exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 197 RSS Feed

Files

innovaphone IP222 UDP Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, denial of service, udp, code execution, protocol
SHA-256 | cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931
WordPress WP External Links 1.80 Cross Site Scripting
Posted Mar 24, 2016
Authored by Vulnerability Laboratory, Cr4sh.0x | Site vulnerability-lab.com

WordPress WP External Links plugin version 1.80 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a34f4538a4c9325151bde2437a0e1686850704ddc19ef3969368b127aefe3005
Fortigate Backdoor Password Calculator
Posted Mar 24, 2016
Authored by Rishabh Dangwal

Simple python exploit that can be used to calculate the Fortigate backdoor password.

tags | exploit, python
SHA-256 | 15a07d650ef557b68a8c9bfe847dca4bd3934895f748d892ea6a2e85799567ab
Lithium Social CRM Cross Site Scripting
Posted Mar 24, 2016
Authored by Imran Khan

Lithium Social CRM suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a18da3f5595beb53e777d77a8b0b21e525275684e4d53d1f380bce583bcfac5d
Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password
Posted Mar 23, 2016
Authored by Gianni Carabelli

Plain text hardcoded passwords have been discovered in /bin/busybox and /bin/dropbear for Zyxel MAX3XX series Wimax CPEs.

tags | exploit
SHA-256 | 1bc5c071cbf8b319d60aa2b1977e287555fe15a20c2bad788a3e9e49ae3bc5e6
CCTV-DVR Remote Code Execution
Posted Mar 23, 2016
Authored by Exodus

CCTV-DVR remote code execution exploit that affects over 70 different vendors.

tags | exploit, remote, code execution
SHA-256 | ce95b1ee4ba9240a2e96a1eda958a74e90a4d5e1502c5ba9760eab017bf280a0
DirectAdmin CP 1.50.0 Cross Site Request Forgery
Posted Mar 23, 2016
Authored by Vulnerability Laboratory, Ehsan Hosseini | Site vulnerability-lab.com

DirectAdmin CP version 1.50.0 suffers from a client-side cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 59c77cb56e0789e4be014bd2c1a38ee5e97e95966d145442a7b1499c24efd156
WordPress Issuu Panel 1.6 Remote / Local File Inclusion
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Issuu Panel plugin version 1.6 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | a996002a712018e88a8aed792ec836191644cec4370e3d309eaea43f8351f730
WordPress Facebook With Login 1.0 Cross Site Scripting / SQL Injection
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress Facebook With Login plugin version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 2f3c9ec821c6469b3456f8e8bc410758420a9186932941f949810b1a0ee536be
WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
Posted Mar 23, 2016
Authored by CrashBandicot

WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | a62b01c936bc067331799d9144b2109ebfa8892e7e59e632b01f1f691ccb0d19
Comodo DLL Hijacking
Posted Mar 23, 2016
Authored by Stefan Kanthak

Comodo's installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 39dd4ee8c3ac0b62707f66921fcfd62cc92494094f64c900b4c4f5e78fed2945
WordPress Memphis Document Library 3.1.5 Arbitrary File Download
Posted Mar 23, 2016
Authored by Felipe Molina

WordPress Memphis Document Library plugin version 3.1.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | b72346b0c1735575621f6102ef6ef9845d42644148787b3ded9d0b7bddc09cb7
WordPress Dharma Booking 2.28.3 Remote / Local File Inclusion
Posted Mar 23, 2016
Authored by AMAR^SHG

WordPress Dharma Booking plugin versions 2.28.3 and below suffer from local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 82526a805b6d2b7b16345894f9995542ea3661ae96f70e63be274799a3089476
WordPress Brandfolder 3.0 Remote / Local File Inclusion
Posted Mar 23, 2016
Authored by AMAR^SHG

WordPress Brandfolder plugin versions 3.0 and below suffer from local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 5c0396bb5e5d44afc466802c4588ce6dcd5714d10e9025371d7bed1ff1fab90d
Comodo Antivirus Forwards Emulated API Calls To Real API
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. The idea is that emulators can run the code safely for a short time, giving the sample enough time to unpack itself or do something that can be profiled. Needless to say, this is a very significant and complicated attack surface, as an attacker can trigger emulation simply by sending the victim an email or getting them to visit a website with zero user interaction. Multiple memory corruption issues have been found with the emulator.

