Exploit the possiblities
Showing 1 - 25 of 99,342 RSS Feed

Files

OpenStego Free Steganography Solution 0.7.2
Posted Dec 17, 2017
Authored by Samir Vaidya | Site github.com

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).

Changes: Added support for Java 9. Removed DES algorithm as it is not secure.
tags | tool, java, encryption, steganography
MD5 | 7a2a8c3ba0a8fd35a399fd19ac42d1f1
Telegram Messenger For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.

tags | exploit, java, remote
MD5 | 1d4fa9a377be38dd028f42d795557548
Outlook For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.

tags | exploit
MD5 | e8ab0a54dab1528a6ee7935cbb5ea74f
WordPress Placemarks 2.0.0 Cross Site Scripting
Posted Dec 17, 2017
Authored by Ricardo Sanchez

WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | dcddac88c93e5de84968e542060ade62
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
Posted Dec 17, 2017
Authored by Ricardo Sanchez

WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | fac5b4c598ce59a6693be082fb980570
Red Hat Security Advisory 2017-3477-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
MD5 | c060ac568692c5a625232ab20b67a36e
Red Hat Security Advisory 2017-3476-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
MD5 | 2998dd842722e8dccbccecc95efc81bf
Red Hat Security Advisory 2017-3475-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
MD5 | 4ef23340919b51fe7aeb084c433c2e50
Zoom Linux Client 2.0.106600.0904 Command Injection
Posted Dec 17, 2017
Authored by Gabriel Quadros, Ricardo Silva

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.

tags | exploit, shell
advisories | CVE-2017-15049
MD5 | b1610cc8b8b53e184b45604c8ea0a748
Zoom Linux Client 2.0.106600.0904 Buffer Overflow
Posted Dec 17, 2017
Authored by Gabriel Quadros, Ricardo Silva

The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.

tags | exploit, overflow
advisories | CVE-2017-15048
MD5 | 9c282268489e6e04f77a053bf37dcd41
Monstra CMS 3.0.4 Remote Shell Upload
Posted Dec 17, 2017
Authored by Ishaq Mohammed

Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
MD5 | 232ceeef3d1b599e0679a64c3c4ba7f7
VLC 2.2.8 MP4 Demux Type Conversion
Posted Dec 17, 2017
Authored by Hans Jerry Illikainen

VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.

tags | advisory
advisories | CVE-2017-17670
MD5 | cf057fee125060c0d8ad64d644290c54
nsd Format String
Posted Dec 17, 2017
Authored by bashis

The nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.

tags | exploit
MD5 | 7025cf28e89742c26e1eb46a9376aa47
Apple Security Advisory 2017-12-13-6
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-6 - iOS 11.2 addresses issues relating to interception, memory corruption, and more. This advisory provides additional information for APPLE-SA-2017-12-6-2.

tags | advisory
systems | apple, ios
advisories | CVE-2017-13080, CVE-2017-13833, CVE-2017-13847, CVE-2017-13855, CVE-2017-13856, CVE-2017-13860, CVE-2017-13861, CVE-2017-13862, CVE-2017-13865, CVE-2017-13866, CVE-2017-13867, CVE-2017-13868, CVE-2017-13869, CVE-2017-13870, CVE-2017-13874, CVE-2017-13876, CVE-2017-13879, CVE-2017-2433, CVE-2017-7156, CVE-2017-7157
MD5 | 0a229b7e892cdfb7fc2ff4e89c6e0803
Apple Security Advisory 2017-12-13-4
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 954cddeb76ad1d345aff418d5cf66c6d
Apple Security Advisory 2017-12-13-3
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple, 7
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 4a311c787e7cbdff236c940b272c076a
Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
Bus Booking Script 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17645
MD5 | 1a5d06ca50412d3ea1618cf7e571f4ad
FS Lynda Clone 1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

FS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17643
MD5 | 93b52c246755254ff7aa57b5c5d0ed1a
Movie Guide 2.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fa1fcffffe6c7f17040a8f614cf5f4cc
Piwigo 2.9.1 SQL Injection
Posted Dec 15, 2017
Authored by Akityo

Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-10682
MD5 | 7dcb87848320df6b3827d114d752b690
Paid To Read Script 2.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Paid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17651
MD5 | 545bfdb1f82a68e71a7cad4dc9bd9a1f
Readymade Video Sharing Script 3.2 HTML Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.

tags | exploit, xss
advisories | CVE-2017-17649
MD5 | 9f828121974beff69a49a0bc657533bf
Joomla! JEXTN Video Gallery 3.0.5 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b9e24f7c25d109c4e2090e8221cc0cd0
Joomla! JEXTN Question And Answer 3.1.0 SQL Injection
Posted Dec 15, 2017
Authored by Ihsan Sencan

Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5d9a350f41b12d85b1e0616b9a338e0d
Page 1 of 3,974
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close