exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 44 of 44 RSS Feed

Files Date: 2018-01-11 to 2018-01-12

Parity 1.6.10 Same Origin Policy Bypass
Posted Jan 11, 2018
Authored by tintinweb

Parity versions 1.6.10 (stable) and below suffer from a same origin policy bypass vulnerability via a webproxy token reuse issue.

tags | exploit, bypass
advisories | CVE-2017-18016
SHA-256 | cbddfe13da39782b4f2a55b0f67f4f553e193db2a3a9f6177092af6bbd8ca0e4
beVX Offensive Security Conference 2018 Call For Papers
Posted Jan 11, 2018
Authored by beVX CFP | Site bevxcon.com

beVX! has announced its call for papers. It will take place September 20th through the 21st, 2018 in Hong Kong.

tags | paper, conference
SHA-256 | bec537f06a7424b170bd86c02dc04456f73a802ff1e9996a480384813b13b111
Sangoma NetBorder / Vega Session Controller Remote Command Execution
Posted Jan 11, 2018
Authored by Appsecco Security Team | Site appsecco.com

Sangoma NetBorder / Vega Session Controller versions prior to 2.3.12-80-GA allows remote unauthenticated attackers to execute arbitrary commands via the web interface.

tags | exploit, remote, web, arbitrary
SHA-256 | 23b396713d3f48935304fe0c1474d19546d2999488112fed51d423e48f2e36ba
Handy Password 4.9.3 Buffer Overflow
Posted Jan 11, 2018
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence ADV-12/2018 - A buffer overflow in Handy Password version 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.

tags | advisory, remote, overflow, arbitrary
SHA-256 | db96f47d41838f40dfa6cda2444fb26a4a9d7ba6c7446485d9dce39966d6cd9b
WordPress Download Manager 2.9.60 Cross Site Request Forgery
Posted Jan 11, 2018
Authored by Panagiotis Vagenas

WordPress Download Manager plugin version 2.9.60 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4ce02012a6774d62185b5146047e6e9eededc9dd500bb9ee967db1472a6520b7
Ubuntu Security Notice USN-3526-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3526-1 - It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-12173
SHA-256 | b7922c4a9c676f88b0fe0cc2f64efa4fa7aa679e609d7ddd641dc4c26ac2454a
Ubuntu Security Notice USN-3525-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3525-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5754
SHA-256 | 6df80ee083282a9b59ef3b2427c3ebf021045160375212d96571d8fbc9d776a4
Ubuntu Security Notice USN-3524-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3524-2 - USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5754
SHA-256 | ca0ab7e170b499669e6ab21c6335229631f0f00144a96ee60e278ff4af08ab61
HPE Security Bulletin HPESBHF03805 4
Posted Jan 11, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03805 4 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 4 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | ac94c929c6e22558b91eb5ae898ace99f9e34456a07421d2c7647bf7ff3519cd
Nuit Du Hack 2018 Call For Papers
Posted Jan 11, 2018
Authored by Nuit Du Hack

The Nuit Du Hack Call For Papers for 2018 has been announced. It will be held June 30th through July 1st, 2018 in Paris, France.

tags | paper, conference
SHA-256 | d7b29ca6ca10b8a3fe67770743a67b5dfb997969cc320f56bc496b969042bed3
DiskBoss Enterprise 8.8.16 Buffer Overflow
Posted Jan 11, 2018
Authored by Arris Huijgen

DiskBoss Enterprise version 8.8.16 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-5262
SHA-256 | e914c2a3688425307771b9bceec2610fdfa9980984dec67d4da419843b118793
WordPress Service Finder Booking Local File Disclosure
Posted Jan 11, 2018
Authored by telahdihapus

WordPress Service Finder Booking plugin versions prior to 3.2 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 2f783b7627e401cd58c5d554ccc0889ab631b7fba1ee89ee6e4be091445d8f69
Android Hardware Service Manager Arbitrary Service Replacement
Posted Jan 11, 2018
Authored by Google Security Research, laginimaineb

Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.

tags | exploit, arbitrary
advisories | CVE-2017-13209
SHA-256 | f3c654241f72f6831aeb0f59add58d0444e58c9b772cb063afceb130c32cf237
WordPress Events Calendar 1.0 SQL Injection
Posted Jan 11, 2018
Authored by Dennis Veninga

WordPress Events Calendar plugin version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5315
SHA-256 | 075d02d328e0f3d7b1838fb18cd6e352f701cfc53d7a11cf0650fcdbfa6973ad
Muviko 1.1 SQL Injection
Posted Jan 11, 2018
Authored by Ahmad Mahfouz

Muviko version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17970
SHA-256 | 8b1b612d8b14afe0aee6280bb49e03b74dda09f091420e19d3aaa5181780ac6d
WebKitGTK+ Speculative Execution Issues
Posted Jan 11, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ versions before 2.18.5 suffer from various CPU issues. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis.

tags | advisory
advisories | CVE-2017-5753
SHA-256 | 43c0fb7f7af52d9932f66c052acb43b9fd23bbf87445e293c5c55aeb7464f02c
Microsoft Edge Chakra JIT Missing Integer Overflow Check
Posted Jan 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a missing integer overflow check in Lowerer::LowerSetConcatStrMultiItem.

tags | exploit, overflow
advisories | CVE-2018-0758
SHA-256 | 228fb8eccde76bcdb76fa5519ebb01ea7dcc1657dfc57e85ceb5485b7c3cfc13
Linux/x86 execve(/bin/sh) Polymorphic Shellcode
Posted Jan 11, 2018
Authored by Debashis Pal

53 bytes small Linux/x86 execve(/bin/sh) polymorphic shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | efb10e1d3784559bfe33bd989b5dc61d8435daba2c91da1483c13af2d0e9765b
Polygonize PC 1.1 Remote Command Execution
Posted Jan 11, 2018
Authored by indoushka

Polygonize PC version 1.1 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | bc7b18c1d116b956ac3140448604dbacfb3b5fd10e968f8c0ab543e1357466b6
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close