exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 618 RSS Feed

Files Date: 2024-08-01 to 2024-08-31

Faraday 5.6.0
Posted Aug 26, 2024
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Resolved an issue when filtering assets by numeric values. Added workspace update logic on general view. Fixed bug where workspaces updated without making any change on them.
tags | tool, rootkit
systems | unix
SHA-256 | 8129d5ada77e1560709a9e18a9acb5fe00993fca262cb66bb440b18e73fb5d2d
Calibre Web 0.6.21 Cross Site Scripting
Posted Aug 26, 2024
Authored by Catalin Iovita, Alexandru Postolache

Calibre Web version 0.6.21 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
advisories | CVE-2024-39123
SHA-256 | 686e04b8fe52c5725bda61d40bbca828f80088e743ec7a871989a6041a45b1d0
Ubuntu Security Notice USN-6974-2
Posted Aug 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6974-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2023-52629, CVE-2024-26921, CVE-2024-39292, CVE-2024-39484
SHA-256 | 37c3f9b7ef32a073d45c582a69ab42b6107ab985a5d9b0ad42205cec3c8ec0dc
Helpdeskz 2.0.2 Cross Site Scripting
Posted Aug 26, 2024
Authored by Md. Sadikul Islam

Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a8ac91a3cbedb116396a5b53757d88970af60c29a929c87cc0d371c438839a2e
Debian Security Advisory 5757-1
Posted Aug 26, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-7968, CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-7974, CVE-2024-7975, CVE-2024-7976, CVE-2024-7977, CVE-2024-7978
SHA-256 | b36cd7bc93a9e6a4f0b3bb03a7b90689eecbec97b3839ed420816280b821c7b1
SPIP 4.2.11 Code Execution
Posted Aug 26, 2024
Authored by indoushka

SPIP version 4.2.11 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | c4d5a7ec857d6143a4dc61f6cfd25f53a0e63155cbfd065edba914d1db5a6f2b
Loan Management System 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4
Ubuntu Security Notice USN-6973-2
Posted Aug 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6973-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-46926, CVE-2024-24860, CVE-2024-26830, CVE-2024-26921, CVE-2024-39484
SHA-256 | ae63bfb6e280dd009e2c0a5fe99dec56f207432686e72f972bd7822a124051d0
Jobs Finder System 1.0 Cross Site Scripting
Posted Aug 26, 2024
Authored by indoushka

Jobs Finder System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | faf5a6f2bdf5a78896fae3a3733b2215bd787d63633b35a18fdd4238dbc3d2b4
Ubuntu Security Notice USN-6972-3
Posted Aug 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6972-3 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-52470, CVE-2023-52760, CVE-2023-52806, CVE-2024-22099, CVE-2024-24860, CVE-2024-26600, CVE-2024-26654, CVE-2024-35835, CVE-2024-36901, CVE-2024-36940, CVE-2024-39292
SHA-256 | 3851e01a35e3009f6057ef8b82450d14866f3831ab11b59ea760316705789735
HughesNet HT2000W Satellite Modem Password Reset
Posted Aug 26, 2024
Authored by Simon Greenblatt

HughesNet HT2000W Satellite Modem remote password reset exploit that leverages a path traversal vulnerability.

tags | exploit, remote
advisories | CVE-2021-20090
SHA-256 | 39985e65e2ad65f7d97ac082c4bb9179894f75c1041378c2a629dcd1f57fe3ca
Human Resource Management System 2024 1.0 Cross Site Scripting
Posted Aug 26, 2024
Authored by indoushka

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25f4d7b7ca25178696d74bb308a9abcdd65caa3fc6c471e46b4b16febaa084ea
Employee Record Management System 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 48f74abd4ae2b0a4eefcbc41869e56c73b5b26ad8ea6f55bc7ef2939ebb312a7
DETS Project 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 8e871e7f49c2379860d7b67c7b6819a9dfb93577e9139f8863c582714f30982a
Aruba 501 CN12G5W0XX Remote Command Execution
Posted Aug 26, 2024
Authored by Hosein Vita

