2017
Authored by DrWhat

Steam Profile Integration version 2.0.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 072182c73866113a91a6a4ef6f5f0fc076f5d0837ee161bda2a1f70721fd9086
GitHub Enterprise 2.8.x Remote Code Execution
Posted Mar 15, 2017
Authored by iblue

GitHub Enterprise versions 2.8.x prior to 2.8.6 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | a342b81ed2b1e63765a37c303b794cf55451aad19482eabd0f5853af68b78e2b
USB Pratirodh XXE Injection
Posted Mar 15, 2017
Authored by Sachin Wagh

USB Pratirodh suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-6895
SHA-256 | 753960d05ce88ca08fe0c91b1b16a0cee2861310d8ada86bd24118a2e943caa8
Skype 7.16.0.102 DLL Hijacking
Posted Mar 15, 2017
Authored by Sachin Wagh

Skype version 7.16.0.102 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2017-6517
SHA-256 | 011f971bdb45d821640b52a50a8840eef5c6b5fec316c457347aa001a208a0da
Ubuntu Security Notice USN-3234-1
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-1 - Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
SHA-256 | 5c5e8fa100d4395abf35ee60376533197d5f908f480034af1b0af1c578c3ac34
Ubuntu Security Notice USN-3234-2
Posted Mar 15, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3234-2 - USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10208, CVE-2017-5551
SHA-256 | 3b8a170883b326573977aa700ad8d4416fc9066a89106d450e459a05f114aba1
Microsoft Windows LoadUvsTable() Buffer Overflow
Posted Mar 15, 2017
Authored by Hossein Lotfi

Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2016-7274
SHA-256 | 6c3a2f1a4a9fce3cb5b0969cffc7d3bb342fad7daeefec4c8a8bf5c8ce602491
Readymade Job Site Script 3.0.1 SQL Injection
Posted Mar 15, 2017
Authored by Bilal Kardadou

Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 11b4a25c0f5b8adc6a3ea0def952a909a1edbd314c09e688082c25c68b6da4d2
Attacking RDP - How To Eavesdrop On Poorly Secured RDP Connections
Posted Mar 15, 2017
Authored by Dr. Adrian Vollmer

Whitepaper called Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections.

tags | paper
SHA-256 | 3c51b078f0d29ee8f8f11fe84b643afac24b5da42fb26ebb75e637de90e17d12
Red Hat Security Advisory 2017-0536-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0536-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
SHA-256 | 3af1eb64e5ba3a9b5d81b25a21ebffb1e2f294a7de691d353e4c631ba8ccb8eb
Red Hat Security Advisory 2017-0533-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0533-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 5aac3333ccf258369f447965f1aa956036b7f07ef0922899d13b2fd78fb0d276
Red Hat Security Advisory 2017-0527-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0527-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
SHA-256 | 5563927de693905a07c529e79ed81ecd290e30a393af413dbf50c8b8a15b6dc1
Red Hat Security Advisory 2017-0535-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0535-01 - The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-7545
SHA-256 | 4e9fa9619a220759defb0ea857794e676f954f9e8951e43f7f89e8c7e18dbf58
Red Hat Security Advisory 2017-0532-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0532-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 1cee28b179bf71b3773e779c3e4361174692d0c28b5b4ba27c8cbfbbbb4b420b
Red Hat Security Advisory 2017-0526-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0526-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.127. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
SHA-256 | f4dc41a875733fe867aafc7c260d00ea5866dd4eea8f84d38ece0fdec56c5ad3
Red Hat Security Advisory 2017-0531-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0531-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 4beb4d35a3a4f227be5a4c1d95ae891714b97abaa1a874e66592df077266d3d1
Red Hat Security Advisory 2017-0530-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0530-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix: A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-8786
SHA-256 | 49ff41844ef9cdca3cfe2faaed5e06982346f7330df13c931d593bb39403ad23
Freelancer Script 4.0.1 SQL Injection
Posted Mar 15, 2017
Authored by Bilal Kardadou

Freelancer Script version 4.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | aa47f6171347eea8b9a4af07ba557e35396ce1b05657b58e39f1c19491cbd650
Lynis Auditing Tool 2.4.6
Posted Mar 15, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added FileInstalledByPackage function (dpkg and rpm supported). Mark Arch Linux version as rolling release (instead of unknown). Support for Manjaro Linux. Escape files when testing if they are readable. Code cleanups.
tags | tool, scanner
systems | unix
SHA-256 | 55403a5baea674a412655e8504c2778c4ada5df6d60dc464e462bc8b97b93c8b
USB Pratirodh Insecure Password Storage
Posted Mar 15, 2017
Authored by Sachin Wagh

USB Pratirodh suffers from an insecure password storage vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-6911
SHA-256 | a895986ed36a43033420627029de1148f97cd000832e0dcb6d3ac3ff1708391d
FTPShell Client 6.53 Buffer Overflow
Posted Mar 15, 2017
Authored by N_A, Peter Baris

FTPShell Client version 6.53 buffer overflow exploit written in python.

tags | exploit, overflow, python
advisories | CVE-2017-6465
SHA-256 | ff6879bdce2b467dd1022aca978515606bf36752239275e405d58a892014ac9d
PCAUSA Rawether For Windows Local Privilege Escalation
Posted Mar 15, 2017
Authored by ReWolf

ASUS PCE-AC56 WLAN card utilities (PCAUSA Rawether Windows 10 x64) local privilege escalation exploit.

tags | exploit, local
systems | windows
SHA-256 | 397c569e8c2bd8c3bd6f81e3dc8c7a39a2af39ca0d419c2c79d1e759b6888f66
Joomla Vik Appointments 1.5 SQL Injection
Posted Mar 15, 2017
Authored by Ihsan Sencan

Joomla Vik Appointments component version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9f135f197bbd849839432cade34775c49fedaa7171d4af6be63c1f20aa85f0f8
Joomla Vik Rent Items 1.3 SQL Injection
Posted Mar 15, 2017
Authored by Ihsan Sencan

Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e27f9f079a7a5122dcd876e3b840cf2f3ca3b201d705b2b3fd6d94c12d8974e7
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close