what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2018-11-01 to 2018-11-02

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection
Posted Nov 1, 2018
Authored by LiquidWorm | Site zeroscience.mk

CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. Upon importing, the application will launch Excel program and execute the malicious macro formula.

tags | exploit, arbitrary
SHA-256 | 9934935bc5349b6cebbf4d3fe113a6d562530ce82af94be3a16bcc6ed7017ad7
Slackware Security Advisory - curl Updates
Posted Nov 1, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
SHA-256 | 65f4dbc81ad891a30f90da807afd6698f33572afbe3c1ad0ca72642554585a0e
Google Cardboard Android / iOS Applications Information Disclosure
Posted Nov 1, 2018
Authored by David Coomber | Site info-sec.ca

The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).

tags | advisory, info disclosure
systems | ios
SHA-256 | 42361a507af264ec429f830956d8abdd01925163d38d47dcc127b1fc891edff6
Sourcetree Git Arbitrary Code Execution
Posted Nov 1, 2018
Authored by Atlassian, Terry Zhang

An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version 1.02b before version 3.0.0 are affected by this vulnerability. Versions of Sourcetree for Windows starting with version 0.5.1.0 before version 3.0.0 are affected by this vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2018-13396, CVE-2018-13397
SHA-256 | 32eacd269abd3e89eabbc766ac7946e1762c239c4e1ea7feaf37f59de4e0886f
Brava! Enterprise / Server 16.4 Information Disclosure
Posted Nov 1, 2018
Authored by Luke Bailiff

Brava! Enterprise and Server components versions 7.5 through 16.4 suffer from a sensitive data exposure vulnerability due to weak permissions.

tags | exploit, info disclosure
SHA-256 | 22ddcecdf678369fce4fd0eec120348fb5cd6c405de17d297ede0c2e352fb5d9
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 1, 2018
Authored by Hakan Bayir

Zoho ManageEngine OpManager version 12.3 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-18715, CVE-2018-18716
SHA-256 | dd397fed4163fc8d8337bb0cec0c033bc8a073e6bddfd2ea65f12472b4f23b18
Packet Storm New Exploits For October, 2018
Posted Nov 1, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 252 exploits added to Packet Storm in October, 2018.

tags | exploit
SHA-256 | 2cdfde44988447d6cb183dd741826624e1b294f18ab4e409ef6ca5f2240763c8
Artha The Open Thesaurus 1.0.3.0 Denial Of Service
Posted Nov 1, 2018
Authored by Ihsan Sencan

Artha The Open Thesaurus version 1.0.3.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 4cf7eda53e72ff722cef8e3b66039584bc650f6cee02f93e1b4c7e096f65dc11
WebDrive 18.00.5057 Denial Of Service
Posted Nov 1, 2018
Authored by Victor Mondragon

WebDrive version 18.00.5057 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 0f647243a7a443c8d4ebfdf161b9b82a659bb854d5df8201be399f82f4804f4f
Arm Whois 3.11 Denial Of Service
Posted Nov 1, 2018
Authored by Yair Rodriguez Aparicio

Arm Whois version 3.11 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a07509b584c200cf3ce7ed1d55d762c4cd6c02aff98ce2b08e7bb8de57adcd53
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close