what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2015-04-19 to 2015-04-20

Maligno 2.1
Posted Apr 19, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Clientgen now supports standalone script generation, without requiring Maligno server component for downloading a payload. Cookie support added. Payload parameter + ID can be provided via a cookie. Various other updates and improvements.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | b9eda40dc7133d2369b344300b056ee97cf546f41848fcb8094cb573d87b5007
Lynis Auditing Tool 2.1.0
Posted Apr 19, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Screen output has been improved to provide additional information. CUPS detection on Mac OS has been improved. Various other updates and improvements.
tags | tool, scanner
systems | unix
SHA-256 | 16ed596c8c283b8e4c635ada25ceb042371384ae09b3238a658ca60801a73c24
Adobe Flash Player copyPixelsToByteArray Integer Overflow
Posted Apr 19, 2015
Authored by Chris Evans, Nicolas Joly, juan vazquez, hdarwin | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0556
SHA-256 | 0261f65421dd66c2140dc4d01ec869ffa16a08028c90426650ee76ecbe40cc47
WordPress Reflex Gallery Upload
Posted Apr 19, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-88853
SHA-256 | 66a2afe428abc2bc5fd7a07e29076cf8d642726dfba85da1125d083fa522fa6e
WordPress N-Media Website Contact Form Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 06defc0f9a3b1e41269ef7d6c96eebcf75e56a0475dd25a9e1826f8f400e3fd3
WordPress Creative Contact Form Upload
Posted Apr 19, 2015
Authored by Gianni Angelozzi | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | f67d354bf1423deeda6860a5375cc709458e085127ee4fde423e1181e6630458
WordPress Work The Flow Upload
Posted Apr 19, 2015
Authored by Claudio Viviani | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 99dafcf218991769dca62fedd1f31fd6083ce929bdd0f494ed3fe6bdff34ddcb
Lychee 2.7.1 Remote Code Execution
Posted Apr 19, 2015
Authored by Filippo Cavallarin

Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.

tags | exploit, remote, code execution
SHA-256 | 838f6b6bb47ee54cd93284f806f636dbf53c9df7899e9dd5db885f98f9535dc9
Landesk Management Suite 9.5 RFI / CSRF
Posted Apr 19, 2015
Authored by Alex Haynes

Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion, csrf
advisories | CVE-2014-5361, CVE-2014-5362
SHA-256 | 7bdfe59dc30a3b71753bd3a33281c2051ca69929c42f568988b546e2de5d4ccd
Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow
Posted Apr 19, 2015
Authored by Dmitry Janushkevich | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a sign extension error in ibpsd2.dll when processing PSD files, which can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerability may allow execution of arbitrary code. Oracle Outside In versions 8.4.1, 8.5.0, and 8.5.1 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2015-0493
SHA-256 | 881fefe28d05888ab8bb824adc584939c717d9e3fd0ffb3517681895051b5cb4
Gentoo Linux Security Advisory 201504-07
Posted Apr 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.457 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
SHA-256 | b4d1f33ae090d323723fea5ea3b1e7183793f2901305dbd8d27932e24e8dda88
Gentoo Linux Security Advisory 201504-06
Posted Apr 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103, CVE-2015-0255
SHA-256 | 02bfcf82733cc51a9e7242f086fd8e7f523654b1b9c474a9238aec3001352a0f
Red Hat Security Advisory 2015-0854-01
Posted Apr 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0854-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492
SHA-256 | 63fb2eee82ffd6233a18a0a0dd56ff5da078eb57b76a6fbf6d67f5269c0b212c
BlueDragon CFChart Servlet 7.1.1.17759 Directory Traversal
Posted Apr 19, 2015
Authored by Mike Westmacott | Site portcullis-security.com

The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances the retrieved file is also deleted. Versions 7.1.1.17759 is affected.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2014-5370
SHA-256 | c7fba25e82be748cfef6834fae314b9c87f9647ed21ced05ff757e5a06e0bb5f
ADB Backup Traversal / File Overwrite
Posted Apr 19, 2015
Authored by Imre Rad

ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.

tags | exploit, file inclusion
advisories | CVE-2014-7951
SHA-256 | 05f57d5729d25c00164ccfa74bfb76fe4328bb79a10efd4cf3e895cd21b26843
Android 4.4 MTP Path Traversal
Posted Apr 19, 2015
Authored by Imre Rad

The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-7954
SHA-256 | 9645f86fa24dbcf40e5f7dd36ca986ccbcd0f124fb94b860bde8a37c6cb42100
WordPress Content Slide 1.4.2 CSRF / Cross Site Scripting
Posted Apr 19, 2015
Authored by Tom Adams

WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 4766ca76e4e167f91e8d6586e49ab8b197c4767255485e74d57daa27c79079ed
112 ipTIME Remote Code Execution
Posted Apr 19, 2015
Authored by Pierre Kim, Alexandre Torres

Many 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.

tags | advisory, remote, root, code execution
SHA-256 | fc4b268b4814bbad49e3581dca82b41858ee28e67ff5515ee4dee66d9f8e5093
Android Backup Agent Arbitrary Code Execution
Posted Apr 19, 2015
Authored by Imre Rad

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

tags | exploit, arbitrary, shell
advisories | CVE-2014-7951
SHA-256 | 179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87
WordPress Citizen Space 1.1 Cross Site Scripting
Posted Apr 19, 2015
Authored by Glyn Wintle

WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f85ae4ff7e5349a8c27498d31e4740d3b651ac5a808ca4756f703363ae30f397
Mac OS X Local Denial Of Service
Posted Apr 19, 2015
Authored by Maxime Villard

Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.

tags | exploit, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2015-1100
SHA-256 | 8b8206b45dab552c0adf67970b3e4fcfdbb4fc7e2eb2c3e21b6e0df9e621e2d3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close