exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2017-04-11 to 2017-04-12

Proxifier 2.18 Privilege Escalation / Code Execution
Posted Apr 11, 2017
Authored by Mark Wadham

Proxifier versions 2.18 and below ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and unload Proxifier's kernel extension. Unfortunately it does this by taking the first parameter passed to it on the commandline without any sanitisation and feeding it straight into system().

tags | exploit, kernel, root
advisories | CVE-2017-7643
SHA-256 | 9b8b34ade86fd0c30d6b7d8dfaf9fb267c4e58b5f840ccbd7c58c08f2342b5d9
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
SHA-256 | 5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdb
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7b
MyBB Directory Traversal
Posted Apr 11, 2017
Authored by Zhiyang Zeng

MyBB versions prior to 1.8.11 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 2800e771288cf2cacb401edb2fc5db5ae36871ccdbb03a53d324615a45235bd8
MyBB Cross Site Scripting
Posted Apr 11, 2017
Authored by Zhiyang Zeng

MyBB versions prior to 1.8.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2da0a4bc186bc4a699d01b0ef48a56f834e02a8692ab2071e9b81feeb22ffd33
s9y Serendipity Cross Site Request Forgery
Posted Apr 11, 2017
Authored by Zhiyang Zeng

s9y Serendipity versions prior to 2.0.5 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5e210ab8f2a8599541adda6e8f1c32a12896822aaf6623805ad8f1d68692e912
Red Hat Security Advisory 2017-0893-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0893-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-2668
SHA-256 | 1cf3521d40c40aa900b61d5fdfbd8d368230d36dbb863c56e7fa8fd59a2013b0
Red Hat Security Advisory 2017-0892-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0892-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-7910, CVE-2017-2636
SHA-256 | 461ae7c457de3804b797938ceca8ec594debd203b4f0a5e49c915644c3bb8f64
Ubuntu Security Notice USN-3258-2
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-2 - USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
SHA-256 | aeb7eb5a4c7e0c1d570d72040645a8653b06cc2f415273328b2ef5fddc33d78f
Red Hat Security Advisory 2017-0901-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0901-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
SHA-256 | cd40269a02186df1fd0679bd55cd433d2d058a6637af379efa53325ae7966649
Quest Privilege Manager 6.0.0 Arbitrary File Write
Posted Apr 11, 2017
Authored by m0t

Quest Privilege Manager version 6.0.0 suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
advisories | CVE-2017-6554
SHA-256 | c105fe5f3d2af0a5993208f8e5571fe0cf5f6fe72b82e33378b24683ae6fd349
Adobe XML Injection File Content Disclosure
Posted Apr 11, 2017
Authored by Thomas Sluyter

Multiple Adobe products suffer from an XML injection file content disclosure vulnerability.

tags | exploit, xxe
advisories | CVE-2009-3960
SHA-256 | bc7c48aaa4045bdb779952a1b33e82e0199dc082febb739ac980241f0f5feaee
Social Directory Script 2.0 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

Social Directory Script version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 799b740ba35742aebcd4269cc463f8c469c6abdc9930c3715c04c8e7a730356f
Classified Portal Software 5.1 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

Classified Portal Software version 5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 242b47d2e17fc2ce5686097e242225cf23c3a5885c9bfd04a8f0d34434808c19
Microsoft Security Bulletin Summary For April, 2017
Posted Apr 11, 2017
Site microsoft.com

This bulletin summary lists 59 critical and 18 important security bulletins for April, 2017.

tags | advisory
SHA-256 | 11c034eb59836a35b181b4b972c40093a22abd4a213ad9161a0687df550e75c7
Microsoft Office OneNote 2007 DLL Hijacking
Posted Apr 11, 2017
Authored by Yorick Koster, Securify B.V.

Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 92ffa7b1c72b8b00b7d451ccb6b8cdfe74e1354ccb747dd69a8f8d17fd7b77bf
Microsoft Security Bulletin Revision Increment For April, 2017
Posted Apr 11, 2017
Site microsoft.com

This bulletin summary lists six bulletins that have undergone a major revision increment.

tags | advisory
SHA-256 | 2aba90eae6e7d5b6f263b6a0f7f510d725c53ee4687c1d3abe29d742e2cb7976
FAQ Script 3.1.3 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

FAQ Script version 3.1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f72d7390c16332eb4a411ec2cf1a2f49f4ac1bd78e1e5f587c57a6f93ae0dcc2
Ubuntu Security Notice USN-3257-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3257-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468
SHA-256 | cf093dbe9d28c2da54857b225f129940736f62bb4316b79000fc51f6f1eef93f
Ubuntu Security Notice USN-3258-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-1 - It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
SHA-256 | 5101ff0e70771f14628412493ecbd468dc95e9c6bd6f142a841f86cabb362f8b
Gentoo Linux Security Advisory 201704-03
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-3 - Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7953, CVE-2017-2624, CVE-2017-2625, CVE-2017-2626
SHA-256 | b651dfb5c88b536bb774bed091405ef39ff35e25a8d671b35af02c5805d32f09
Gentoo Linux Security Advisory 201704-02
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-2 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 57.0.2987.133 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056
SHA-256 | 04bbd35f989c026d0f953f9c4a0b96398bd93e50635ba4e7f589626556f8188b
Gentoo Linux Security Advisory 201704-01
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.8.0-r9 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2016-9602, CVE-2017-2620, CVE-2017-2630, CVE-2017-5973, CVE-2017-5987, CVE-2017-6058, CVE-2017-6505
SHA-256 | 3b251d7fac89e4f118e27fdfd02cda9e0c9a3ccfea63de553eaac89d342ab135
Slackware Security Advisory - libtiff Updates
Posted Apr 11, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libtiff packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8127, CVE-2015-8665, CVE-2015-8683, CVE-2016-3622, CVE-2016-3623, CVE-2016-3658, CVE-2016-5321, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-9273, CVE-2016-9448
SHA-256 | 9cf5da033c9d3df83f2a230c8da0e0b785bda7f3ef408760cb96a8c808598605
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close