what you don't know can hurt you
Showing 1 - 25 of 191 RSS Feed

Files

Packet Storm New Exploits For November, 2015
Posted Dec 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 190 exploits that were added to Packet Storm in November, 2015.

tags | exploit
systems | linux
MD5 | f0b0b3658156ee025472208a762f9e1d
Brocade Fabric OS 6.3.1b Weak System Configuration
Posted Nov 30, 2015
Authored by Karn Ganeshen

Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.

tags | exploit, info disclosure
systems | linux
MD5 | af834fa8d8d7ae90a0618b693088de99
HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection
Posted Nov 30, 2015
Authored by Eric Sesterhenn | Site lsexperts.de

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 400bde2bac4c7b555de4b6f5013ef7d4
Belkin N150 XSS / CSRF / Session Hijacking
Posted Nov 30, 2015
Authored by Rahul Pratap Singh

Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b89a96154a2d0883126e4c0a87679cba
Easy File Sharing Web Server 7.2 Buffer Overflow
Posted Nov 30, 2015
Authored by Knaps

Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.

tags | exploit, remote, web, overflow
MD5 | b224ead213f4f689ec1bd50840477e46
CoreMail XT3.0 Cross Site Scripting
Posted Nov 29, 2015
Authored by shack.li

CoreMail version XT3.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6942
MD5 | 361acb7ca2a38931a9de0f0d2426e0a6
MyCustomers 1.3.873 SQL Injection
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

MyCustomers version 1.3.873 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bfad2302469191df5a93dfdf9932c399
WEBONE 14 Cross Site Scripting
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

WEBONE CMS version 14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e5d423fe70e96cbbf046f03703534e5d
Mind Wave Softwares 1.2 SQL Injection
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

Mind Wave Softwares version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 656afe9dd7591baa0c9e83b7a44c880e
Visual Paradigm Server 10.0 Cross Site Scripting
Posted Nov 27, 2015
Authored by Manuel Mancera

Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e73763c29114d3906a45e2af827e569b
CIS Manager CMS 2015Q4 SQL Injection
Posted Nov 26, 2015
Authored by Sajjad Sotoudeh | Site vulnerability-lab.com

CIS Manager Content Management System 2015Q4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4cab6a8c11628061f8dbcffa84625609
BisonWare BisonFTP Server 3.5 Buffer Overflow
Posted Nov 25, 2015
Authored by localh0t, Jay Turla, veerendragg | Site metasploit.com

BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.

tags | exploit, overflow
advisories | CVE-1999-1510
MD5 | 5d283dedb9d3ab0d09f44d249431f062
SAP Sybase Adapter Server Enterprise XXE Injection
Posted Nov 25, 2015
Authored by Igor Bulatenko

SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.

tags | exploit
advisories | CVE-2013-6025, OSVDB-98655
MD5 | 958b4d1685a69af999c290f0d23845df
KNX ETS 4.1.5 Build 3246 Buffer Overflow
Posted Nov 24, 2015
Authored by Aljosha Judmayer

KNX management software ETS version 4.1.5 build 3246 suffers from a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
advisories | CVE-2015-8299
MD5 | 3d8569f1cfb99dffe62bcf29c443e919
Neos CMS 2.0.3 Cross Site Scripting / Shell Upload
Posted Nov 24, 2015
Authored by Mickael Dorigny

Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
MD5 | 9222e775606deaec1b61ea23e5246111
Microsoft Windows Ndis.sys Buffer Overflow
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.

tags | exploit, overflow
systems | linux, windows, 7
advisories | CVE-2015-6098
MD5 | f2b13494aedd7bd7a6d0d5861a608f06
NVIDIA Stereoscopic 3D Driver Service Arbitrary Run Key Creation
Posted Nov 24, 2015
Authored by Google Security Research, forshaw

The 3D Vision service nvSCPAPISvr.exe installed as part of typical driver installations runs at Local System and has an insecure named pipe server. One of the commands in the server can be used to set an Explorer Run key for the system which would allow a user to get code executing in the session of any other user who logs on to the same machine leading to elevation of privilege. In Windows Domain environments it would also be possible to exploit the vulnerability between machines if the attacker has access to a valid user account on one domain joined machine.

tags | exploit, local
systems | linux, windows
advisories | CVE-2015-7865
MD5 | 8303a96ab3098262bbd0ee9fdaffd2c2
Microsoft Windows Cursor Object Potential Memory Leak
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.

tags | exploit, kernel
systems | linux, windows, 7
advisories | CVE-2015-6102
MD5 | fac639b65a2d032a0860bfd6bc87f404
Microsoft Windows Race Condition Leading To Use After Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.

tags | exploit
systems | linux
advisories | CVE-2015-6101
MD5 | 243ac3f71ddce8e0640ff8cef88387a5
Microsoft Windows Kernel NtUserScrollDC Memory Corruption
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.

tags | exploit, kernel
systems | linux, windows
MD5 | 8240ee457b91e561975c81e62e83c6ed
Microsoft Windows Kernel Use-After-Free
Posted Nov 24, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-6100
MD5 | f9508fac2dc49164212b3ec62758c825
MODX Login Extra Cross Site Scripting
Posted Nov 24, 2015
Authored by Veit Hailperin

MODX Login Extra versions prior to 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6588
MD5 | 32df678cd8c62dd3687c2e4dc598f78a
RXTEC RXAdmin SQL Injection
Posted Nov 24, 2015
Authored by Thomas Konrad

RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-8298
MD5 | 0cd3f0cbddc548dbaf27c9223aff8b62
Polycom BTOE Connector 2.3.0 Local Privilege Escalation
Posted Nov 24, 2015
Authored by Ulrich Bayer, Severin Winkler

Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-8300
MD5 | 8e88b51d0a676cbc7aa9fbd837f8ba3f
Huawei HG253s V2 Information Disclosure
Posted Nov 24, 2015
Authored by Vicen Dominguez

Huawei HG253s V2 suffers from a remote information disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | d162a8902298a8b934472b47c12f2cd5
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close