what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2017-11-03

Splunk 6.6.x Local Privilege Escalation
Posted Nov 3, 2017
Authored by Hank Leininger | Site korelogic.com

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.

tags | exploit, local, root
SHA-256 | 927ecfe19fe31d3c7e09dd53fc3c4d83c00e61f2fd48f776a815cc3fefe9be2c
Debian Security Advisory 4015-1
Posted Nov 3, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4015-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 05931432fc88d655f4b2cd845ab81c58a2e1806d1213ccb724e51f1214d6a6b8
Tor Browser 7.0.8 IP Address Leak
Posted Nov 3, 2017
Authored by Filippo Cavallarin

TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.

tags | advisory, remote, web
systems | linux, apple, osx
SHA-256 | 98ad8fa1e2be0c10bbbb3b46fcb9cb4ff3e65dec0ce7c05e95e2dbb0691343c0
Ipswitch WS_FTP Professional Local Buffer Overflow
Posted Nov 3, 2017
Authored by Kevin McGuigan

Ipswitch WS_FTP Professional versions prior to 12.6.0.3 local buffer overflow SEH exploit.

tags | exploit, overflow, local
advisories | CVE-2017-16513
SHA-256 | 6251e99643355dfce8158d85ccce36a17dc15e2814768c499352c915ae361095
tnftp "savefile" Arbitrary Command Execution
Posted Nov 3, 2017
Authored by wvu, Jared McNeill | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename begins with a "|" character, tnftp will pass the fetched resource's output to the command directly following the "|" character through the use of the popen() function.

tags | exploit, arbitrary
advisories | CVE-2014-8517
SHA-256 | cb3ce61975554a3297a24930dd020c04ec845fcbd5d8eef10ec56929627059be
WordPress WP Mobile Detector 3.5 Shell Upload
Posted Nov 3, 2017
Authored by h00die, Aaditya Purani | Site metasploit.com

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
SHA-256 | 78c713af652be903f93b72d84bd37300ff88c13c97f655448730f42c48f8d6a6
Ladon Framework For Python 0.9.40 XXE Injection
Posted Nov 3, 2017
Site redteam-pentesting.de

Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40 and below are affected.

tags | exploit, web, local, xxe
SHA-256 | ed8acdbe74a60413ec64bf7ee626907c637009037aa099593ef2ffdb4b694c81
WordPress JTRT Responsive Tables 4.1 SQL Injection
Posted Nov 3, 2017
Authored by Lenon Leite

WordPress JTRT Responsive Tables plugin version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a1f25b1c18c3daec7d835741053221d7028b919fcb427404e5f48ed8fc918d25
GraphicsMagick Memory Disclosure / Heap Overflow
Posted Nov 3, 2017
Site securiteam.com

GraphicsMagick suffers from memory disclosure and heap overflow vulnerabilities.

tags | exploit, overflow, vulnerability, info disclosure
advisories | CVE-2017-16352, CVE-2017-16353
SHA-256 | 1ceae2893354ae8766e467b9dfa2dd7ac16088ecf0efee28ed81a3309833aea2
Oracle PeopleSoft Enterprise PeopleTools Remote Code Execution
Posted Nov 3, 2017
Authored by Charles FOL

Oracle PeopleSoft Enterprise PeopleTools versions prior to 8.55 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-3548
SHA-256 | e7ca7f1dfaf0427d15e6728d2323dfd98cf6d0d01d7466ab23ceea3a1e534852
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close