exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 151 - 175 of 330 RSS Feed

Files Date: 2017-07-01 to 2017-07-31

Debian Security Advisory 3914-1
Posted Jul 18, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3914-1 - memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service, memory disclosure or the execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG files are processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11360, CVE-2017-9439, CVE-2017-9440, CVE-2017-9500, CVE-2017-9501
SHA-256 | 0f034f310d2383ee144c6075970bf32287ef618568e6f3447ec99ae371fb0055
Ubuntu Security Notice USN-3309-2
Posted Jul 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3309-2 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | d2c0c5302f6559086320ecc7ba3af4421baf11d0f0d29206837bd55883c8d012
Barracuda Load Balancer Firmware 6.0.1.006 Remote Root
Posted Jul 18, 2017
Authored by Russell Sanford

Barracuda Load Balancer Firmware versions 6.0.1.006 (2016-08-19) and below post-authentication remote root exploit.

tags | exploit, remote, root
advisories | CVE-2017-6320
SHA-256 | 761cc64c788d41c81b773e2661fb538a8d4516f8a3c77082756bc9a65c69ee93
UFONet 0.9
Posted Jul 18, 2017
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: Added more "Open Redirect" dorks. Added LOIC DoS (non-DDoS) attacks. Added whois resolving. Various other updates.
tags | tool, web, denial of service, spoof
SHA-256 | 518d692e08a8aaf7263a46e0a6bddc36c9affafb51d721a8c41cba13585c9e26
Cisco WebEx GPC Sanitization Bypasses / Command Execution
Posted Jul 18, 2017
Authored by Tavis Ormandy, Google Security Research

Various GPC Sanitization bypasses exist in Cisco WebEx that can permit from arbitrary remote command execution.

tags | exploit, remote, arbitrary
systems | cisco
SHA-256 | 2742e774481d9cd4f1486925a8d6d0f5cd50b3e1c50f16db34aa9fee06887044
Ubuntu Security Notice USN-3354-1
Posted Jul 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3354-1 - Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
SHA-256 | d23b12ba59af204c5cc0a7994cb118dba5276e4918828e26d2221716a8af6b73
Ubuntu Security Notice USN-3274-2
Posted Jul 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3274-2 - USN-3274-1 fixed a vulnerability in icu. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that ICU incorrectly handled certain memory A operations when processing data. If an application using ICU processed A crafted data, a remote attacker could possibly cause it to crash or A potentially execute arbitrary code with the privileges of the user A invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 65f5689b27b022b9425e92be5d0bd4dabc33446115be4104267678813d89a296
Microsoft Internet Explorer 11 CMarkup::DestroySplayTree Memory Corruption
Posted Jul 18, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.

tags | exploit
systems | windows
advisories | CVE-2017-8594
SHA-256 | c58903dd193f7839cd836f12f61a126151db2248cb30e60241e98c8ec782dd43
Red Hat Security Advisory 2017-1766-01
Posted Jul 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1766-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2017-7895
SHA-256 | 088afa5793e91c519ee5f828bba7a17dd003285a0359e717afe5c0c14d329a65
Microsoft Windows Kernel nsiproxy/netio Pool Memory Disclosure
Posted Jul 18, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a nsiproxy/netio pool memory disclosure vulnerability in the handling of IOCTL 0x120007 (NsiGetParameter).

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8564
SHA-256 | 8229d08febcaa9bd8c80abedcecc4b916525c1c1c631b418d8e2c05fc4e24759
Sophos Web Appliance 4.3.0.2 Remote Command Injection
Posted Jul 18, 2017
Authored by Russell Sanford

Sophos Web Appliance version 4.3.0.2 reporting JSON trafficType remote command injection exploit.

tags | exploit, remote, web
advisories | CVE-2017-6182
SHA-256 | b7c8712bb8d62608c24d118744810037b7c47dba41c89048cac2b15b57b84234
Red Hat Security Advisory 2017-1759-01
Posted Jul 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1759-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983
SHA-256 | c15bef609eb1ab913d68d88b4c2dc9457c9749eb8feb7d799a533157a6978ec0
Ubuntu Security Notice USN-3347-2
Posted Jul 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3347-2 - USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot A Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and A Yuval Yarom discovered that Libgcrypt was susceptible to an attack via A side channels. A local attacker could use this attack to recover RSA A private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-7526
SHA-256 | cef9c437283906f956e60f6df98ddc0f810f887f63be10ecd8f7232cf64dd7e6
Hashicorp vagrant-vmware-fusion 4.0.20 Privilege Escalation
Posted Jul 17, 2017
Authored by Mark Wadham

Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-7642
SHA-256 | abdc50db20a101b047974cc99ce3df26fbc159554720c0b62b943a6f559177ef
PEGA Platform 7.2 ML0 Missing Access Control / Cross Site Scripting
Posted Jul 17, 2017
Authored by Daniel Correa

PEGA Platform versions 7.2 ML0 and below suffer from missing access control and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2017-11355, CVE-2017-11356
SHA-256 | 20e1a6dbc16ac5196217cef7e109e692ddfeba3348cfea759557d84256536b9d
DotCMS 4.1.1 Shell Upload
Posted Jul 17, 2017
Authored by Xiaotian Wang

DotCMS version 4.1.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e4c3a573a9e295eb33e393e863f9b9d0de5b31c1e1cab1d466e26029dd1e2363
Orangescrum 1.6.1 File Upload / Cross Site Scripting
Posted Jul 17, 2017
Authored by tomplixsee

Orangescrum version 1.6.1 suffers from cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
SHA-256 | 106418e31fa4cbf360e7471d81c2df8932c71452c44b9ba4675115930b0547d9
Belkin NetCam F7D7601 Remote Command Execution / Hard-Coded Passwords
Posted Jul 17, 2017
Authored by Wadeek

Belkin NetCam F7D7601 suffers from remote command execution, network fingerprinting, and hard-coded password vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 4bd2b5bb8c5fc1891523e53b3179f3ae7e600feacbf458153657ff0e4b2e1524
FTPGetter 5.89.0.85 Buffer Overflow
Posted Jul 17, 2017
Authored by Paul Purcell

FTPGetter version 5.89.0.85 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 4fa92d2f4bc97359cff9f04b584dd37f0cfcc11abec7d9380c43260b85836ec4
Kernel Live Patch Security Notice LSN-0025-1
Posted Jul 16, 2017
Authored by Benjamin M. Romer

Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2016-8632, CVE-2016-9604, CVE-2017-1000364, CVE-2017-2584, CVE-2017-6074, CVE-2017-7346, CVE-2017-7472, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9242
SHA-256 | 91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdf
Easy File Sharing Web Server 7.2 Buffer Overflow
Posted Jul 16, 2017
Authored by N_A

Easy File Sharing Web Server version 7.2 SEH buffer overflow PassWD exploit that spawns a reverse shell.

tags | exploit, web, overflow, shell
SHA-256 | 855626ab8af8fc4fef34a5da9dbdf4eba93dbb924d810fcb1456e7f629fe805e
Blue Team Training Toolkit (BT3) 2.3
Posted Jul 15, 2017
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Maligno module now supports DEBUG and PATCH HTTP methods. Pcapteller module now supports packet payload manipulation. New API commands have been implemented. Update routine now downloads and deploys new BT3 versions automatically. Documentation updates and minor adjustments.
tags | tool, python
systems | unix
SHA-256 | 3bba94b8fd52880d7d3738034de6427eb870fea92f7bb60cd50d54106c946ea2
Windows Browser Example Exploit
Posted Jul 15, 2017
Authored by sinn3r | Site metasploit.com

This template covers IE8/9/10, and uses the user-agent HTTP header to detect the browser version. Please note IE8 and newer may emulate an older IE version in compatibility mode, in that case the module won't be able to detect the browser correctly. This is an example Metasploit module to be used for exploit development.

tags | exploit, web
SHA-256 | 8143adacc68c1de409f678efae5e4cfb85f69d420b14992c225c72b7072d3163
Metasploit Example Exploit
Posted Jul 15, 2017
Authored by skape | Site metasploit.com

This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.

tags | exploit, tcp
SHA-256 | 7080c0e0772da0f83c51df64e3f6e1cc4c7d74a7c1c2265e80261599694e52d2
iSmartAlarm CubeOne Remote Command Execution
Posted Jul 14, 2017
Authored by Ilia Shnaidman

iSmartAlarm CubeOne suffers from a remote command execution vulnerability that allows disabling the alarm and setting it off.

tags | exploit, remote
advisories | CVE-2017-7728
SHA-256 | 4430cd29b879fd0975002c47989434a03744c202fb70efe80eea72dbabd51292
Page 7 of 14
Back56789Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close