exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2016-08-12

WebNMS Framework Server 5.2 Arbitrary File Upload
Posted Aug 12, 2016
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution under the user which the WebNMS server is running. This Metasploit module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.

tags | exploit, code execution
systems | linux, windows
SHA-256 | 3487474dddb39cb18412107fef3b60ba87315ceeb45fdeb39935f59439c71a93
Hydra Network Logon Cracker 8.3
Posted Aug 12, 2016
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Support for upcoming OpenSSL 1.1 added. Fixed hydra redo bug. Updated xhydra for new hydra features and options. Some more command line error checking added. Ensured unneeded sockets are closed.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | b94ee47254e01a8c18be38eae8b953bfe4f734db60cafd1054b3316419b1687d
Ubuntu Security Notice USN-3047-2
Posted Aug 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3047-2 - USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. Various other issues were addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-4952, CVE-2016-5107, CVE-2016-5126, CVE-2016-5337, CVE-2016-5403
SHA-256 | 6cde5cb99c15b597456c232a84fe2c4a2d7a2394f9e433c09f015f5e373d1fc2
FreePBX 13 / 14 Remote Command Execution
Posted Aug 12, 2016
Authored by pgt | Site nullsecurity.net

FreePBX versions 13 and 14 remote command execution exploit.

tags | exploit, remote
SHA-256 | c79a97241bdd04c65cedc2b0e939895e14322014e67f5998b5132b036e7d75ac
HP Security Bulletin HPSBGN03630 2
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03630 2 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.

tags | advisory, java, remote, code execution
systems | linux, unix, solaris
advisories | CVE-2016-4373
SHA-256 | d663eec4579facf8f6a81f46b5a6f77f682c0a3bfdeaa267a6fca762dbec6c64
HP Security Bulletin HPSBHF03440 1
Posted Aug 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03440 1 - A potential security vulnerability in JQuery was addressed by HPE Integrated Lights-Out 3. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2011-4969
SHA-256 | d4e4427059bf0f52d590b8440696253f452456d6b56937c208ef0874ee58a1ff
Apache OpenMeetings 3.1.0 Cross Site Scripting
Posted Aug 12, 2016
Authored by Matthew Daley

Apache OpenMeetings version 3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7cd4363e2b99732754cd02499cfb4501e7c27fb5b0c5ad53d5bfc6fcb86f6281
Zabbix 3.0.3 SQL Injection
Posted Aug 12, 2016
Authored by 1N3

Zabbix version 3.0.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e66499a7042cb8648e12f24179f33ad12b968d3990953a0c243addd146feb69e
ColoradoFTP 1.3 Prime Edition (Build 8) Directory Traversal
Posted Aug 12, 2016
Authored by Christian Catalano, Rv3Lab, Marco Fornaro

ColoradoFTP version 1.3 Prime Edition (Build 8) suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 91283725e1f5776a707996847385b3c798b3049566679412587c14ff20c727a7
QuickerBB 0.7.0 Cross Site Scripting
Posted Aug 12, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

QuickerBB version 0.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e187174c3184c577ee1f1df9fa43f657d7ea7e79865f26cb05e269257bbba349
Microsoft Education Cross Site Scripting
Posted Aug 12, 2016
Authored by Vulnerability Laboratory, SaifAllah benMassaoud, Zahid Mehmood | Site vulnerability-lab.com

Microsoft's Education site suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3924fce5c180dbeb4453ed70ff1611bb77caeca4ddb4adc2e2eb8fd1dcfb8e8f
Joomla Registration Pro 3.2.12 SQL Injection
Posted Aug 12, 2016
Authored by xBADGIRL21

Joomla Registration Pro component versions 3.2.10 through 3.2.12 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5f4aa4fd769e4f94be8e8128f79221da5832a7e1c4b3c5339021218b1523f45f
Teamspeak 3 Use-After-Free / Information Disclosure / DoS
Posted Aug 12, 2016
Authored by ff214370685e536b9ee021c7ff6b7680bfbe6008bc29f87511b6b90256043536

Teamspeak 3 suffers from multiple vulnerabilities including denial of service, a race condition that leads to a use-after-free, and various other issues.

tags | exploit, denial of service, vulnerability
SHA-256 | 690a5d7c6af1c3972f1a035ae40ef95b54f43f342ca937f2673b022a2e1f0371
VMware Security Advisory 2016-0011
Posted Aug 12, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0011 - vRealize Log Insight contains a vulnerability that may allow for a directory traversal attack. Exploitation of this issue may lead to a partial information disclosure. There are no known workarounds for this issue.

tags | advisory, info disclosure
advisories | CVE-2016-5332
SHA-256 | b45b5de8dca28391380d0aa9cee3799a1de998079808cf20c36f2871ff683764
Red Hat Security Advisory 2016-1604-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1604-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
SHA-256 | 050cf4eb10b6b4d48a4849fc74b4da049ebd99b9f4c1702cf81baba7760d55f1
Red Hat Security Advisory 2016-1602-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1602-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444
SHA-256 | 9ebe488c20f76b68d7a3cf57698896831bc3b64105719afff7a32233ea62034b
Red Hat Security Advisory 2016-1601-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1601-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3521, CVE-2016-3614, CVE-2016-3615, CVE-2016-5439, CVE-2016-5440
SHA-256 | f74fd9194852a14f3381406d12fd54322502cd7ad2381d9edfb8f94fb630a507
Red Hat Security Advisory 2016-1603-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1603-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
SHA-256 | 76497b688449c5fc738f3987def49a51af654e16c3cade55c27ea6fd2a668e30
Red Hat Security Advisory 2016-1607-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1607-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
SHA-256 | d67f5e6e01f8d9341a59fcc3055fec2ec69675435c8bc04cff2c9ee1c9bd3355
Debian Security Advisory 3647-1
Posted Aug 12, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3647-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2016-2818
SHA-256 | 34817b30843cd3047d068ce105c2a9c8c6ed7f94388c6649bd61972ef917036b
Red Hat Security Advisory 2016-1606-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1606-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-5126, CVE-2016-5403
SHA-256 | 55b580f3cc8e781eb560abc0504ebbb683e94803d14225a9ae6fea8a2aec4eff
Red Hat Security Advisory 2016-1613-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1613-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
SHA-256 | e0bf59f5cf1d3c0945e0d6d6e0c15750289bc15a60fccdb2ee9d694dd4128871
Red Hat Security Advisory 2016-1612-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1612-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
SHA-256 | f67019f31418549e29743778856e445f5f3d39cc49377c1111e61f49fc4b91de
Red Hat Security Advisory 2016-1611-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1611-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
SHA-256 | 55592b7d6ab377e799f0673e09120f679bd0c8e8a43960c9c3d68a564709590b
Red Hat Security Advisory 2016-1610-01
Posted Aug 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1610-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2016-5385
SHA-256 | fcd71ebcda575c41b6353590baddb7b6da04850d4fbba07468173f9919b13631
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close