exploit the possibilities
Showing 1 - 25 of 37 RSS Feed

Files

AlienVault USM 5.4.2 Cross Site Request Forgery
Posted Oct 14, 2017
Authored by Julien Ahrens | Site rcesecurity.com

AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-14956
MD5 | 6e771ba0baa2d865a2bac29ab5c0ceb6

Related Files

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Posted Apr 24, 2020
Authored by LiquidWorm | Site zeroscience.mk

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.

tags | exploit, java, remote, code execution
advisories | CVE-2020-12133
MD5 | 6bdde55e22751554fa630c47df38d1df
Ubiquiti UniFi Video 3.7.3 (Windows) Local Privilege Escalation
Posted Dec 24, 2017
Authored by Julien Ahrens | Site rcesecurity.com

Ubiquiti UniFi Video version 3.7.3 (Windows) suffers from a local privilege escalation vulnerability due to insecure directory permissions.

tags | exploit, local
systems | windows
advisories | CVE-2016-6914
MD5 | a82e1d218ea5e2d055d53ff0277ba737
Check_mk 1.2.8p25 save_users() Race Condition
Posted Oct 19, 2017
Authored by Julien Ahrens | Site rcesecurity.com

Check_mk versions 1.2.8p25 and below suffer from a save_users() race condition that leads to sensitive information disclosure.

tags | exploit, info disclosure
advisories | CVE-2017-14955
MD5 | 20c85c9a771f1de93e046c52df63537c
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
Posted Jul 10, 2017
Authored by Paul Taylor

NfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2017-6971
MD5 | a5c06ecae8b80e27d7f7876e20f6c2d1
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.6 Local Root
Posted Jul 10, 2017
Authored by Paul Taylor

NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-6970
MD5 | 787b269cad22ea86e1c32d8ac3022b2f
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
Posted Apr 14, 2017
Authored by temp66, Peter Lapp | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

tags | exploit, root
MD5 | 413042fd957df44a71d9726279afac56
Alienvault OSSIM / USM 5.3.0 Authentication Bypass
Posted Mar 7, 2017
Authored by Peter Lapp

Alienvault OSSIM / USM versions 5.3.0 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-7955
MD5 | 54264ef41a3e80682e8714812d435491
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
MD5 | c403c0d00272c2fb94d0906435878b17
Mattermost 3.5.0 / 3.5.1 Cross Site Scripting
Posted Jan 19, 2017
Authored by Julien Ahrens | Site rcesecurity.com

Mattermost versions 3.5.0 and 3.5.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b386c063a6b1b10c1dad2ed59478e51a
Atlassian Confluence AppFusions Doxygen 1.3.x Cross Site Scripting
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 40298284e37d5c11bfd9c7e6a26fe36f
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen versions 1.3.0, 1.3.1, 1.3.2, and 1.3.3 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
MD5 | bc1d0ec9781d4efabfe8c2e3134f68fb
Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal
Posted Nov 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Atlassian Confluence AppFusions Doxygen version 1.3.0 suffers from a path traversal vulnerability.

tags | exploit
MD5 | 4e2b79e03f74cde41848df22952ee7ce
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
MD5 | 7a66ece0e3bc3a94254de8614fc0971a
Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8581
MD5 | 2a00eb0ce24a7ecf6bca9965be4ae666
Alienvault OSSIM/USM 5.3.1 SQL Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-8582
MD5 | 42bd18cecc00b69762f03ef776abc3a4
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8583
MD5 | 8b92c689b73f90fd9c7c8d094983d02f
XenForo ToggleME 3.1.2 Cross Site Scripting
Posted Sep 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

XenForo ToggleME version 3.1.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 66b9ae98b3625528c90cfaf047dd623e
AlienVault USM/OSSIM 5.2 Cross Site Scripting
Posted Aug 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

AlienVault USM/OSSIM version 5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-6913
MD5 | 607c890e637df1fffca03228952de5fe
Apache Archiva 1.3.9 Cross Site Scripting
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-5005
MD5 | 49af5bfe6cafae1122d621ea5294c340
Apache Archiva 1.3.9 Cross Site Request Forgery
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-4469
MD5 | bb5f2cae376e13ae271a747583391445
XenAPI For XenForo 1.4.1 SQL Injection
Posted May 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec6653535f15715683fb23b54a289bdb
Postfix Admin 2.93 Cross Site Request Forgery
Posted May 21, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Postfix Admin version 2.93 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 0aa6277ff6f2f8a1e8b41cee4ae3b9a2
Apache Tomcat Security Manager StatusManagerServlet Bypass
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

The StatusManagerServlet could be loaded by a web application when a security manager was configured. This servlet would then provide the web application with a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. This could have exposed sensitive information from other web applications such as session IDs to the web application. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web
advisories | CVE-2016-0706
MD5 | 11b7b49d8b9c8b774f372a62458eb542
FreeBSD Security Advisory - FreeBSD-SA-16:06.bsnmpd
Posted Jan 15, 2016
Authored by Pierre Kim

FreeBSD Security Advisory - The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the bsnmpd configuration file, /etc/bsnmpd.conf, is weak and does not provide adequate protection against local unprivileged users. A local user may be able to read the shared secret, if configured and used by the system administrator.

tags | advisory, local, protocol
systems | freebsd
advisories | CVE-2015-5677
MD5 | fc7515d3e9f8630afb77d28bd7a61646
Ubuntu Security Notice USN-2618-1
Posted May 21, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2618-1 - It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2015-1326
MD5 | 9f0590401ef7f51ba78eed2f115cc217
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close