Twenty Year Anniversary
Showing 1 - 25 of 25,858 RSS Feed

Remote Files

Microsoft COM For Windows Improper Serialized Object Handling
Posted Jun 18, 2018
Authored by Code White | Site codewhitesec.blogspot.com

Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.

tags | exploit, remote, web, code execution, proof of concept
systems | windows
advisories | CVE-2018-0624
MD5 | 96f4a2c83114fc51a56f27a6b609fa56
phpMyAdmin 4.x Remote Code Execution
Posted Jun 18, 2018
Authored by Matteo Cantoni, Cure53, Michal AihaA | Site metasploit.com

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

tags | exploit, remote, arbitrary, php
advisories | CVE-2016-5734
MD5 | 40f298aed179561d60e3ea947664bb79
Ubuntu Security Notice USN-3687-1
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233
MD5 | 55bf9fa9e7a0502036a4c6a0c0d90f46
CA Privileged Access Manager 2.x Code Execution
Posted Jun 15, 2018
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-4664, CVE-2015-4665, CVE-2015-4666, CVE-2015-4667, CVE-2015-4668, CVE-2015-4669, CVE-2018-9021, CVE-2018-9022, CVE-2018-9023, CVE-2018-9024, CVE-2018-9025, CVE-2018-9026, CVE-2018-9027, CVE-2018-9028, CVE-2018-9029
MD5 | 8793d6b4fbbc8bb4ec067277c966101b
Gentoo Linux Security Advisory 201806-04
Posted Jun 14, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-4 - Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 0.12.5 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000178, CVE-2018-1000179
MD5 | 91ace9408ba723aeae4ed05c0edaab3a
Joomla Ek Rishta 2.10 SQL Injection
Posted Jun 14, 2018
Authored by Guilherme Assmann

Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12254
MD5 | c9cf00e1bcf138179996aad2f1258826
Gentoo Linux Security Advisory 201806-02
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 30.0.0.113 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-4944, CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
MD5 | 22791d9866b7d08fbdc78e485cbcd7fc
Redaxo CMS Mediapool Arbitrary File Upload
Posted Jun 13, 2018
Authored by h0n1gsp3cht

Redaxo CMS Mediapool add-on versions prior to 5.5.1 suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 2ee9e258e0cbc86d2f56b93a4898abbb
TOR Virtual Network Tunneling Tool 0.3.3.7
Posted Jun 13, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. And as usual, there are numerous other smaller bugfixes, features, and improvements.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 5288d8de30c516073ad13fee44f6fdf3
WordPress Redirection 2.7.3 Remote File Inclusion
Posted Jun 12, 2018
Authored by Glyn Wintle

WordPress Redirection plugin version 2.7.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | ad8fd6f0edda2fb7d07a6e8d56138be6
WordPress WP Google Map 4.0.4 SQL Injection
Posted Jun 12, 2018
Authored by DefenseCode, Neven Biruski

WordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2456732033e558ec555c1b594d000411
WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection
Posted Jun 12, 2018
Authored by DefenseCode, Neven Biruski

WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4147f9e58f55a85f9e33e394450a0f3a
Joomla EkRishta 2.10 SQL Injection
Posted Jun 12, 2018
Authored by Borna Nematzadeh

Joomla EkRishta component version 2.10 suffers from a remote SQL injection vulnerability in the username field.

tags | exploit, remote, sql injection
MD5 | 82d923c4d123057bc23ac8506615a660
VMware Security Advisory 2018-0015
Posted Jun 11, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2018-6968
MD5 | 53f0174658961594f804ce535c307bfc
Joomla Ek Rishta 2.10 SQL Injection
Posted Jun 11, 2018
Authored by 41!kh4224rDz

Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 78cb8cc542cecb8f3d59e370eaf40e86
Event Manager Admin Panel events_new.php SQL Injection
Posted Jun 11, 2018
Authored by telahdihapus

The Event Manager PHP Script admin panel suffers from a remote SQL injection vulnerability in events_new.php.

tags | exploit, remote, php, sql injection
MD5 | 83fb888284b894e89bd607800355654e
WordPress Pie Register Blind SQL Injection
Posted Jun 11, 2018
Authored by Manuel Garcia Cardenas

WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10969
MD5 | 859a1de17d4a60b5e2988304732db6e0
Schools Alert Management Scripts get_sec.php SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12052
MD5 | 047bfac8f40ffe2464f7a8fc57942ef2
Schools Alert Management Script SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12055
MD5 | 3450fb18cbea09fe935a9724b8a4e0f1
libfsntfs 20180420 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

tags | exploit, remote, denial of service, info disclosure
advisories | CVE-2018-11727, CVE-2018-11728, CVE-2018-11729, CVE-2018-11730, CVE-2018-11731
MD5 | 6132da62fdca584c80ea9437df68f9c9
libmobi 0.3 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

tags | exploit, remote, denial of service, overflow, info disclosure
advisories | CVE-2018-11724, CVE-2018-11725, CVE-2018-11726
MD5 | 537e3b6c23c3eea6ae41edbdf93d5eb0
libpff 2018-04-28 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.

tags | exploit, remote, overflow, info disclosure
advisories | CVE-2018-11723
MD5 | 8efc665587cacf8ea6dace06cba8a2a2
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
Posted Jun 8, 2018
Authored by EdTech Secure

The ClassLink OneClick browser extension and the ClassLink Agent are vulnerable to universal cross site scripting and remote code execution.

tags | exploit, remote, code execution, xss
MD5 | e8835af6f7679093a0b4696ac326601b
WordPress Contact Form Maker 1.12.20 XSS / CSRF / SQL Injection
Posted Jun 7, 2018
Authored by DefenseCode, Neven Biruski

WordPress Contact Form Maker plugin versions 1.12.20 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | d08badfbc380bef4839f1e6faaf47b7e
WordPress Form Maker 1.12.24 XSS / CSRF / SQL Injection
Posted Jun 7, 2018
Authored by DefenseCode, Neven Biruski

WordPress Form Maker plugin versions 1.12.24 and below suffer from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 222b8b4c330c800a4f881ec057b14e4f
Page 1 of 1,035
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    14 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close