Exploit the possiblities
Showing 26 - 50 of 7,439 RSS Feed

Web Files

CentOS Web Panel 0.9.8.12 Cross Site Scripting
Posted Jan 19, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
systems | linux, centos
MD5 | 429a78b20422fdffc9614f2158726d5d
Debian Security Advisory 4090-1
Posted Jan 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4090-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions.

tags | advisory, remote, web, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2017-16510, CVE-2017-17091, CVE-2017-17092, CVE-2017-17093, CVE-2017-17094, CVE-2017-9066
MD5 | 2beda7d50eee1ab5df6eabf161548fba
Ubuntu Security Notice USN-3530-1
Posted Jan 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3530-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
MD5 | 3bf2820a2ba39d395b37c51cb752e3d9
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
Posted Jan 11, 2018
Authored by Omar Mezrag, Algeria, Realistic Security | Site metasploit.com

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

tags | exploit, remote, web, arbitrary, local, root, php, file upload
advisories | CVE-2015-8279, CVE-2017-16524
MD5 | a040c104d632cd4ba7549225102c8f38
phpCollab 2.5.1 Unauthenticated File Upload
Posted Jan 11, 2018
Authored by Nicolas Serra, Nick Marcoccio | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit

tags | exploit, web, arbitrary, file upload
systems | linux, ubuntu
advisories | CVE-2017-6090
MD5 | 49412c9229ada92b55b3cbcd05d8eb54
Red Hat Security Advisory 2018-0081-01
Posted Jan 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0081-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-11305, CVE-2018-4871
MD5 | 9a6c4db77e3ce332ec06e707d527c1b0
Sangoma NetBorder / Vega Session Controller Remote Command Execution
Posted Jan 11, 2018
Authored by Appsecco Security Team | Site appsecco.com

Sangoma NetBorder / Vega Session Controller versions prior to 2.3.12-80-GA allows remote unauthenticated attackers to execute arbitrary commands via the web interface.

tags | exploit, remote, web, arbitrary
MD5 | 36a49fe20eb6acbd86755f5f716ec2c1
Red Hat Security Advisory 2018-0061-01
Posted Jan 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0061-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848
MD5 | 57ab4436794ccc7f5375e140dae03e15
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
Posted Jan 6, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall SonicOS NSA Web Firewall is susceptible to cross site scripting attacks due to a filter bypass vulnerability.

tags | exploit, web, xss, bypass
MD5 | e60fdb119e38a2aa6639b763600c6a00
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
MD5 | 7515f6660d050f517b1107818beb00d4
Linksys WVBR0-25 User-Agent Command Execution
Posted Jan 4, 2018
Authored by HeadlessZeke | Site metasploit.com

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.

tags | exploit, web
advisories | CVE-2017-17411
MD5 | 296355d38705b5b2409004259a8e5624
Ubuntu Security Notice USN-3514-1
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3514-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156
MD5 | 485f3d664c8d9b91f9a34e0bb3715a85
Wapiti Web Application Vulnerability Scanner 3.0.0
Posted Jan 3, 2018
Authored by Nicolas Surribas | Site wapiti.sourceforge.net

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

Changes: Ported to Python3. Added --list-modules and --resume-crawl options. Persister rewritten to use sqlite3 databases (for session management). Many other additions, updates, and improvements.
tags | tool, web, scanner, vulnerability
systems | unix
MD5 | 011ea6c1e9be485704224f719397d198
Red Hat Security Advisory 2018-0005-01
Posted Jan 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0005-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.9.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2017-12165, CVE-2017-12167, CVE-2017-12189, CVE-2017-12629, CVE-2017-7559, CVE-2017-7561
MD5 | aac8a37c771d15022754d85ed843305a
Easy Web Grabber 1.0.0 Cross Site Scripting
Posted Dec 31, 2017
Authored by ShanoWeb

Easy Web Grabber version 1.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 1b61b1b865df691a1b85a1ae03c03286
ALLMediaServer 0.95 Buffer Overflow
Posted Dec 28, 2017
Authored by Anurag Srivastava | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request.

tags | exploit, web, overflow
MD5 | 97ea52e06fd6cde938a0e4bd2d7e7b54
Telesquare SKT LTE Router SDT-CS3B1 CSRF / Command Execution
Posted Dec 27, 2017
Authored by LiquidWorm | Site zeroscience.mk

The Telesquare SKT LTE SDT-CS3B1 router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, arbitrary, csrf
MD5 | 4b9db3573ba7740ca38f47752d155a59
PHP Web Stat 4.5.03 Backdoor Account
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 has a backdoor admin account with a password of admin.

tags | exploit, web, php
MD5 | 9436443a2953d5eded423dda77700b78
PHP Web Stat 4.5.03 Cross Site Scripting
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a cross site scripting vulnerability.

tags | exploit, web, php, xss
MD5 | 51622091cd9294b6f4a4bd8ea3c5c88f
PHP Web Stat 4.5.03 Database Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stat version 4.5.03 suffers from a database backup disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | d6db1db63c85e5f36ae5a115ae861aa8
PHP Web Stat 4.x.x Information Disclosure
Posted Dec 27, 2017
Authored by indoushka

PHP Web Stats versions 4.x.x suffers from an information disclosure vulnerability.

tags | exploit, web, php, info disclosure
MD5 | ff34e66846fe9d67c26d9fc933a4df8c
GoAhead LD_PRELOAD Remote Code Execution
Posted Dec 18, 2017
Authored by Daniel Hodson | Site github.com

GoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.

tags | exploit, remote, web, code execution
advisories | CVE-2017-17562
MD5 | f9e2734b50e21720d76a8c8736df6a20
Red Hat Security Advisory 2017-3484-01
Posted Dec 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3484-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. CloudForms Management Engine Appliance. CloudForms Management Engine Gemset. Multiple security issues have been addressed.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2017-2664
MD5 | 664a0547e1fd2c77754dc2ae4f23b341
Red Hat Security Advisory 2017-3479-01
Posted Dec 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3479-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.108. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15429
MD5 | 68eed7e922f6e51ce77a93144706ca10
Red Hat Security Advisory 2017-3477-01
Posted Dec 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9798
MD5 | c060ac568692c5a625232ab20b67a36e
Page 2 of 298
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    6 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close