exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2015-12-11

Nmap Port Scanner 7.01
Posted Dec 11, 2015
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Switched to using gtk-mac-bundler and jhbuild for building the OS X installer. The Windows installer is now built with NSIS 2.47 which features LoadLibrary security hardening to prevent DLL hijacking and other unsafe use of temporary directories. Various other updates and fixes.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | 8caf3acbe93c0fa0a685c3e6fb3a5f80ce49936bd7d40269a09b3ead6fd85ed5
360-FAAR Firewall Analysis Audit And Repair 0.5.1
Posted Dec 11, 2015
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: Various updates.
tags | tool, perl
systems | unix
SHA-256 | a8e32234f578754b37ce8bdc22530da80aaa346eeb887205429ab1efb9df6612
Microsoft Security Bulletin Revision Increment For December, 2015
Posted Dec 11, 2015
Site microsoft.com

This bulletin summary lists MS15-131 which has undergone a major revision increment.

tags | advisory
SHA-256 | 25a6d385eb36e00ccebf5ca52b9cbd4475b6af310e6e5f48798c58e29df38f33
Microsoft IE 11 MSHTML!CObjectElement Use-After-Free
Posted Dec 11, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability.

tags | exploit
advisories | CVE-2015-6152
SHA-256 | e3a600a83bd36797b98db962833ac5481dc99968f9a214f43e970ffe3c05e463
Windows Null-Free WinExec Shellcode
Posted Dec 11, 2015
Authored by B3mB4m

This is a tool written in python to generate shellcode to use on Microsoft Windows.

tags | shellcode, python
systems | windows
SHA-256 | 9d065a62ed93f7dd05b3cec4122bdafed6c4c329cba2f1483ffa7f10c8ed93d2
WordPress 4.4 User Enumeration
Posted Dec 11, 2015
Authored by John Martinelli from ISRD.com

WordPress versions 4.4 and below leak whether or not a username exists in their login flow.

tags | advisory, info disclosure
SHA-256 | 1fcd8c4fe8a6f66633988433b2ccfbe5217d776751625c4284b08e7c7dd51fe0
Skybox Platform 7.0.611 XSS / SQL Injection / Code Execution
Posted Dec 11, 2015
Authored by Kestutis Gudinavicius, M. Heinzl, C. Schwarz | Site sec-consult.com

Skybox Platform versions 7.0.611 and below suffer from code execution, remote SQL injection, cross site scripting, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
SHA-256 | d2a34290d02d3f2013ecd41c823081fe86b61aaf79b73808107e70eb70589040
Joomla Nice Ajax Poll 1.4.0 SQL Injection
Posted Dec 11, 2015
Authored by indoushka

Joomla Nice Ajax Poll component version 1.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 999349e579efada72ac547ea793f015dd38c91cc1fac1c44000cb9f50c0e371e
Gokhan Balbal 2.0 Cross Site Request Forgery
Posted Dec 11, 2015
Authored by KnocKout

Gokhan Balbal version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | fa2529c6f694bbe9e957fc6932cfd9ad9c0cc8b4544e9a9c73de2eb7f672761e
WordPress S3 Video Remote Shell Upload
Posted Dec 11, 2015
Authored by Manish Tanwar

WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected.

tags | exploit, remote, shell
SHA-256 | 563b4cd0c2c6daa144905e2889e1612af5145d83c473ba6fede7862ab1e6634c
Legend Perl IRC Bot Remote Code Execution
Posted Dec 11, 2015
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits a remote command execution on the Legend Perl IRC Bot . This bot has been used as a payload in the Shellshock spam last October 2014. This particular bot has functionalities like NMAP scanning, TCP, HTTP, SQL, and UDP flooding, the ability to remove system logs, and ability to gain root, and VNC scanning. Kevin Stevens, a Senior Threat Researcher at Damballa has uploaded this script to VirusTotal with a md5 of 11a9f1589472efa719827079c3d13f76.