Aruba 501 version CN12G5W0XX suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | c7838fb2e5b92ed1dcaf8819750689cd7714fb6c9f3678ca9f108414bc074c10
Bang Resto 1.0 Information Disclosure
Posted Aug 26, 2024
Authored by indoushka

Bang Resto version 1.0 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 830c31d95b7f59f003c211243b33e2126b35344e02f89fef93aa5788666eaf2a
School Log Management System 1.0 SQL Injection / Code Execution
Posted Aug 26, 2024
Authored by indoushka

School Log Management System version 1.0 suffers from a WYSIWYG code injection vulnerability.

tags | exploit, remote, code execution, sql injection
SHA-256 | 8ecbd78cc0fd66ac18a830457819fd7e6bc3280127a89e27f97777b39eda5335
Simple College Website 1.0 SQL Injection / Code Execution
Posted Aug 26, 2024
Authored by indoushka

Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

tags | exploit, remote, code execution, sql injection
SHA-256 | 87a1f018cc026cf0415cd9dc7a48aea9bae4864d8fd6cadcb7d274baaacf9e4b
Ray cpu_profile Command Injection
Posted Aug 23, 2024
Authored by sierrabearchell, byt3bl33d3r, Takahiro Yokoyama | Site metasploit.com

This Metasploit module demonstrates a command injection vulnerability in Ray via cpu_profile.

tags | exploit
advisories | CVE-2023-6019
SHA-256 | 8df2df72517b571d9dd8bd6cfcba7d7a0e2e3adcc491da6ac95c7d5c7f943993
Ray Agent Job Remote Code Execution
Posted Aug 23, 2024
Authored by sierrabearchell, byt3bl33d3r, Takahiro Yokoyama | Site metasploit.com

This Metasploit modules demonstrates remote code execution in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2023-48022
SHA-256 | 276fa27f2b7f4e3368e29c64a43eb5175c7a06d6b1f36b8ce2b8c3203b044082
DiCal-RED 4009 Information Disclosure
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 provides a network server on TCP port 2101. This service does not seem to process any input, but it regularly sends data to connected clients. This includes operation messages when they are processed by the device. An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes.

tags | exploit, tcp
advisories | CVE-2024-36441
SHA-256 | ab5d94c2a1f0e4d8bfcda084e05a40a114001865191d658dc9600e79c80e6702
DiCal-RED 4009 Outdated Third Party Components
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2016-5195, CVE-2016-7406, CVE-2019-1281
SHA-256 | ac46a5297fc9b5ee7331f8918ab83a70fa899f2cf27a29ac3f89865c35bbf946
DiCal-RED 4009 Log Disclosure
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 is vulnerable to unauthorized log access and other files on the device's file system due to improper authentication checks.

tags | exploit
advisories | CVE-2024-36444
SHA-256 | 22505e01eb5b8d58240173b875a10f1ce90aedba603dcb8c2cab2ffb9c7b12b6
DiCal-RED 4009 Path Traversal
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 has an administrative web interface that is vulnerable to path traversal attacks in several places. The functions to download or display log files can be used to access arbitrary files on the device's file system. The upload function for new license files can be used to write files anywhere on the device's file system - possibly overwriting important system configuration files, binaries or scripts. Replacing files that are executed during system operation results in a full compromise of the whole device.

tags | exploit, web, arbitrary
advisories | CVE-2024-36442
SHA-256 | 7c7db8db22b8d44815d0c4d1894bb2b5c72cd299da13c7d7e62d1b7f68ee685e
DiCal-RED 4009 Cryptography Failure
Posted Aug 23, 2024
Authored by Sebastian Hamann | Site syss.de

DiCal-RED version 4009 provides an administrative web interface that requests the administrative system password before it can be used. Instead of submitting the user-supplied password, its MD5 hash is calculated on the client side and submitted. An attacker who knows the hash of the correct password but not the password itself can simply replace the value of the password URL parameter with the correct hash and subsequently gain full access to the administrative web interface.

tags | exploit, web
advisories | CVE-2024-36439
SHA-256 | be90b2b3ba74aa9d5ebd8ad42a421183d9736ccd9ae6ba44a68eee851329062e
Page 5 of 25
Back34567Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close