Leaderboard

This archive contains all of the 207 exploits added to Packet Storm in June, 2017. Content: advisory.txt GS20170621005447.tgz aerohive-exec.txt GS20170621005542.tgz alioap60-sql.txt GS20170621005750.txt apache_activemq_upload_jsp.rb.txt GS20170624175319.tgz apcups31414-escalate.txt GS20170624175445.tgz artifexmupdfmutool-nullpointer.tgz GS20170624175528.tgz artifexmupdf-nullpointer.tgz GS20170624175607.txt avast1112253-escalate.txt GS20170624175756.tgz beetel-dnschange.sh.txt GS20170630180753.tgz BIND9-PRIVILEGE-ESCALATION.txt GS20170630180845.tgz blackcatcms12-xss.txt gstreamer-null.tgz bypassuac_fodhelper.rb.txt hppagewide-exec.txt camstudio20-xssxsf.txt hws191-exec.txt CORE-2017-0003.txt iball-dnschange.sh.txt craftcms26-xssupload.txt ipb41192-xssxsrf.txt DC-2017-01-012.txt ipfire219-exec.txt DC-2017-01-022.txt jad158-overflow.txt DC-2017-04-002-IBM-DB2-Overflow.pdf joomlajoomrecipe103-sql.txt dcos_marathon.rb.txt kbvaultmysql016a-upload.txt digitalcanalwa-overflow.txt kronostelestaff-sql.txt diskboss8016-overflow.txt lame3995iii-overflow.tgz diskpulse9726-overflow.txt lame3995stepone-overflow.tgz disksorter9714input-overflow.txt libcroco-dos.tgz disksorter9714-overflow.txt libquicktime-dos.tgz dlink2640b-dnschange.sh.txt Linux_ldso_dynamic.c dlink2640b_SEA_1.01-dnschange.sh.txt Linux_ldso_hwcap_64.c dlink2640-dnschange.sh.txt Linux_ldso_hwcap.c dlinkdir100-xsrf.txt Linux_offset2lib.c dnstracer181-overflow.txt linux_sudo_cve-2017-1000367.c easyfilesharing_post.rb.txt lkkeyctl-dos.txt easymovcon1424-overflow.txt lkping-dos.txt ecomcart13-sql.txt logpoint-exec.txt ecs31-overflow.txt macosdiskarb-race.txt ecs31pass-disclose.txt mapscrn-overflow.txt ecs31-passwordreset.txt mikrotik-6-39-2ftp_buffer.py.txt efsws72account-overflow.txt mikrotik_cook_http_buffer.py.txt efsws72-bypass.txt mikrotik-overflow.py.txt efsws72gethttp-overflow.txt mmdm-dllhijack.txt efsws72postdep-overflow.txt msdotnet-dllhijack.txt efsws72post-overflow.txt msdynamiccrm-xss.txt ektron910sp1-xss.txt mswordmta-exec.txt elteksmartpack-backdoor.txt mybb-xss-fileenum.txt faad2-dos.tgz NAsamba.pl.txt fasm-overflow.txt NetBSD_CVE-2017-1000375.c FreeBSD_CVE-2017-1085.c netgear_dnslookup_cmd_exec.rb.txt FreeBSD_CVE-2017-FGPE.c nmep-escalate.txt FreeBSD_CVE-2017-FGPU.c ntfs31-dos.txt glpi0904-sql.txt nuevomailer6-sql.txt gnubinutilsaarch64-overflow.tgz OpenBSD_at.c gnubinutilsbfd-overflow.tgz parallels-desktop12-vm-escape.txt gnubinutilsdecodepseudo-overflow.tgz parallels-desktop-vm-escape.txt gnubinutilsdisassemble-overflow.tgz paulshop-sql.txt gnubinutilsieee-overflow.tgz phpmailer-xss.txt gnubinutilsinsn-overflow.tgz puttysshagent-overflow.txt gnubinutilsrxdecode-overflow.tgz QSA-20170601-2.txt googlechromev8-exec.txt realestateclassifieds-sql.txt gravcms142-xss.txt reiserfstune3625-overflow.txt GS20170601000226.txt riverbedsteelheadvcx-fileread.txt GS20170601000542.txt robert05-xssxsrftraversalsql.txt GS20170601000718.txt SA-20170607-0.txt GS20170601000844.txt SA-20170613-0.txt GS20170601001027.txt SA-20170622-0.txt GS20170601001134.txt safari101-overflow.tgz GS20170606141325.tgz schneiderelectricwiws-perms.txt GS20170613001803.tgz simplece230-xssxsrf.txt GS20170613133910.tgz sitecore72-xss.txt GS20170613134001.tgz Solaris_rsh.c GS20170613134052.tgz sophoscyberoam-xss.txt GS20170615234417.txt ssl_uaf.rb.txt GS20170615234641.txt SUBSONIC-CSRF-PERSISTENT-XSS.txt GS20170615234933.txt SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt GS20170615235223.txt SUBSONIC-PASSWORD-RESET-CSRF.txt GS20170621000010.tgz SUBSONIC-XML-EXTERNAL-ENITITY.txt GS20170621000128.tgz symantec_messaging_gateway_exec.rb.txt GS20170621000448.tgz syncbreeze9726-overflow.txt GS20170621000601.tgz SYSS-2017-018.txt GS20170621000701.tgz teamspeak314-overflow.txt GS20170621001802.tgz telegram3401-bypass.txt GS20170621001935.tgz UTstarcom-dnschange.sh.txt GS20170621002106.tgz vaadin776-xss.txt GS20170621002221.tgz VL-1973.txt GS20170621002505.tgz VL-2066.txt GS20170621002612.tgz VL-2067.txt GS20170621002722.tgz VL-2071.txt GS20170621002840.tgz VL-2073.txt GS20170621002954.tgz VL-2075.txt GS20170621003106.tgz VL-2076.txt GS20170621003438.tgz vmwarevsphere-deserialize.txt GS20170621003537.tgz vmwarews12pro-dos.txt GS20170621003652.tgz vxsearchenterprise9718-overflow.txt GS20170621003811.tgz wm2212-dos.tgz GS20170621003914.tgz wondercms210-xsrf.txt GS20170621004015.tgz wpdownloadmanager2951-xss.txt GS20170621004107.tgz wpeventlist078-sql.txt GS20170621004207.tgz wpformcraft105-sql.txt GS20170621004313.tgz wpjobmanager1261-xss.txt GS20170621004445.tgz wpjobs14-sql.txt GS20170621004712.tgz wpphotogallery1342-traversal.txt GS20170621004811.tgz wptestimonials-sql.txt GS20170621004907.tgz wpupc422-sql.txt GS20170621005001.tgz ws226-dos.tgz GS20170621005051.tgz X41-2017-005.txt GS20170621005218.tgz ZSL-2017-5413.txt GS20170621005320.tgz ZSL-2017-5414.txt Download: 1706-exploits.tgz (743.8 KB) Source

