what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-01-23

Workable Zone 1.1 Database Disclosure
Posted Jan 23, 2018
Authored by indoushka

Workable Zone version 1.1 human resource management system suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | f152896bb9451cca79e595d9479c40bd735cbf7beaa244031994f0fc9fece909
WBiz Desk 1.0 SQL Injection
Posted Jan 23, 2018
Authored by indoushka

WBiz Desk version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 751cff97e8fb904a13f9e41dbbc37b857501c631f5985da59e3a9fc8ef9b9551
Pivoting (Metasploit)
Posted Jan 23, 2018
Authored by Anurag Srivastava

This is a whitepaper that discusses pivoting attacks with Metasploit. Pivoting is a technique using a compromised system to attack other systems on the same network. Consider a scenario where there is some juicy information hosted inside a local network and there is only one system which is connected to internet. In this scenario, an attacker can compromise the system which is connected to internet and then use that particular compromised system in-order to test or attack other systems in the same network which are only accessible via local network.

tags | paper, local
SHA-256 | 33ab5236cd107568dfd2b0fa53e275b3fac5c53227e58d23cc60eab82d6b07e7
NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download
Posted Jan 23, 2018
Authored by LiquidWorm | Site zeroscience.mk

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user.

tags | exploit, remote, root, telephony
SHA-256 | 6ec13406baf539fb83adb212bb192015cc4af93e431d8bb3179d2f34e0475af2
Ubuntu Security Notice USN-3541-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-2 - USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 2bef15d9aab879db3d94b78df252a16c484d98fb8517c35ea9b7de0028cfbf25
Ubuntu Security Notice USN-3542-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3542-2 - USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | a5579a936801baabe3460bc2e48834a6ab0a14e5d31755f278f7a027f1791f71
Ubuntu Security Notice USN-3540-2
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-2 - USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | ce51b009896d4900774ac27226430b092f1073e8c79d9cade04851689abf372e
Ubuntu Security Notice USN-3542-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3542-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | b12b48631c56243ecfc30601e84102d06bd0a8d8e6da80f8a98a135248e58338
Ubuntu Security Notice USN-3541-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3541-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3523-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 9ef5f1ad161688fa3074930ceff911d09b626e952bdc2ea98c50ee76345ffbc1
Ubuntu Security Notice USN-3540-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3540-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3522-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 57dfc7847333c830d6ea9ae92ea7e78da0ee06b911204eebab292ebc07143d84
Red Hat Security Advisory 2018-0115-01
Posted Jan 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0115-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 181. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | a282016f6ca8ca2c34b370151c16fa7d27f3526cc5f5974a70c432afe358a6b5
Ubuntu Security Notice USN-3539-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3539-1 - It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789
SHA-256 | 3641dd9bb53edd38c2a51f004e4ad926b0b6156f946c2ee3e0373eedd2561f61
Ubuntu Security Notice USN-3538-1
Posted Jan 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3538-1 - Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, unix, ubuntu
advisories | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2017-15906
SHA-256 | 964c48c0439d989a11cbdd7601e6770b0c099bed3a91031d5cd9afb0716a4b35
Academic Microsoft API Query Filter Cross Site Scripting
Posted Jan 23, 2018
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

The Academic Microsoft API query filter suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 315383ba3e443caa8589754c91b95a8a02f5b8a130671657e14cbdfe748ada1b
Endonesia 8.7 SQL Injection
Posted Jan 23, 2018
Authored by indoushka

Endonesia version 8.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 86d46eae5d92c1869555ae2d2ad2461b86db9336c85bbe49f952ec7dbb7bf036
Blizzard Agent RPC Auth DNS Rebinding
Posted Jan 23, 2018
Authored by Tavis Ormandy, Google Security Research

Blizzard's agent rpc authentication mechanism is vulnerable to DNS rebinding attacks.

tags | exploit
SHA-256 | 01e7bdf4703d545404b5ea8d6c13d0e9fc1c4e0a98a205904426f38fbc152873
Linux x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode
Posted Jan 23, 2018
Authored by Hashim Jawad

77 bytes small Linux/x86 ROT-N + Shift-N + XOR-N encoded /bin/sh shellcode. Tested on Ubuntu 12.04.5 LTS.

tags | x86, shellcode
systems | linux, ubuntu
SHA-256 | 37eab53116dad029b3e132f9ddd79388f3daaa216b180a34c2c0414d96469e33
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close