Exploit the possiblities
Showing 101 - 125 of 330 RSS Feed

Files Date: 2017-07-01 to 2017-07-31

IPFire proxy.cgi Remote Code Execution
Posted Jul 22, 2017
Authored by h00die, 0x09AL | Site metasploit.com

IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.

tags | exploit, remote, cgi
systems | linux
MD5 | 1f8ebd286acb009b1e30960495f5b74d
VICIdial user_authorization Unauthenticated Command Execution
Posted Jul 22, 2017
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.

tags | exploit, web, arbitrary
systems | linux, centos
MD5 | 97f5f8a82932db45a47b13397a65ccd6
Metasploit RPC Console Command Execution
Posted Jul 22, 2017
Authored by Brendan Coles | Site metasploit.com

This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.

tags | exploit
systems | windows, 7
MD5 | b76c5685a0298b752e8aaaf4f214e190
Hydra Network Logon Cracker 8.6
Posted Jul 22, 2017
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added radmin2 module by catatonic prime. SMB module now checks if SMBv1 is supported by the server and if signing is required. http-form module now supports URLs up to 6000 bytes. Various other updates.
tags | tool, web, imap
systems | cisco, unix
MD5 | 5d909cfea627a1f2482b82dfbd64956c
PeopleSoft ToolsRelease 8.55.03 / ToolsReleaseDB 8.55 / HCM 9.2 XSS
Posted Jul 21, 2017
Authored by Dmitri Iudin

PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-10106
MD5 | 8a037c93fb00af442cd3d7d4c290d773
Gentoo Linux Security Advisory 201707-15
Posted Jul 21, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201707-15 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 26.0.0.137 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3080, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084, CVE-2017-3099, CVE-2017-3100
MD5 | 45afa64a6b1c6faf4e76710b92a00baa
Oracle Integration Gateway Directory Traversal
Posted Jul 21, 2017
Authored by Roman Shalymov

Oracle Integration Gateway (PSIGW) suffers from a directory traversal vulnerability.

tags | advisory
advisories | CVE-2017-10061
MD5 | 157f2e94c68b0332b6f1abb341ac5a1d
Oracle Integration Gateway File Upload
Posted Jul 21, 2017
Authored by Roman Shalymov

Oracle Integration Gateway (PSIGW) suffers from a file upload vulnerability.

tags | advisory, file upload
advisories | CVE-2017-10061
MD5 | 05111597345e47ce58d04e720fa33522
Televes COAXDATA GATEWAY 1Gbps Access Bypass / Information Disclosure
Posted Jul 21, 2017
Authored by Pedro Andujar

Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2017-6530, CVE-2017-6531, CVE-2017-6532
MD5 | 11e5fce5fce1522aabed9b6b047e5214
Ubuntu Security Notice USN-3361-1
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-1350, CVE-2016-10208, CVE-2016-8405, CVE-2016-8636, CVE-2016-9083, CVE-2016-9084, CVE-2016-9191, CVE-2016-9604, CVE-2016-9755, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596, CVE-2017-2618, CVE-2017-2671, CVE-2017-5546, CVE-2017-5549, CVE-2017-5550, CVE-2017-5551, CVE-2017-5576, CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348
MD5 | 2a81ab5a406b26495cf15b17d009be23
Ubuntu Security Notice USN-3360-1
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9605
MD5 | 4b837ac472f4020e28f8436305442660
NEC Universe UM4730 SQL Injection
Posted Jul 21, 2017
Authored by b0x41s

NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bd6afe493c6cb60bbef4cc206749064a
Samsung Trustonic Trustlet Revocation
Posted Jul 21, 2017
Authored by Google Security Research, laginimaineb

Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.

tags | exploit
MD5 | 9c01feb9f591e95fb6fa6abb1652bfcc
Apple Security Advisory 2017-07-19-7
Posted Jul 21, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | windows, apple
advisories | CVE-2017-7010, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064
MD5 | 4f380c77e8e99020d7e7e86a74e6ebae
Apple Security Advisory 2017-07-19-6
Posted Jul 21, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.

tags | advisory, vulnerability, code execution, info disclosure
systems | apple
advisories | CVE-2017-7010, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7053, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064
MD5 | fff71b887019a0188bc4405b1923235d
Ubuntu Security Notice USN-3360-2
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9605
MD5 | a52c36d22ff0b5f4c7d35c0b403f353c
Apple Security Advisory 2017-07-19-5
Posted Jul 21, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7060, CVE-2017-7061, CVE-2017-7064
MD5 | 1ed95c0427dc5589003399ef7858d3bd
Virtual Postage (VPA) 1.0 Man-In-The-Middle / Code Execution
Posted Jul 21, 2017
Authored by MaXe

Virtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.

tags | exploit, remote, code execution
MD5 | 8369a81037615f726ea8562ceb9f8e70
SKILLS.com.au Industry App 1.0 Man-In-The-Middle / Code Execution
Posted Jul 21, 2017
Authored by MaXe

SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.

tags | exploit, remote, code execution
MD5 | 4fd64fa016fa5e25eb328a8cf4cbe71d
Apple Security Advisory 2017-07-19-4
Posted Jul 20, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2017-7006, CVE-2017-7008, CVE-2017-7009, CVE-2017-7010, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7022, CVE-2017-7023, CVE-2017-7024, CVE-2017-7025, CVE-2017-7026, CVE-2017-7027, CVE-2017-7028, CVE-2017-7029, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7047, CVE-2017-7048
MD5 | 4f066bec91e8241104ce852a7eb1146a
Ubuntu Security Notice USN-3359-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2016-9755, CVE-2017-1000380, CVE-2017-5551, CVE-2017-5576, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9150, CVE-2017-9605
MD5 | ac5a8bf8e487737dba8522c164aac232
HP Security Bulletin HPESBHF03766 1
Posted Jul 20, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158
MD5 | a39834881c545886ee1c449eb45b4cbf
Ubuntu Security Notice USN-3358-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
MD5 | e382e603da4aed5892b8ad16c64fa4a4
Red Hat Security Advisory 2017-1793-01
Posted Jul 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1793-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
MD5 | 4822b464ddf29f50a5fb05360d0cbf68
Apple Security Advisory 2017-07-19-2
Posted Jul 20, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2016-9586, CVE-2016-9594, CVE-2017-2629, CVE-2017-7008, CVE-2017-7009, CVE-2017-7010, CVE-2017-7013, CVE-2017-7014, CVE-2017-7015, CVE-2017-7016, CVE-2017-7017, CVE-2017-7021, CVE-2017-7022, CVE-2017-7023, CVE-2017-7024, CVE-2017-7025, CVE-2017-7026, CVE-2017-7027, CVE-2017-7028, CVE-2017-7029, CVE-2017-7031, CVE-2017-7032, CVE-2017-7033, CVE-2017-7035, CVE-2017-7036, CVE-2017-7044, CVE-2017-7045, CVE-2017-7047
MD5 | ab1fccb72cc38d3e81f21dd4540e1ae3
Page 5 of 14
Back34567Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close