Twenty Year Anniversary

Recent Files

Files RSS Feed
Facebook And Google Reviews System For Businesses 1.1 Code Execution
Posted Dec 14, 2018
Authored by Ihsan Sencan

Facebook And Google Reviews System For Businesses version 1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
Facebook And Google Reviews System For Businesses 1.1 SQL Injection
Posted Dec 14, 2018
Authored by Ihsan Sencan

Facebook And Google Reviews System For Businesses version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
GNU inetutils 1.9.4 telnet.c Overflows
Posted Dec 14, 2018
Authored by Hacker Fantastic

GNU inetutils versions 1.9.4 and below are vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern browsers no longer support telnet:// handlers, but in instances where URI handlers are enabled to the inetutils telnet client this issue maybe remotely triggerable. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. A heap-overflow is also present which can be triggered in a different code path due to supplying oversized environment variables during client connection code.

tags | exploit, remote, overflow, shell
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Posted Dec 14, 2018
Authored by Hacker Fantastic

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.

tags | exploit, arbitrary, shell, root
YSTS 2019 Call For Papers
Posted Dec 14, 2018
Site ysts.org

The 2019 edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on May 27th, 2019.

tags | paper, conference
Huawei Router HG532e Command Execution
Posted Dec 14, 2018
Authored by Rebellion

Huawei Router HG532e command execution exploit.

tags | exploit
Angry IP Scanner 3.5.3 Denial Of Service
Posted Dec 14, 2018
Authored by Fernando Cruz

Angry IP Scanner version 3.5.3 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
Facebook And Google Reviews System For Business 1.0 CSRF
Posted Dec 14, 2018
Authored by Veyselxan

Facebook And Google Reviews System For Business version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
GNU Privacy Guard 2.2.12
Posted Dec 14, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
Zortam MP3 Media Studio 24.15 Local Buffer Overflow
Posted Dec 14, 2018
Authored by Manpreet Singh Kheberi

Zortam MP3 Media Studio version 24.15 SEH local buffer overflow exploit.

tags | exploit, overflow, local
Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal
Posted Dec 14, 2018
Authored by farisv

Responsive FileManager version 9.13.4 suffers from bypass, cross site scripting, remote file read, remote file write, and traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, file inclusion
Cisco RV110W Password Disclosure / Command Execution
Posted Dec 14, 2018
Authored by RySh

Cisco RV110W suffers from password disclosure and command execution vulnerabilities.

tags | exploit, vulnerability, info disclosure
systems | cisco
UltraISO 9.7.1.3519 Output FileName Denial Of Service
Posted Dec 14, 2018
Authored by Francisco Ramirez

UltraISO version 9.7.1.3519 Output FileName denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
Double Your Bitcoin Script Automatic 2018 SQL Injection
Posted Dec 14, 2018
Authored by Veyselxan

Double Your Bitcoin Script Automatic 2018 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
WebKitGTK+ / WPE WebKit Memory Corruption / Code Execution
Posted Dec 13, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.

tags | advisory, vulnerability, code execution
Safari Proxy Object Type Confusion
Posted Dec 13, 2018
Authored by saelo | Site metasploit.com

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.

tags | exploit, arbitrary, javascript
Windows UAC Protection Bypass
Posted Dec 13, 2018
Authored by Fabien Dromas | Site metasploit.com

This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.

tags | exploit, registry
Falco 0.13.0
Posted Dec 13, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Added support for K8s Audit Events. Various other updates.
tags | tool, intrusion detection
systems | unix
Micro Focus Security Bulletin MFSBGN03835 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.

tags | advisory, arbitrary, local, vulnerability
Micro Focus Security Bulletin MFSBGN03837 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
Red Hat Security Advisory 2018-3816-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.

tags | advisory, web, ruby
systems | linux, redhat
Debian Security Advisory 4354-1
Posted Dec 13, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

tags | advisory, web, arbitrary
systems | linux, debian
WebDAV Server Serving DLL
Posted Dec 13, 2018
Authored by Ryan Hanson, James Cook | Site metasploit.com

This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached.

tags | exploit, local
systems | windows
Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference
Posted Dec 13, 2018
Authored by Alt3kx

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users.

tags | exploit, local
Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference
Posted Dec 13, 2018
Authored by Alt3kx

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to user projects.

tags | exploit
View Older Files →

Recent News

News RSS Feed
Hacker Banner Ads Are Totally Wild
Posted Dec 15, 2018

tags | headline, hacker, cybercrime
Special Counsel Slams Michael Flynn's Criticism Of FBI Interview
Posted Dec 15, 2018

tags | headline, government, usa, fbi
Facebook Could Face Billion Dollar Fine For Data Breaches
Posted Dec 15, 2018

tags | headline, government, privacy, data loss, facebook, social
Sextortion Gang Found To Be Behind Email Bomb Threat Spree
Posted Dec 15, 2018

tags | headline, malware, cybercrime, terror
Facebook Exposed Up To 6.8 Million Users' Private Photos
Posted Dec 15, 2018

tags | headline, privacy, data loss, flaw, facebook, social
Logitech App Security Flaw Allowed Keystroke Injection Attacks
Posted Dec 14, 2018

tags | headline, flaw
Save The Children Foundation Duped By Hackers Into Paying Out $1 Million
Posted Dec 14, 2018

tags | headline, hacker, cybercrime, fraud
Nintendo Sues Californian For Selling Modded NES Classic And Switch Hacks
Posted Dec 13, 2018

tags | headline, hacker, usa, nintendo
Charming Kitty Targeting US, Arab Officials In Wake Of Iran Sanctions
Posted Dec 13, 2018

tags | headline, government, usa, fraud, phish, iran
Extortion Emails Carrying Bomb Threats Cause Panic Across The US
Posted Dec 13, 2018

tags | headline, email, cybercrime, fraud, terror
View More News →

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close