what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-07-12

Red Hat Security Advisory 2016-1406-01
Posted Jul 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1406-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-4565
SHA-256 | 057f7af5bbf54d587d8e3a6be782dd96558535d3a764714edd25ccecbe607197
MS16-032 Secondary Logon Handle Privilege Escalation
Posted Jul 12, 2016
Authored by b33f, James Forshaw, khr0x40sh | Site metasploit.com

This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.

tags | exploit
systems | windows
advisories | CVE-2016-0099
SHA-256 | 26f03a91eb8c8dde8874f73e8d5a247d4da47b1e8ea13cc74ba383ffcb0b25c5
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
SHA-256 | f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6
WordPress Easy Forms For MailChimp 6.0.5.5 Local File Inclusion
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Easy Forms for MailChimp plugin version 6.0.5.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f9cad639aaef7cf5440fda2fd29535f1cb187e2e5bf1688b5d20fa6b3111e0d5
WordPress WP Fastest Cache 0.8.5.9 Local File Inclusion
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 0054cb275ef233d49c094070fb79510dc684f361c4da8889694dc76faaa05c30
WordPress Profile Builder 2.4.0 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Profile Builder plugin version 2.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 297021f3bfa30d30d7529fbd4d4482cda32fce21527ddf190bb2dfcd57888511
WordPress Master Slider 2.7.1 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Master Slider - Responsive Touch Slider plugin version 2.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ee681a6e0bc4a7df736fc4b47c1b54d308eacfa9875b9ade1c2ced88ce14d70b
WordPress Email Users 4.8.2 Cross Site Scripting
Posted Jul 12, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Email Users plugin version 4.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d654807b929b6f367ad58d1f8550c77413849b7b0bb9c1483f72aa7ebba83717
Microsoft Security Bulletin Summary For July, 2016
Posted Jul 12, 2016
Site microsoft.com

This bulletin summary lists eleven released Microsoft security bulletins for July, 2016.

tags | advisory
SHA-256 | f750a936dc3bcaba88af328808557515c3a38de1a59a36d5267752863be94f38
Ubuntu Security Notice USN-3031-1
Posted Jul 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3031-1 - Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323
SHA-256 | f3417c57f20dcf30f4fa9223c6a8778e3db397f99457e4d89acee5fceeea9e5c
Apache Archiva 1.3.9 Cross Site Scripting
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-5005
SHA-256 | 04f8a6de07ed3133f7856a60c7f6f21b4d9abdd91819b80ae6ad97c203cf32c1
Apache Archiva 1.3.9 Cross Site Request Forgery
Posted Jul 12, 2016
Authored by Julien Ahrens | Site rcesecurity.com

Apache Archiva version 1.3.9 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-4469
SHA-256 | 7668a8296181447642b0332f0a99e7d8f4c3bc9ac9250ca8df5203b11bf750e3
Red Hat Security Advisory 2016-1395-01
Posted Jul 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2015-4170
SHA-256 | cc677eb8da4ca58135bb72972f0515d5256d313ad0931650e96b454e928c2332
HP Security Bulletin HPSBHF03608 1
Posted Jul 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03608 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, java, arbitrary
advisories | CVE-2016-4372
SHA-256 | a4f731c6afd9d8b0d771afec7e5598fde89d382f0e5d637587497d7a2efe4e3f
WordPress WP Job Manager 1.25 Shell Upload
Posted Jul 12, 2016
Authored by xBADGIRL21

WordPress WP Job Manager plugin version 1.25 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | fa329d0772f010e91170d050b0fdc664722ea3b3000969ef4d3d2d9bcef8b3cf
Clinic Management System Blind SQL Injection
Posted Jul 12, 2016
Authored by Yakir Wizman

Clinic Management System suffers from an unauthenticated remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1e4b0186dbbd5704b1e2383d8bec4c278a1589f74c1b28104d18108765b3abc1
Beauty Parlour And SPA Saloon Management System SQL Injection
Posted Jul 12, 2016
Authored by Yakir Wizman

Beauty Parlour and SPA Saloon Management System suffers from an unauthenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1f54efc3b4e06d3e6f7a22b771694ea380c1ad8ae2d4002a8a59644e205f9ff6
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
Posted Jul 12, 2016
Authored by Francesco Oddo | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application's database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.

tags | exploit, remote, web, arbitrary, root, vulnerability, code execution, sql injection
SHA-256 | df58be25ca590f1f28576780a6be938b242bb24996bb0984cee22bb17a53c202
Blue Team Training Toolkit (BT3) 1.1
Posted Jul 12, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Documentation updates and minor adjustments.
tags | tool, python
systems | unix
SHA-256 | 30adbd3cd4a01b67b065a945fff5e2caba574024335b5a437203f7a48cd0d996
ifchk 1.0.4
Posted Jul 12, 2016
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Added systemd service unit support for Red Hat Enterprise Linux 7 and CentOS 7.
tags | tool
systems | unix
SHA-256 | be6233788c5f551bb00d25f07e4c7322da322729d845d3e0614a9822f78f967a
Bug Tracker 2.7.1 Information Disclosure
Posted Jul 12, 2016
Authored by indoushka

Bug Tracker version 2.7.1 suffers from a database name and credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 2d5b24ff4d2e81970bc492b19b1b88a44529e2a4d367d8030d76ee01fe5d56ca
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close