Twenty Year Anniversary
Showing 26 - 50 of 25,930 RSS Feed

Remote Files

Red Hat Security Advisory 2018-2150-01
Posted Jul 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2150-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2018-10874, CVE-2018-10875
MD5 | 3b0ef1d000305a071bdfd654c8ffc973
ELO (Elektronischer Leitz-Ordner) 9 / 10 SQL Injection
Posted Jul 10, 2018
Authored by Jens Regel

ELO (Elektronischer Leitz-Ordner) versions 9 and 10 suffer from a remote time-based blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10197
MD5 | fda5d95acef9735b638fd20d5bcc1144
Red Hat Security Advisory 2018-2152-01
Posted Jul 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2152-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2018-10874, CVE-2018-10875
MD5 | de622420b59e26e47b705a00459da7f7
Red Hat Security Advisory 2018-2151-01
Posted Jul 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2151-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include a code execution vulnerability.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2018-10874, CVE-2018-10875
MD5 | 9e27f6bb74f20bde6c14ee31b8b66a3c
WolfSight CMS 3.2 SQL Injection
Posted Jul 10, 2018
Authored by Berk Dusunur, Zehra Karabiber

WolfSight CMS version 3.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9d9a26e6ccda04e1605c749f589ebc1a
TOR Virtual Network Tunneling Tool 0.3.3.8
Posted Jul 9, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 492c31afb03ec39aaf354658682fbf68
Ubuntu Security Notice USN-3706-1
Posted Jul 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3706-1 - It was discovered that libjpeg-turbo incorrectly handled certain malformed JPEG images. If a user or automated system were tricked into opening a specially crafted JPEG image, a remote attacker could cause libjpeg-turbo to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9092, CVE-2018-11213
MD5 | 66ced8f2334ae5d05fccfdfeb837d19c
Ubuntu Security Notice USN-3708-1
Posted Jul 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3708-1 - It was discovered that OpenSLP incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenSLP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-17833
MD5 | 662493ab74aaf575c5d1e8159cd8b911
Ubuntu Security Notice USN-3707-1
Posted Jul 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3707-1 - Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
MD5 | 0647a8b93bace5ed4b5773148d5efb8f
Oracle WebLogic 12.1.2.0 Remote Code Execution
Posted Jul 9, 2018
Authored by bobsecq

Oracle WebLogic version 12.1.2.0 RMI registry UnicastRef object java deserialization remote code execution exploit.

tags | exploit, java, remote, registry, code execution
advisories | CVE-2017-3248
MD5 | 0b5ec20bae66318da834b3ae3e8f3db3
Debian Security Advisory 4242-1
Posted Jul 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4242-1 - Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.

tags | advisory, remote, arbitrary, root, ruby
systems | linux, debian
advisories | CVE-2018-3760
MD5 | 106d6b21a5ae2a721cddf96019f8467d
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
Posted Jul 7, 2018
Authored by Brendan Coles, coldfusion39, Ricky HeadlessZeke Lawshae | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This Metasploit module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 (Build 04/23/2012).

tags | exploit, remote
MD5 | e118b7fe52dd732ff59de4e2ac893248
Ubuntu Security Notice USN-3702-2
Posted Jul 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3702-2 - USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2018-12882
MD5 | 8fe6d115b16c29298453c43df9af9f61
SoftExpert Excellence Suite 2.0 SQL Injection
Posted Jul 5, 2018
Authored by Seren PORSUK

SoftExpert Excellence Suite version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6e9dfb20185111d3b41a7c5c89f34a9e
Ubuntu Security Notice USN-3702-1
Posted Jul 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3702-1 - It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2018-12882
MD5 | 91cf13f6abb86654377d8a466daabf9a
CMS Made Simple 2.2.5 Remote Code Execution
Posted Jul 4, 2018
Authored by Mustafa Hasan

CMS Made Simple version 2.2.5 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000094
MD5 | 72574b50537defd0efa90ab9f43cbc9f
Ubuntu Security Notice USN-3699-1
Posted Jul 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3699-1 - It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6869, CVE-2018-7725, CVE-2018-7726
MD5 | e1a866e78af6bf136d61080d383115a1
ManageEngine Exchange Reporter Plus 5310 Remote Code Execution
Posted Jul 3, 2018
Authored by Kacper Szurek

ManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 3a02bbb7f9eca159137276ae0a471617
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
Posted Jul 2, 2018
Authored by Okan Coskun

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.

tags | exploit, remote, arbitrary
advisories | CVE-2018-12571
MD5 | 7c32094ad0851d110b5ec08cfce5b793
EMC ECS S3 Authentication Bypass
Posted Jul 2, 2018
Site emc.com

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.

tags | advisory, remote, bypass
advisories | CVE-2018-11052
MD5 | 2e3f16624ae92fac275cc03abf77df09
Dolibarr ERP CRM 7.0.3 Code Injection
Posted Jul 2, 2018
Authored by om3rcitak

Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | c3c0b8993ddf32695f9afefe4a832269
FTPShell Client 6.70 Enterprise Edition Stack Buffer Overflow
Posted Jun 29, 2018
Authored by Daniel Teixeira, r4wd3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2018-7573
MD5 | 65592cd1c5d2d58b3050cf2873ac3999
Nagios XI Chained Remote Code Execution
Posted Jun 29, 2018
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

tags | exploit, remote, shell, root, php, vulnerability
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
MD5 | f275b1da0c15a7e7e5fae8036578d5d8
Ubuntu Security Notice USN-3694-1
Posted Jun 29, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3694-1 - It was discovered that NASM incorrectly handled certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use these issues to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10686, CVE-2017-11111, CVE-2017-14228, CVE-2017-17810, CVE-2017-17811, CVE-2017-17812, CVE-2017-17813, CVE-2017-17814, CVE-2017-17815, CVE-2017-17816, CVE-2017-17817, CVE-2017-17818, CVE-2017-17819, CVE-2017-17820, CVE-2018-8881
MD5 | edefccd58f621f41c0bc69a20547819f
GRR 3.2.3.2
Posted Jun 28, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with a fix for a client-repacking bug introduced in v3.2.3.0.
tags | tool, remote, web, forensics
systems | unix
MD5 | 7aa8402312de71d03f4fab72c0a59707
Page 2 of 1,038
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    3 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close