Twenty Year Anniversary
Showing 1 - 25 of 25,675 RSS Feed

Remote Files

ASUS infosvr Authentication Bypass Command Execution
Posted Apr 21, 2018
Authored by jduck, Friedrich Postelstorfer | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.

tags | exploit, remote, arbitrary, shell, root, udp, bypass
advisories | CVE-2014-9583
MD5 | 0b841685aaa09cefb0a9621293d64a94
DrayTek VigorACS 2 Unsafe Flex AMF Java Object Deserialization
Posted Apr 20, 2018
Authored by Pedro Ribeiro

DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.

tags | exploit, java, remote, root, code execution
advisories | CVE-2017-5641
MD5 | 4c7d83cfec04d1724b9d118fb3cd42e1
Ubuntu Security Notice USN-3627-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3627-1 - Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | e5a14b1abfb9798d648d23b33ff3cbf9
Gentoo Linux Security Advisory 201804-14
Posted Apr 18, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-14 - A vulnerability has been found in GDK-PixBuf that may allow a remote attacker to execute arbitrary code. Versions less than 2.36.11 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-1000422
MD5 | 12b164a736c8175bbc176525b0cc91de
Gentoo Linux Security Advisory 201804-13
Posted Apr 18, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-13 - Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.1:0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113, CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734, CVE-2017-16879
MD5 | 097b2e0569db9b85784f2eaea36519c1
MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection
Posted Apr 18, 2018
Authored by Keerati T.

MySQL Squid Access Report version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 57dcbbb92acfac828907d96c7d9bebee
Digital Guardian Management Console 7.1.2.0015 Shell Upload
Posted Apr 18, 2018
Authored by Pawel Gocyla

Digital Guardian Management Console version 7.1.2.0015 suffers from a shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
advisories | CVE-2018-10173
MD5 | 8bc838600cd56915e5e0d27198d67ab7
Drupalgeddon2 Drupal Remote Code Execution
Posted Apr 17, 2018
Authored by Vitalii Rudnykh, Hans Topo, Jose Ignacio Rojo | Site metasploit.com

Drupal versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

tags | exploit, remote, arbitrary
advisories | CVE-2018-7600
MD5 | 66382ddb8e7fd5b87644e31931eae7f4
Gentoo Linux Security Advisory 201804-12
Posted Apr 16, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-12 - A vulnerability in Go allows remote attackers to execute arbitrary commands. Versions less than 1.10.1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-7187
MD5 | 0edf2beb818b1ab668513ccadfce1960
Cobub Razor 0.8.0 SQL Injection
Posted Apr 16, 2018
Authored by Kyhvedn

Cobub Razor version 0.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-8057
MD5 | 838b3208a330ca5ac05c059a455fca7c
Barco ClickShare CSE-200 Denial Of Service
Posted Apr 16, 2018
Authored by Florian Hauser

Barco ClickShare CSE-200 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | a23760a388207cd064b98e86487e6738
Drupal Drupalgeddon2 Remote Code Execution Ruby Port
Posted Apr 13, 2018
Authored by Hans Topo

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.

tags | exploit, remote, code execution, proof of concept, ruby
advisories | CVE-2018-7600
MD5 | 4d773afb5cb3f718d378c710534bcb27
Drupal Drupalgeddon2 Remote Code Execution
Posted Apr 13, 2018
Authored by Vitalii Rudnykh

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-7600
MD5 | b2dc76bf877508945ce84372e88f3422
Red Hat Security Advisory 2018-1124-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 6c29bd8920e932bf2417c581e66348d1
Red Hat Security Advisory 2018-1125-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 54614beb604eb237c15e09e7ad7f4c48
IMP XForm 2.0 DatalifeEngine SQL Injection
Posted Apr 12, 2018
Authored by Hesam Bazvand

The IMP XForm version 2.0 DatalifeEngine module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8cc5797d2b3c75cb09d1c36bd0f02b5f
Gentoo Linux Security Advisory 201804-11
Posted Apr 11, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-11 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 29.0.0.140 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
MD5 | cf461d763ae7e6fa274acb76f6287399
Relevanssi 3.5.12 / 3.6.0 SQL Injection
Posted Apr 11, 2018
Authored by Glyn Wintle

Relevanssi versions 3.5.12 and 3.6.0 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 410a758b0c586d1e5043901f4f2ce80d
Dell EMC Avamar And Integrated Data Protection Appliance Invalid Access Control
Posted Apr 10, 2018
Authored by SlidingWindow

DELL EMC Avamar fails to restrict access to Configuration section that let Administrators set up Installation Manager configurations, or check for new packages from the Online Support site. An unauthenticated, remote attacker could add an Online Support Account for DELL EMC without any user interaction.

tags | exploit, remote
advisories | CVE-2018-1217
MD5 | c803fcebaf7c03f7902e2f4dd59391bd
OCS Inventory NG ocsreports 2.4 / 2.3.1 SQL Injection
Posted Apr 10, 2018
Authored by Simon Bieber

OCS Inventory NG ocsreports versions 2.4 and 2.3.1 suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 70b0b52f0aba6fe64eddb67dfcbf2cd9
WooCommerce CSV-Importer-Plugin 3.3.6 Remote Code Execution
Posted Apr 10, 2018
Authored by Lenon Leite

WooCommerce CSV-Importer-Plugin version 3.3.6 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 9bacb3687dc64c2d04972b2c02056bbe
WordPress Google Drive 2.2 Remote Code Execution
Posted Apr 10, 2018
Authored by Lenon Leite

WordPress Google Drive plugin version 2.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | b9dd9a86fef8aa3a201f13d251231d11
Ubuntu Security Notice USN-3616-2
Posted Apr 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | bba26afb207ddfb1391a3848e4cd104d
CyberArk Password Vault Web Access Remote Code Execution
Posted Apr 9, 2018
Site redteam-pentesting.de

The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.

tags | exploit, remote, web, code execution
advisories | CVE-2018-9843
MD5 | 15df09b097ae3bbbbbf2b776522b1bc8
WordPress Simple Fields 0.3.5 File Inclusion / Remote Code Execution
Posted Apr 9, 2018
Authored by Graeme Robinson

WordPress Simple Fields plugin versions 0.2 through 0.3.5 suffer from file inclusion and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 6e2bf334cdac7f3f761fe52b39953c1e
Page 1 of 1,027
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close