tags | exploit, remote, web, root, udp, perl, tcp
SHA-256 | 0cc139b4c6b9c45be686acca2dd23b5b8721a770d99f66699d03a8dd546d9d45
Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution
Posted Dec 11, 2015
Authored by Jay Turla, Matt Thayer, Conor Patrick | Site metasploit.com

This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. The bot answers only based on the servername and nickname in the IRC message which is configured on the perl script thus you need to be an operator on the IRC network to spoof it and in order to exploit this bot or have at least the same ip to the config.

tags | exploit, remote, perl, spoof
SHA-256 | dcceeba8df965c1937cb0d548603d7c0459697a03cebe3401045655277b8c71c
Pacom 1000 CCU Crypto Shortcomings
Posted Dec 11, 2015
Authored by Peter Norin, Fredrik Soderblom, Joachim Strombergson

Pacom 1000 CCU suffers from a multiple cryptography implementation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-3260
SHA-256 | 8ffb6582450cc66bf6ede0f129ed03b875df1b0ccd435a123b1858fbdab968f4
NorthSec 2016 Call For Papers
Posted Dec 11, 2015
Site nsec.io

NorthSec 2016 has announced its Call For Papers. It will be held in Montreal, Canada, from May 19th through the 22nd.

tags | paper, conference
SHA-256 | c2561d2a63bfca599dd6edd937f2281770b64d59e90ab1e453142b5301209b00
Intellect Core Cross Site Scripting
Posted Dec 11, 2015
Authored by Mayank Sahu

Intellect Core banking software suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6540
SHA-256 | 2cca788a0101e294e002a3aaca72939892cb1b853ebe84c8c623baab3a6030bb
bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion
Posted Dec 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

bitrix.mpbuilder Bitrix module version 1.0.10 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-8358
SHA-256 | d688c669bf51931323bfe010133ed5178c3bc69c4822fcbcef048fa6af5234b7
bitrix.scan Bitrix 1.0.3 Path Traversal
Posted Dec 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-8357
SHA-256 | 2597e943c082033362d873c1d67295bf6b0ccf2722b1674c326fb2f013ae86ce
Red Hat Security Advisory 2015-2615-01
Posted Dec 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2615-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-7528
SHA-256 | f3432d0be559e3976310498033991e4fae6baae5512185c47a942eda1c490353
Ubuntu Security Notice USN-2825-1
Posted Dec 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2825-1 - Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. CVE-2015-6766, Several security issues were discovered in the DOM implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6777, CVE-2015-6782, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786, CVE-2015-6787, CVE-2015-8478
SHA-256 | 4da9c3cf0f733a42582f27bea8982b75d1b1b1242d5e1007ac38b7238ac1a022
Google Chrome DLL Hijack
Posted Dec 11, 2015
Authored by Stefan Kanthak

Google Chrome's executable installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 224bde92e1c40f51d2ba4b1e631e936dfa88b0fa7bd117702757729ad0205941
Open Audit SQL Injection
Posted Dec 11, 2015
Authored by WICS

Open Audit suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bcfc62474798ca66ef7622a1ebcfde6d125dc0189aaadd35a9cae62c7c6d4ce
Secure Data Space 3.1.1-2 Cross Site Scripting
Posted Dec 11, 2015
Authored by Thomas Vogt

Secure Data Space version 3.1.1-2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7706
SHA-256 | 21d85419db2cf61897ddaa7df479ae426c984baa1983a1fc1425810159174864
Pe 2.4.3 Buffer Overflow
Posted Dec 11, 2015
Authored by Juan Sacco

Pe versions 2.4.3 and below suffer from a stack-based local buffer overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

tags | exploit, overflow, local
SHA-256 | 4f3c249c6485d838d82f788c55186dd86c268e12130b5e71b799ffcc52121624
Rightel Cross Site Scripting
Posted Dec 11, 2015
Authored by Ehsan Hosseini

The Rightel mobile provider suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0877f4b789e565b62c7b4923e7cabb48f3fe5b8a8d9632c60fdda7427ce00f8e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close