exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2021-10-07 to 2021-10-08

Wireshark Analyzer 3.4.9
Posted Oct 7, 2021
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 12 bug fixes. Updated protocol support for AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL, GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE 802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T, NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS Monitoring. New and updated capture file support for CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | c6525e829bd24525ee699aa207ecd27c50646d64263a669671badfb71cd99620
VMware vCenter Server Analytics (CEIP) Service File Upload
Posted Oct 7, 2021
Authored by VMware, Derek Abdine, wvu, Sergey Gerasimov, George Noseevich | Site metasploit.com

This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.

tags | exploit, shell, root, file upload
advisories | CVE-2021-22005
SHA-256 | 036b2591e4ef8beb3558c821f06ea5bf7c27f8226edd7019163d2a719de158ac
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation
Posted Oct 7, 2021
Authored by Brendan Coles, Andy Nguyen, Szymon Janusz | Site metasploit.com

A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through user name space. Kernels up to and including 5.11 are vulnerable.

tags | exploit, denial of service, kernel
systems | linux
advisories | CVE-2021-22555
SHA-256 | 7caefc49d920cc0b0d58e9ad762b7ffbd02e62e1e3225217c8586f8867ea42e8
Ubuntu Security Notice USN-5105-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5105-1 - It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-28473
SHA-256 | e5d7921a9f3cce00a72278d4f2e6e98ea665d137288f18073245a145f13bc6d8
Online Traffic Offense Management System 1.0 SQL Injection
Posted Oct 7, 2021
Authored by Hubert Wojciechowski

Online Traffic Offense Management System version 1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Justin White in August of 2021.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7cc05456c41b598b673942619347e3fd1ef4bb3aec178caa9dc6af5ba949d971
Online Traffic Offense Management System 1.0 Cross Site Scripting
Posted Oct 7, 2021
Authored by Hubert Wojciechowski

Online Traffic Offense Management System version 1.0 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8fe47efe4ae3e273d70f6a28bc37866a5974f0a4d07c32cd8529fa977f8ef09e
Online Traffic Offense Management System 1.0 Shell Upload
Posted Oct 7, 2021
Authored by Hubert Wojciechowski

Online Traffic Offense Management System version 1.0 suffers from multiple remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | f12a952b62540fdd484377f26c5406d160c2eefe9cbf56553111f4570c03f894
Ubuntu Security Notice USN-5106-1
Posted Oct 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5106-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26541, CVE-2021-22543, CVE-2021-3612, CVE-2021-38160, CVE-2021-38199, CVE-2021-41073
SHA-256 | e6f1f8e07840dd321cac128c3e684c8a455cc504df4df29a372d0a536fd65241
Simple Online College Entrance Exam System 1.0 SQL Injection
Posted Oct 7, 2021
Authored by Mevlut Yilmaz

Simple Online College Entrance Exam System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | e94df23eb345d74ed4b60f73281e0e2c812b83cb270e9cec29d0e316cf97b0a2
Online DJ Booking Management System 1.0 Cross Site Scripting
Posted Oct 7, 2021
Authored by Yash Mahajan

Online DJ Booking Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0cfdbe3612aa2104f53abcc359160e8ca7823b8eaada2ed65ef2d8895e9084af
Red Hat Security Advisory 2021-3743-01
Posted Oct 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3743-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2021-41079
SHA-256 | af81190265ca9bed00ca3cfa52cd17dc3d28d5cb3b9e6d99b18f17a484b7b256
Windows/x86 Bind TCP Shellcode
Posted Oct 7, 2021
Authored by h4pp1n3ss

Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.

tags | x86, tcp, shellcode
systems | windows
SHA-256 | 7dd9706d9d60f259d8e6ef790111d2ef99c07abddaae6debfdc64b5c0856ce2f
Google SLO-Generator 2.0.0 Code Execution
Posted Oct 7, 2021
Authored by Kiran Ghimire

Google SLO-Generator versions 2.0.0 and below suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2021-22557
SHA-256 | ef94b5f22ec4aaf3de18b8a4935785e2137c7be8dc066b6be1310c18aab93b6f
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close