Twenty Year Anniversary
Showing 1 - 25 of 242 RSS Feed

Files

Packet Storm New Exploits For February, 2016
Posted Mar 1, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 240 exploits added to Packet Storm in February, 2016.

tags | exploit
systems | linux
MD5 | 5fef3c5194aedcf445608b2b5a901a9b
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Posted Feb 29, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

tags | exploit, remote, file upload
systems | windows
advisories | CVE-2016-1525
MD5 | 3d6c659220bc9733c182c19629aadafe
Qualcomm Adreno GPU MSM Driver Perfcounter Query Heap Overflow
Posted Feb 29, 2016
Authored by Google Security Research, hawkes

The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. The bug results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of a buffer, which can result in an integer overflow and a small sized allocation on 32-bit systems.

tags | exploit, overflow, kernel
systems | linux
MD5 | c63ace51362852575e5b13f1d0785958
Fiyo CMS 2.0.6.1 Cross Site Scripting
Posted Feb 29, 2016
Authored by Himanshu Mehta

Fiyo CMS version 2.0.6.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c489935f0984fbf1e71c00ce51960ea8
ASAN/SUID Local Root Exploit
Posted Feb 29, 2016
Authored by infodox

This script exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. It uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. You can supply your own target binary to use for exploitation.

tags | exploit, root
MD5 | 8d6129b5b1441eb1943a7b2dcc5bb19a
Wireshark print_hex_data_buffer / print_packet Use-After-Free
Posted Feb 29, 2016
Authored by Google Security Research, mjurczyk

A crash due to a use-after-free condition can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.

tags | exploit
systems | linux
MD5 | 8b4f15e57ad1aeeef273ef50234b570a
WordPress More Fields 2.1 Cross Site Request Forgery
Posted Feb 29, 2016
Authored by Aatif Shahdad

WordPress More Fields plugin versions 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 683cdaf21f8eef8d717fabe50b552c7e
GpicView 0.2.5 Buffer Overflow
Posted Feb 29, 2016
Authored by David Silveiro

GpicView version 0.2.5 buffer overflow crash proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 5904a127e7670c9e654d95baa5d95ed3
Fing 3.3.0 Persistent Mail Encoding
Posted Feb 29, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Fing version 3.3.0 suffers from a persistent mail encoding vulnerability.

tags | exploit
MD5 | e7ce24ddac9a94f1e1c2d67d0d884b3a
WP Good News Themes Cross Site Scripting
Posted Feb 29, 2016
Authored by Milad Hacking | Site vulnerability-lab.com

WP Good News Themes suffers from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | 24627b02dd2cc2f7e8cec3d463ce6e62
Pulse CMS 4.5.2 Local File Inclusion
Posted Feb 29, 2016
Authored by Ehsan Hosseini

Pulse CMS version 4.5.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 91ecbf9d234bfc6ceb822d90fc2689d3
Comodo Anti-Virus GeekBuddy DLL Hijacking
Posted Feb 29, 2016
Authored by Greg Linares

The Comodo Anti-Virus GeekBuddy component suffers from a dll hijacking vulnerability.

tags | exploit, virus
systems | windows
MD5 | edbcd3f392bd1c4df7f439304be2317b
Libxml2 HtmlCurrentChar Heap-Based Buffer Overread
Posted Feb 29, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | 079299662f17afaf91d446755cb0b18d
Libxml2 XmlParserPrintFileContextInternal Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | a956ef69b6eec1c1f29c363156850bec
Libxml2 XmlDictAddString Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | 23fc0430ca45db9b403d1ee9087def24
Libxml2 XmlParseEndTag2 Heap-Based Buffer Overread
Posted Feb 28, 2016
Authored by Google Security Research, mjurczyk

A crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (2.9.3, released 4 days ago), by feeding a malformed file to xmllint.

tags | exploit
systems | linux
MD5 | 02efc3b1b4986da7c5166e2d64e02944
Coppermine 1.5.40 Weak Cryptography
Posted Feb 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Coppermine version 1.5.40 uses straight MD5 without any salt for storage of passwords.

tags | exploit
MD5 | 6fa277e88c20784e30161eadab71c9c1
Proxmox VE 3 / 4 XSS / Privilege Escalation / Code Execution
Posted Feb 27, 2016
Authored by Nicolas Chatelain

Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | 7bf79fb1f827a09a146b676a1cc4f9e0
WordPress WP Ultimate Exporter 1.0 / 1.1 SQL Injection
Posted Feb 26, 2016
Authored by Henri Salo

WordPress WP Ultimate Exporter plugin versions 1.0 and 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e0b2a7f7b9a61ae9647b10e3a4aeceea
Centreon 2.5.3 Code Execution
Posted Feb 26, 2016
Authored by Nicolas Chatelain

Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 40b9869aaae9701f0648ec3012fe5f27
Infor CRM 8.2.0.1136 Cross Site Scripting
Posted Feb 26, 2016
Authored by LiquidWorm | Site zeroscience.mk

Infor CRM version 8.2.0.1136 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 74b4a98d4859dcfa47ba7f62afa1bc50
Zimbra 8.0.9 GA Cross Site Request Forgery
Posted Feb 26, 2016
Authored by Damien Cauquil, Anthony Laou-Hine Tsuei

Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c2e1a71f34137aeaee5e6fa5f9557534
Cygwin DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Cygwin suffers suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 945e53b5cd9a63c5a7567d5da7106823
Google Chrome Cleanup Tool DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

Google's Chrome Cleanup Tool suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 2f03231c35dc579fb0a013456600b14b
GIMP For Windows DLL Hijacking
Posted Feb 26, 2016
Authored by Stefan Kanthak

GIMP for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 18c41257dcf0401926b3da64a6a1ca33
Page 1 of 10
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Ether Doesn't Fall Under SEC Rules
Posted Jun 15, 2018

tags | headline, government, bank, usa, cryptography
Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature
Posted Jun 15, 2018

tags | headline, flaw, cryptography
LuckyMouse Threat Group Attacks Government Websites
Posted Jun 14, 2018

tags | headline, hacker, government, malware, china
US Senators Get Digging To Find Out The Truth About FCC DDoS Attack
Posted Jun 14, 2018

tags | headline, government, usa, denial of service, fraud
Backdoored Images Downloaded 5 Million Times Finally Removed From Docker Hub
Posted Jun 14, 2018

tags | headline, hacker, fraud, backdoor
Apple To Patch Flaw FBI Has Been Using To Hack iPhones
Posted Jun 14, 2018

tags | headline, government, privacy, usa, phone, flaw, patch, apple, fbi
Microsoft Fixes Cortana Lock Screen Bypass Flaw
Posted Jun 14, 2018

tags | headline, microsoft, flaw, password, patch
Paladin's Anti-Hacking Browser Extension Looks Like Snake Oil
Posted Jun 14, 2018

tags | headline, hacker
Intel Chip Flaw - Math Unit May Spill Crypto Secrets To Apps
Posted Jun 14, 2018

tags | headline, data loss, flaw, cryptography, intel
Smart Lock Can Be Hacked In Seconds
Posted Jun 13, 2018

tags | headline, hacker, flaw
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close