what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2016-07-21

TFTP Server 1.4 WRQ Buffer Overflow
Posted Jul 21, 2016
Authored by Karn Ganeshen

TFTP server version 1.4 WRQ buffer overflow exploit with egghunter shellcode.

tags | exploit, overflow, shellcode
SHA-256 | a30f7f90aaf3e52cc92f8023f2b71bdf8d949aab32bd3f9c15ff00525964c1e4
Ubuntu Security Notice USN-3040-1
Posted Jul 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3040-1 - Multiple security issues were discovered in MySQL and this update include s new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-3424, CVE-2016-3459, CVE-2016-3477, CVE-2016-3486, CVE-2016-3501, CVE-2016-3518, CVE-2016-3521, CVE-2016-3588, CVE-2016-3614, CVE-2016-3615, CVE-2016-5436, CVE-2016-5437, CVE-2016-5439, CVE-2016-5440, CVE-2016-5441, CVE-2016-5442, CVE-2016-5443
SHA-256 | 7d623f5dbaf19d4de827413892452e70e5ad226dcf6c7937c3760cf74252bd50
Blue Team Training Toolkit (BT3) 1.2
Posted Jul 21, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New commands implemented, UI improvements, documentation updates and minor adjustments.
tags | tool, python
systems | unix
SHA-256 | 0270ef89fa3e231d406ffef4579f79444cfa96d20698eadae3f1fc1f6fd8b269
OpenDNSSEC 2.0.1
Posted Jul 21, 2016
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Multiple bug fixes.
tags | tool
systems | unix
SHA-256 | bf874bbb346699a5b539699f90a54e0c15fff0574df7a3c118abb30938b7b346
Drupal RESTWS Module Remote PHP Code Execution
Posted Jul 21, 2016
Authored by Mehmet Ince, Devin Zuczek | Site metasploit.com

This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php, code execution
systems | linux, ubuntu
SHA-256 | c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5
UPC Hungary Administrative Password / Insecure Transit
Posted Jul 21, 2016
Authored by Gergely Eberhardt

UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.

tags | exploit
SHA-256 | 9e0e33c17bc41fa8dc76d5a50ef735e96f09bdd73c9fadc26ee098ec11b32761
Technicolor TC7200 Modem / Router Session Management / Fixed Password
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.

tags | exploit, proof of concept
SHA-256 | 7a2e8ac2ef48f60614987fa552f45f98556917682e70c63df7742e5ad41f458a
WordPress WooCommerce 2.6.2 Cross Site Scripting
Posted Jul 21, 2016
Authored by Han Sahin

WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a5f0af318f11ee0e790f9fb5900db8a34e7b925b850843f7eeed1f9c5e73b2f8
WordPress Paid Memberships Pro 1.8.9.3 Cross Site Scripting
Posted Jul 21, 2016
Authored by Burak Kelebek

WordPress Paid Memberships Pro plugin version 1.8.9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a5bb4dd7ef4da835e85ed1825882e67fe68468fd012001d45be5949f94701a2a
PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
Posted Jul 21, 2016
Authored by Hans Jerry Illikainen

PHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().

tags | exploit, php
advisories | CVE-2016-5399
SHA-256 | 7111a3aeb099e5121e1419ef1d6496905a8379d4ecf9926707c9684242505445
Hitron CGNV4 Modem / Router CSRF / Session Management / Command Injection
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Hitron CGNV4 modem / router suffers session management, cross site request forgery, and command injection vulnerabilities.

tags | advisory, vulnerability, csrf
SHA-256 | 2a15eddd92ab306aaaee355eb8bf20ff26a53b441933d2dec2f3ce8192f1593a
Compal CH7465LG-LC Modem / Router Session Management / Command Injection
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.

tags | exploit, denial of service, vulnerability, proof of concept, bypass
SHA-256 | 5d06e5b58ccc73b68e5bffdbf0373df8bb1bc1f24567e7cae58f2a5c6f1b02e6
Cisco EPC3925 UPC Modem / Router Default Passphrase
Posted Jul 21, 2016
Authored by Gergely Eberhardt

The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via WiFi and the typical serial number is within the range 200.000.000 and 260.000.000, the default password can be brute-forced within minutes. Proof of concept included.

tags | exploit, proof of concept
systems | cisco
SHA-256 | 6072b1ec30864428a22619448d2693155647c1a284a3e7a6e034187b98d0048e
Red Hat Security Advisory 2016-1458-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1458-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.

tags | advisory, java, denial of service
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
SHA-256 | 0b95eadaaf3a53f29eaf36c2d11986bc09e8e9577d32391f9ca312520b38bd9f
Gentoo Linux Security Advisory 201607-16
Posted Jul 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-16 - arpwatch is vulnerable to the escalation of privileges. Versions less than 2.1.15-r8 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-2653
SHA-256 | 751bed43868a4a0ef35fae76d2112e237c382a671d527f8cd91211118b4f5639
Gentoo Linux Security Advisory 201607-15
Posted Jul 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-15 - Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, CVE-2016-1547
SHA-256 | 1cee38cbbf4cfcbee63ab9a3fb2cb62dbfa060e41bf33390b2adc1fcf92ddd84
Red Hat Security Advisory 2016-1477-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1477-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 121. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3550
SHA-256 | f650e17677fb7d2c977ec1ce8d119ba55c148374df138a5a3fcbb45641328b6e
Red Hat Security Advisory 2016-1475-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1475-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
SHA-256 | 2caaef5ada15fdae664cddcfeac6be8732391bd3fbea43150c75cd29b759574b
Red Hat Security Advisory 2016-1476-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1476-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 111. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606
SHA-256 | 7267b15575e357bac4c8ed3413791cbb860372c09b781ee3b7628288746767f7
Red Hat Security Advisory 2016-1474-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1474-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. The following packages have been upgraded to a newer upstream version: openstack-neutron. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8914, CVE-2016-5362, CVE-2016-5363
SHA-256 | 8745b604a58d383d3b6ff52bd09c04a84f130c3f31bfed451be6ebdb839daff9
Red Hat Security Advisory 2016-1473-01
Posted Jul 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1473-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Security Fix: Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-8914, CVE-2016-5362, CVE-2016-5363
SHA-256 | 7d30e603c4b7ad0d2283369dd4e57a3fc26438d64869e1203fc323cd21fe293a
Cisco Security Advisory 20160720-ucsperf
Posted Jul 21, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation performed on parameters that are passed via an HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
SHA-256 | e801ea022a39f6340a7416d5f90277eb140d7b3a5f900b089ca87cc8d7ffee28
OpenSSHD 7.2p2 User Enumeration
Posted Jul 21, 2016
Authored by 0_o

OpenSSHD versions 7.2p2 and below remote username enumeration exploit.

tags | exploit, remote
SHA-256 | 2f182c8354b3885f9f53dee4dfd49de6b64a388306dc36b6cf716adfc0ef8ac9
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close