exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2018-01-05

VMware Security Advisory 2018-0003
Posted Jan 5, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0003 - vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2017-4945, CVE-2017-4946, CVE-2017-4948
SHA-256 | eda449e04f34f16fda9cbfb8f4f7d2b670283db5ad64c5df8ed4051df5360faa
Debian Security Advisory 4078-1
Posted Jan 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4078-1 - Multiple researchers have discovered a vulnerability in Intel processors, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.

tags | advisory, arbitrary, kernel
systems | linux, debian
advisories | CVE-2017-5754
SHA-256 | dba809dcfb07739de957d422e40b3b83ab100b0b0ab6c09e21819f31a77e56c2
Ayukov NFTP FTP Client Buffer Overflow
Posted Jan 5, 2018
Authored by sinn3r, Daniel Teixeira, Berk Cem Goksel | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD FTP Client 2.0 and earlier. By responding with a long string of data for the SYST request, it is possible to cause a denial-of-service condition on the FTP client, or arbitrary remote code execution under the context of the user if successfully exploited.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2017-15222
SHA-256 | e500bee98162a4112d002590455f02ce9655420dd5457db5a183759e204c9aca
VMware Workstation ALSA Config File Local Privilege Escalation
Posted Jan 5, 2018
Authored by Brendan Coles, Jann Horn | Site metasploit.com

This Metasploit module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This Metasploit module has been tested successfully on VMware Player version 12.5.0 on Debian Linux.

tags | exploit, root
systems | linux, debian
advisories | CVE-2017-4915
SHA-256 | c82f5471028db8f14a58823ca9cf2f8d0e9d04c4729b84df6afb7c957fb97cb5
Joomla Ad Agency 6.0.9 SQL Injection
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Joomla Ad Agency component version 6.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d91fb71cc5031609953356ee0e010d6a537874af7241f0698577e87fb29484f9
Icyphoenix 2.2.0.105 SQL Injection
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Icyphoenix version 2.2.0.105 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | d20bdf77b0094b9901ccba31b373b5aa438985e47062dec9a04d202e88f178ce
WDMyCloud 2.30.165 CSRF / File Upload / Code Execution / Backdoor / DoS
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure, file upload, csrf
SHA-256 | ce132c1c025b9c99726907316a22365125d232109740666b4c9f8d0eab5e2273
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.

tags | exploit, shell, root
SHA-256 | 3175543cab0a2c0cb2bc860f1b30d10378dff5f312632ca9ec263bf5372403af
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.

tags | exploit, shell, root
SHA-256 | addbabad254d2c62cc2568d94364398b112815e807d11bba42ea1c6c550f8dea
D-Link DNS-320L ShareCenter Backdoor Account / Remote Root
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-320L ShareCenter contains a backdoor account that allows for remote root command execution.

tags | exploit, remote, root
SHA-256 | acd60d040c7712f3d33b0be911ce4f5bdf7d9de33338a9562900b73c80bce2d9
Red Hat Security Advisory 2018-0040-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0040-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | a55d28f2a01de88f599b43c2fba9da2810efcc54aa958a8b16577356c17e174f
Red Hat Security Advisory 2018-0029-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0029-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
SHA-256 | d37eee8b7062eccfb75c6cb84e59e2b4ff1635181def5c21c3e0b83d8fbea44b
Red Hat Security Advisory 2018-0036-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0036-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 32e8bd0f04aa25d7463301cd5d2116d054cfb8b774be34a0a375c28329ba541f
Red Hat Security Advisory 2018-0037-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0037-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 71023e12ce7e942157b22625bd036b141d27fdc46fd32e6b1e35c576eb1ba08f
Red Hat Security Advisory 2018-0034-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0034-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | daa5aaf9d0b456df410ac53537fe2fd289039088e51ffa3855e6012deb2ab557
Red Hat Security Advisory 2018-0038-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0038-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 7ef16f863594d9a8bd0c23c3014f5411927c1e13def1f2abe78d9d94e5a01dd6
Red Hat Security Advisory 2018-0039-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0039-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 1c47e574ddcc2eb526c1819dc206a80834aa0d8bde35f083d157cd5fa5c20600
Red Hat Security Advisory 2018-0035-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0035-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | fb3f3fcac3f352c430ef270d98ffa63892a020f35116f3c12b981edad1fc527f
Red Hat Security Advisory 2018-0031-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0031-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
SHA-256 | fe3615357b9f188a6726d39bc66e4747b294d4517d7503eb5e0942fdf69f28c4
Red Hat Security Advisory 2018-0030-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0030-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
SHA-256 | 05348d774a9ab12d4cc393c7b91f212581f545d9269c1b4302bd56230a59917a
Red Hat Security Advisory 2018-0032-01
Posted Jan 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0032-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.

tags | advisory
systems | linux, redhat
SHA-256 | ccf4d8f8e6ea6bbfd18d5fc84c37e967f8ade6334402b5eca972ea070fbed26e
SonicWall SonicOS NSA Filter Bypass
Posted Jan 5, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall SonicOS NSA suffers from a filter bypass vulnerability.

tags | exploit, bypass
SHA-256 | 563d648e34088d7187e3729512af54d17312296691441955fe4c891b008da166
Doma 3.0.6 Cross Site Scripting
Posted Jan 5, 2018
Authored by indoushka

Doma version 3.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d43eb6226b2bbcf824018858584f862893aff9a7e877168ec9390557ab456efb
Joomla JUX Real Estate 3.3.0 SQL Injection
Posted Jan 5, 2018
Authored by Bilal Kardadou

Joomla JUX Real Estate extension version 3.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 074ad832d2ad69c54f1b682de0070b5c74f7685237e5e93e339fcc3326acb861
Joomla JMultipleHotelReservation 6.0.5 SQL Injection
Posted Jan 5, 2018
Authored by Bilal Kardadou

Joomla JMultipleHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4308af8e7c13ece98680b10ae8c6ecbc0e924e210cb1c53e23f4b9c29f6ec5d9
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close