tags | exploit, x86
systems | linux
SHA-256 | cfbf0dd1caad664a8a36d0e11f52ccba899cbf069cf799a34ef08893acaf37b2
Comodo Antivirus PackMan Unpacker Insufficient Parameter Validation
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. If the compression method is set to algorithm 1, compression parameters are read directly from the input executable without validation. Fuzzing this unpacker revealed a variety of crashes due to this, such as causing pointer arithmetic in CAEPACKManUnpack::DoUnpack_With_NormalPack to move pksDeCodeBuffer.ptr to an arbitrary address, which allows an attacker to free() an arbitrary pointer. This issue is obviously exploitable to execute code as NT AUTHORITY\SYSTEM.

tags | exploit, arbitrary
systems | linux
SHA-256 | adf1b7ee75650e302c810380b477450604f08412c70d3784267cfd3c982dd3ea
Comodo Antivirus LZMA Decoder Heap Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

The Comodo Antivirus LZMA decoder performs insufficient parameter checks, resulting in a heap overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | 80e8644d174a99b1386292c6a83033e7044613fa936d4b5dfafeec8f9086d5f4
Comodo Antivirus Composite Document Parsing Heap Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

In COleMemFile::LoadDiFatList, values from the header are used to parse the document FAT. If header.csectDif is very high, the calculation overflows and a very small buffer is allocated. The document FAT is then memcpy'd onto the buffer directly from the input file being scanned, resulting in a nice clean heap overflow. This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM, the attached test cases should reproduce the problem reliably (this issue was found using trivial fuzzing). You can see this testcase has this->m_oleDocHeader.csectDif = 0x40000001, and so this->m_oleDocHeader.csectDif * this->diFATPerSect * 4 + 436 wraps to 0x3b0.

tags | exploit, remote, overflow, code execution
systems | linux
SHA-256 | 0d8944589584ffd6f19521f74f3b05e3ba9308f6e066d7502ae4420ba2f83b4c
Wireshark dissect_ber_integer Static Out-Of-Bounds Write
Posted Mar 23, 2016
Authored by Google Security Research, mjurczyk

Wireshark suffers from a crash vulnerability due to a static memory out-of-bounds write that can be observed in an ASAN build of Wireshark .

tags | exploit
systems | linux
SHA-256 | d751a97af648548ff6b3fe6c3fc7c524ae5d47ea88f286570d27423b9ad6b6bb
Comodo Antivirus Win32 Emulation Integer / Heap Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated programs (CreateFile, LoadLibrary, etc). The emulator itself is located in MACH32.DLL, which is compiled without /DYNAMICBASE, and runs as NT AUTHORITY\SYSTEM. These API routines access memory from the emulated virtual machine, perform the requested operation, and then poke the result back into the emulator. Because these emulated routines are all native code, they must take care not to trust values extracted from the emulator, which is running attacker controlled code. Browsing through the list of emulated routines, MSVBVM60!rtcLowerCaseVar jumped out as an obvious case of integer overflow due to trusting attacker-provided parameters.

tags | exploit, overflow, x86
systems | linux, windows
SHA-256 | 8d147c54c65aab4d2452bd4eb9517303915856455def848dcb10b51b25e3f9d5
Comodo Antivirus LZX Decompression Heap Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

Lzx_Decoder::init() initializes the vector Lzx_Decoder->window to a fixed size of 2^method bytes, which is then used during Lzx_Decoder::Extract(). It's possible for LZX compressed streams to exceed this size. Writes to the window buffer are bounds checked, but only after the write is completed.

tags | exploit
systems | linux
SHA-256 | 839695e6d83e2e3da8e7895210ee30106fa6966de6fc5fbd59853d59883fab72
Joomla iCagenda 3.5.15 Cross Site Scripting
Posted Mar 23, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

Joomla iCagenda versions 3.5.5 through 3.5.15 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0001d83aa084d5c104998b1032f6415017f5124a6175ddb8e5f7fcebd3a48622
Joomla Easy Youtube Gallery 1.0.2 SQL Injection
Posted Mar 23, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

Joomla Easy Youtube Gallery version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 987a237426e6ed06720e2a870b988b79e8b2683c6b7071f29514125567994022
OS X Kernel AppleUSBPipe::Abort Missing Bounds Checking
Posted Mar 22, 2016
Authored by Google Security Research, Ian Beer

Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.

tags | exploit, kernel, code execution
systems | linux, apple, osx
advisories | CVE-2016-1749
SHA-256 | 143c8edb082144d486e1c248032995f02f0e99555d57358b3a070cca59501529
Adobe Flash Zlib Codec Heap Overflow
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

Adobe Flash has a heap overflow vulnerability in the Zlib codecs when playing flv files.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-1001
SHA-256 | 08105a5eab48b0c73b46d78b3dac94e27c8f4057fb00f1f9ce4ea6fafd037bdb
Page 3 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close