Exercitii: http://malware-traffic-analysis.net/training-exercises.html Tutoriale: http://malware-traffic-analysis.net/tutorials/index.html

- Xeon E5405, 16GB memorie, 500GB HDD: 30 eur/lunar - Intel i5-3570, 16GB memorie, 240GB SSD: 30 eur/lunar - Intel i3-6100, 32GB memorie, 240GB SSD: 45 eur/lunar - Xeon E3110, 8GB memorie, 500GB HDD 25 eur/lunar Cate un server din fiecare, sunt scoase din folosinta de la clienti vechi ce au facut upgrade. Nu se accepta absolut nimic ilegal sau spam related. Activarea se poate face in ~ 10 minute.

A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely. The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics. Discovered by Sucuri team, WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, with at least a subscriber account, to steal sensitive information from the website's database and possibly gain unauthorized access to websites. SQL Injection is a web application bug that allows hackers to inject malicious Structured Query Language (SQL) code to web inputs in order to determine the structure and location of key databases, which eventually allows stealing of the database. The SQL injection vulnerability in WP Statistics plugin resides in multiple functions, including wp_statistics_searchengine_query(). This function does not check for additional privileges, which allows website subscribers to execute this shortcode and inject malicious code to its attributes. The researchers at Sucuri privately disclosed the flaw to the WP Statistics team and the team had patched the vulnerability in its latest version WP Statistics version 12.0.8. So, if you have a vulnerable version of the plugin installed and your website allowing user registration, you are definitely at risk, and you should install the latest version as soon as possible. Via thehackernews.com

Salut din lipsa de posturi pentru a posta in topicul free stuff o sa postez aici si daca se poate un mod sa mute postul ar fi frumos. Multumesc! Site-ul asta http://www.csgodouble.com/ este un site tip ruleta (Green, Black, Red) dubleaza bani la red si black si green x7 daca nu ma insel. In fine 1000 de coins = 1 Euro. Putin search pe net si gasiti coduri de la diversi Youtuber/Streameri si primiti 500 de puncte echivalent a 0.50 euro. Merge folosit doar odata deci incepeti cu 500 coins. Aici intervin eu ! Intrati in chrome consola si introduceti urmatoru script : http://pastebin.com/x9hr5Gw5 Folositi urmatoarele setari : http://postimg.org/image/vq8i1opr1/ Start si have fun. PS:Calculeaza singur numarul maxim de pierderi la rand. si profitul pe 24 de ore. Mentionez ca script-ul nu imi apartine dar accept donatii :https://steamcommunity.com/tradeoffer/new/?partner=189467411&token=2VLN1Par