exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2014-01-07

vm86 Syscall Linux Root Privilege Escalation
Posted Jan 7, 2014
Authored by halfdog

The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating of old 8086 software as done with dosemu, was prone to trigger FPU errors. Closer analysis showed, that in general, the handling of the FPU control register and unhandled FPU-exception could trigger CPU-exceptions at unexpected locations, also in ring-0 code. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
SHA-256 | c0d7b7b3940841dcb9f666f46a4adb35352ef1442a9a3e3f3fde132e5689e1ef
Spamina Email Firewall 3.3.1.1 Directory Traversal
Posted Jan 7, 2014
Authored by Sisco Barrera

Spamina Email Firewall version 3.3.1.1 suffers from multiple directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
SHA-256 | c2e61c56d5fe28f5d6fee6b4c1a3e0cc6c2f56409908e471f9bd8fd501c9d352
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Posted Jan 7, 2014
Authored by Ahmed Elhady Mohamed

GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-7243
SHA-256 | 673085354c1aa7a5d4988c8b7f096e0d825a07b9c4a4d58be0153ed65f72251d
Dredge School Administration System 1.0 SQL Injection / XSS / CSRF
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Dredge School Administration System version 1.0 suffers from backup disclosure, account disclosure, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | eaa701db8fbc9aa704db6e8e1be81611fe3f74c47f614015cbb7b7a87085e20e
Middle School Homework Page 1.3 Beta 1 Cross Site Scripting / SQL Injection
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Middle School Homework Page version 1.3 Beta 1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | fcd3ad9c7685362a7f5ddb3ff01ea249fd41a62d27a1e24dce1b1576f9bd6707
Command School Student Management System 1.06.01 SQL Injection / CSRF / XSS
Posted Jan 7, 2014
Authored by AtT4CKxT3rR0r1ST

Command School Student Management System version 1.06.01 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | f21fadfba66ed93c307bc2f7a2247cee0d8a016bcb82c7f40566e62dc5b4bc10
Digital Whisper Electronic Magazine #48
Posted Jan 7, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 48. Written in Hebrew.

tags | magazine
SHA-256 | c748dd0a6267a1a3e08c20f93993e12845f13ee32d72463eaa00cb58a68b0971
Joomla Aclsfgpl Shell Upload
Posted Jan 7, 2014
Authored by TUNISIAN CYBER

The Joomla Aclsfgpl component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ffdc2dca430359bb550c7f9e7de6df509bff1d997c0bf10e1f18cee2fa5e16f0
HITB Magazine Volume 4 Issue 10
Posted Jan 7, 2014
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 4 Issue 10 - Topics include TCP Idle Scans in IPv6, You Can Be Anything You Want To Be, and more.

tags | tcp, magazine
SHA-256 | 50cfbbcf7deacef2c4378690b5e16d7bfaaee94a8a5e0d5c9d30a98824a75c6e
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20131230
Posted Jan 7, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release follows the upstream's release of tor-0.2.4.20. The kernel was also updated to Linux-3.12.6 plus Gentoo's hardened-patches-3.12.4-3.extras, but all other components were kept at the same version as the 20131216 release.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | f262d9d4e30f00b9c21d25b430a6d1ba20e3d76c897a5079541ffee7453bc9ee
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20131230
Posted Jan 7, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release follows the upstream's release of tor-0.2.4.20. The kernel was also updated to Linux-3.12.6 plus Gentoo's hardened-patches-3.12.4-3.extras, but all other components were kept at the same version as the 20131216 release.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 44be22bf97825e0e955f61b5ea9b904e798468040fba6b9cec9c5ec189a4f454
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
Posted Jan 7, 2014
Authored by EgiX, juan vazquez | Site metasploit.com

vTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested successfully on vTiger CRM v5.4.0 over Ubuntu 10.04 and Windows 2003 SP2.

tags | exploit, arbitrary, php, vulnerability, file upload
systems | linux, windows, ubuntu
advisories | CVE-2013-3214, CVE-2013-3215, OSVDB-95902, OSVDB-95903
SHA-256 | 096231674c8f8b909aa615a43b74ff7759a1a02e9d084e43958295c8fdccd15f
Xplico Network Forensic Analysis Tool 1.1.0
Posted Jan 7, 2014
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: This release improves performance, and adds the new dissectors Yahoo Messenger, Cisco HDLC, and Null/Loopback. The nDPI library has been updated. Alice Webmail and Libero Webmail decoding have been added.
tags | tool, imap, forensics
systems | linux
SHA-256 | 3e0854ca7338efe0a0688525ac09c015a0cf8cc16db0840fa5c65351038594ac
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close