exploit the possibilities
Showing 1 - 25 of 7,717 RSS Feed

Web Files

Twilio WEB To Fax Machine System Application 1.0 SQL Injection
Posted Jan 14, 2019
Authored by Ihsan Sencan

Twilio WEB To Fax Machine System Application version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 245609d1c0879b49d8a3b66b10944d91
Ubuntu Security Notice USN-3854-1
Posted Jan 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3854-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4437
MD5 | f8474b7b46329623febcb7514c73d299
Ubuntu Security Notice USN-3853-1
Posted Jan 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3853-1 - Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks.

tags | advisory, remote, web, denial of service, csrf
systems | linux, ubuntu
advisories | CVE-2018-1000858
MD5 | 9dff487091705ecddb0783a58af51804
EstudioNeoFilms / Grupo LosGrobo / IdeaSeven SQL Injection
Posted Jan 9, 2019
Authored by KingSkrupellos

Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.

tags | exploit, web, vulnerability, sql injection
MD5 | f924892391cf79940be495a27d89509b
Debian Security Advisory 4363-1
Posted Jan 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

tags | advisory, web, spoof, python
systems | linux, debian
advisories | CVE-2019-3498
MD5 | 2b825f3bca76165c30b5aef53b5d1a60
Mailcleaner Remote Code Execution
Posted Jan 8, 2019
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.

tags | exploit, web, root
advisories | CVE-2018-20323
MD5 | 385bd5fbbfdc9bc89d35cc72bfbbbe12
UFONet 1.2
Posted Jan 8, 2019
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: New release called Armageddon. Various updates.
tags | tool, web, denial of service, spoof
systems | unix
MD5 | c1ec221727b9cd2ac06a67b4c61830d0
SQLMAP - Automatic SQL Injection Tool 1.3
Posted Jan 7, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 1a3875f12c086f1c3924014c72cdc928
Red Hat Security Advisory 2019-0010-01
Posted Jan 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0010-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, perl
systems | linux, redhat
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
MD5 | faadd3788ca90ff4abd0d9508d573eaa
Red Hat Security Advisory 2019-0001-01
Posted Jan 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0001-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, perl
systems | linux, redhat
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
MD5 | 2dd37f88ab4551f6576438881aa0db3d
SugarCRM Web Logic Hooks Module Path Traversal
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
MD5 | 0a73c52a5465fdc38ae3bede2f424098
SugarCRM Web Logic Hooks Module PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
MD5 | bc08aaf51fef23154d37431b75e27168
NIP Kompanija Novosti A.D. Serbia Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

NIP Kompanija Novosti A.D. Serbia Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 8722310b958be6cc9bcf2493bd19eed7
Byte-Elaborazioni Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

Byte-Elaborazioni Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | efb608dbf782836782c184c3cf72e5b4
BuInteractive Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

BuInteractive Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | bde94d27db3e8dc62f7db9fe08064093
BTOptions Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

BTOptions Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | a6079ac5b740d2d16c1b0105f97c54ed
AtelyeDigital Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

AtelyeDigital Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | eb08086917e3bf86eac6d24c52101853
Taiwan GPS Satellite Positioning Passenger Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

Taiwan GPS Satellite Positioning Passenger Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | ad226292ab2861f289f560caaf1acb59
AnimaxTechnology.in India Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

AnimaxTechnology.in India Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 851a6bde508f1cd0402ffc9e23ded7ab
NwebProcess India Web Design 1.0 SQL Injection
Posted Dec 31, 2018
Authored by KingSkrupellos

NwebProcess India Web Design version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | bc16450e47ad8b878b50cf94c16c9caa
GRR 3.2.4.6
Posted Dec 21, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with some fixes for bugs introduced in the previous one.
tags | tool, remote, web, forensics
systems | unix
MD5 | f59ee504fb8d7b294b254fec635878c7
SDL Web Content Manager 8.5.0 XML Injection
Posted Dec 18, 2018
Authored by Ahmed Elhady Mohamed

SDL Web Content Manager version 8.5.0 suffers from an XML external entity injection vulnerability.

tags | exploit, web
advisories | CVE-2018-19371
MD5 | 8c888db318e22cc6df0250cb0808f558
GRR 3.2.4.5
Posted Dec 18, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This release is the last GRR release to work on a legacy AFF4-based datastore. Next generation datastore will also work on top of MySQL but will have a completely different schema, meaning that you will lose historical data with the next GRR upgrade. Tons of small (and not-so-small) bug fixes and code health improvements.
tags | tool, remote, web, forensics
systems | unix
MD5 | 75619a460295d7f2c168d79170733881
Red Hat Security Advisory 2018-3833-01
Posted Dec 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
MD5 | fbd38bb2a680f9d27e5a1e276b257275
Red Hat Security Advisory 2018-3831-01
Posted Dec 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3831-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
MD5 | ebeb7bb38ac5254f369742495d0aa131
Page 1 of 309
Back12345Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    22 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    30 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close