This archive contains all of the 196 exploits added to Packet Storm in March, 2016.
d093079b55b06f839563e299e2afaca202893967c70cd3b239df4d2fda022fbaThe included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
334ccb9b33707106918a652ebdbd6d7df094cb52fd14eb8f7403eeb469b3b0e0The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crash is due to accessing memory past the end of a buffer.
d1cb75bbdfdf9855ca5d70385b89f109e579981fd6cb4edadbfa504aac5e36b2There is a use-after-free in URLStream.readObject in Adobe Flash. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls URLStream.close, the URLStream will get freed, and then the deserialization function will continue to write to it.
ff1259c633764b7a4794d5334683a4bcf01d89145f1bfec987f03e966c7618a2There is a use-after-free in the TextField.maxChars setter in Adobe Flash. If the maxChars the field is set to is an object with valueOf defined, the valueOf function can free the field's parent object, which is then used.
7a1e6f0aefd065fa5598d8e14351aaea609229d3aa442245f79ee5456d6b33c4The included proof of concept causes a crash in ih264d_process_intra_mb in avc parsing, likely due to incorrect bounds checking in one of the memcpy or memset calls in the method.
59a02eb3367da1b1cbaf20e9656c62e0fd3ded3ac84bdcccdb5cbdcde3f810f7If Color.setTransform in Adobe Flash is set to a transform that deletes the field it is called on, a use-after-free occurs.
737d1b4bab2ed50a128829549d0ea0aa7f0ecba5a9bab13ad24a45666ea8d406A crash was identified due to a heap-based out-of-bounds read in dissect_pktc_rekey in an ASAN build of Wireshark (current git master).
93a4808c441dbf02e3bcec2b1fdffc008dfac829b696e947e5d12a260c6205caPython 2.7 iOS application version 1.5.4 suffers from a filter bypass issue that allows malicious script code to get inserted client-side.
a161f8220be483fe7a2af4cd5063c1b5f1b13d3060bdaf67a7d68bc4f2da5401TrendMicro's SSO suffers from a redirection and session theft vulnerability.
ac729a0d170ca203d8814d0ff62db8f0910eb3bad1e9b83558ea18573e4116d8Dorsa Web CMS from 2016 Q1 suffers from a remote SQL injection vulnerability.
c5c460a5f06a7786f694a9a63c726dfb56f13f0ed4ebbf7e22cbd3eef3b45879Cades 2016Q1 suffers from a remote SQL injection vulnerability.
78d7523cb708ba1446641be2eb80c8533e481b323449e80fb631f44a67da4c67Docker UI version 0.10.0 suffers from a persistent cross site scripting vulnerability.
85ee6b9462b541484f64eee8f2b169fab832b665c6ae3f15bf79b69a02654902Docker UI version 0.10.0 suffers from multiple client-side cross site request forgery vulnerabilities.
b4d7324519ddf8297c64165148914552a35bffa722466cd2b47aa7ead6d27d90Hi Technology and Services CMS suffers from a remote SQL injection vulnerability.
66da3d2b5f4c877057dea583169ceddc3bfe66aa44165d7e21cf044f8ba22bc3Patron Info System suffers from a remote SQL injection vulnerability.
76ff19fbd099b36ee2e379f795c4e402443be656f01e2d1d40744485debd52ebPHP version 5.5.33 suffers from an invalid memory write condition in phar on filename with \0 in the name.
43a4d61e916b58b06008a308be6ad7855caf740234f5025fedc517eb22381d33Axil CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for login bypass.
a72259e5a0cc0fc7e03db97358db172b5f910222cde66c42f2396e56eb331e76Axil CMS version 3.0 suffers from a cross site scripting vulnerability.
28dfa34c5386042c24410347c2d8aaacb98e1900a84886175e524c05fd4214b7This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.
f98ee50658aec27fea6e1325e83c5d9c0afefcbe8bf5d2b5dab9fa93e03887b6Included in this archive is a whitepaper called Metaphor - A (real) real-life Stagefright exploit. It presents a thorough research on libstagefright and new techniques used to bypass ASLR. This archive also includes the Metaphor exploit that leverages CVE-2015-3864.
f07eb4b93d0c5ed4ac3acfdd080168b0c0f2917e15949d5acd7bb6a2f38b1ff7Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.
75dc3f56f008a8dff11a4e6782315336b04b08630b92550374fb4ef2d5ccb3a4The application interface MOBOTIX VMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
77cbabac557201e3332a96765390bee02b5dc304912c8cf70fa98cb20b8c8fa3Apache OpenMeetings versions 1.9.x through 3.1.0 suffer from a path traversal vulnerability.
06155ed4077ed8cf25d3a08079ba858161b87ca4e65b378d5564e026638cbca2CubeCart version 6.0.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
3dca54cdd3a351d32b94d67ca282145aea98405b953947e783751533ae0c5b89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed