seeing is believing
Showing 1 - 25 of 167 RSS Feed

Files

Packet Storm New Exploits For October, 2015
Posted Nov 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 166 exploits that were added to Packet Storm in October, 2015.

tags | exploit
systems | linux
MD5 | f7a8c465c3c47d8975ca49d967f015cb
Python 3.4 / 3.5 xmlparse_setattro() Type Confusion
Posted Oct 31, 2015
Authored by John Leitch

Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.

tags | exploit, python
MD5 | 70d4f19e98a6ca159c903fd1b9a473ed
tools.cisco.com Cross Site Scripting
Posted Oct 31, 2015
Authored by Yann CAM

Cisco's tools site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | cisco
MD5 | 0ed07821fce53ddbe146fb054f34041c
Python 3.5 time_strftime() Buffer Over-Read
Posted Oct 31, 2015
Authored by John Leitch

Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.

tags | exploit, python
MD5 | 1cdd4118dc2118c4b2c64e9ad882eadb
PHP Server Monitor 3.1.1 Privilege Escalation
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.

tags | exploit, php
MD5 | a8d93d0765a7ef8c053689bf16f98416
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | 1fdc5c7830f2da4287fa3946e611790a
eBay Magento XXE Injection
Posted Oct 30, 2015
Authored by Dawid Golunski

eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.

tags | exploit
MD5 | d2181bd7beca099c282ae1ffab5c7129
Pligg CMS 2.0.2 SQL Injection
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e705ad82b5f949eb6258c6cf69e353c4
Pligg CMS 2.0.2 Directory Traversal
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 099c1daa6ff543433a0f7a9e639d18c3
Pligg CMS 2.0.2 CSRF / Code Execution
Posted Oct 30, 2015
Authored by Tim Coen | Site curesec.com

Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
MD5 | b83af660caef210e0cc64398f4838206
Python 3.5 scan_eol() Buffer Over-Read
Posted Oct 30, 2015
Authored by John Leitch

Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.

tags | exploit, python
MD5 | 515b5867e161a589089030fb49cd7c81
Libstagefright Saio Tag Integer Overflow / Heap Corruption
Posted Oct 29, 2015
Authored by Chris Evans, Google Security Research

Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3868
MD5 | 7e916b78b0e2070a0f07e3934a07f382
Libstagefright Integer Overflow Check Bypass
Posted Oct 29, 2015
Authored by Google Security Research, natashenka

Libstagefright integer overflow checks can be bypassed with extended chunk lengths.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-1538
MD5 | 2731337a16f999a4060fa253ef21824e
Oxwall 1.7.4 Cross Site Request Forgery
Posted Oct 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-5534
MD5 | 0fb896721d9c1e4acd543f69345e3e3a
Joomla JNews SQL Injection
Posted Oct 29, 2015
Authored by Omer Ramic

The Joomla JNews component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bc7bf9e7ad9f734975bd87bee14dca4d
Mozilla SETUP.EXE DLL Injection
Posted Oct 29, 2015
Authored by Stefan Kanthak

Mozilla's SETUP.exe suffers from a classic DLL injection vulnerability.

tags | exploit
MD5 | 12febf8bf291d45127ff72c6378cdf0d
Serendipity 2.0.2 Cross Site Scripting
Posted Oct 28, 2015
Authored by Vadodil Joel Varghese

Serendipity version 2.0.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 353a34fc64a801fa92805669738dbcf8
Samsung M2m1shot Kernel Driver Buffer Overflow
Posted Oct 28, 2015
Authored by Google Security Research, hawkes

The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint (/dev/m2m1shot_jpeg) is accessible by the media server. The Samsung S6 Edge is a 64-bit device, so a compatibility layer is used to allow 32-bit processes to provide structures that are expected by the 64-bit driver. There is a stack buffer overflow in the compat ioctl for m2m1shot.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-7892
MD5 | db1dc1c9fb0edf79900cfbb5e71d03a4
Samsung Fimg2d FIMG2D_BITBLT_BLIT Ioctl Concurrency Flaw
Posted Oct 28, 2015
Authored by Google Security Research, leecam

The Samsung Graphics 2D driver (/dev/fimg2d) is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains a locking error which can lead to memory errors (such as use-after-free) due to a race condition.

tags | exploit
systems | linux
advisories | CVE-2015-7891
MD5 | d21e0c61c2ba46b98d24bbbd327fe2f0
Samsung SecEmailComposer QUICK_REPLY_BACKGROUND Permission Weakness
Posted Oct 28, 2015
Authored by Google Security Research, forshaw

The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content.

tags | exploit
systems | linux
advisories | CVE-2015-7889
MD5 | e00fb26f301383f9782fcee941870eb1
Samsung WifiHs20UtilityService Path Traversal
Posted Oct 27, 2015
Authored by Google Security Research, markbrand

A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-7888
MD5 | c3c06ce6ad0f16ab90edf812be408f97
Joomla 3.44 SQL Injection
Posted Oct 27, 2015
Authored by MakMan

Joomla remote SQL injection mass exploitation tool that affects versions 3.2 through 3.44.

tags | exploit, remote, sql injection
systems | linux
advisories | CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
MD5 | a4e9ab5ee1c76e10e97f89aaa607095e
Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation
Posted Oct 27, 2015
Authored by rebel, shandelman116 | Site metasploit.com

This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-5889
MD5 | dc4258c8896b5eff92876ba20f531ffd
Th3 MMA mma.php Backdoor Arbitrary File Upload
Posted Oct 27, 2015
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.

tags | exploit, arbitrary, kernel, php, code execution, file upload
systems | linux
MD5 | 26766b958880f49852cf7d50e27b5f16
articleFR 3.0.7 Arbitrary File Read
Posted Oct 26, 2015
Authored by cfreer, 0keeteam

articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2015-6591
MD5 | 3df12522a4ab174c179d277c31bcbb58
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close