seeing is believing
Showing 1 - 25 of 145 RSS Feed

Files

Packet Storm New Exploits For April, 2016
Posted May 1, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 144 exploits added to Packet Storm in April, 2016.

tags | exploit
systems | linux
MD5 | 41747da6f41a7678f5a465064fe6b55b
Observium 0.16.7533 Code Execution / Cross Site Request Forgery
Posted Apr 30, 2016
Authored by Dolev Farhi

Observium version 0.16.7533 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
MD5 | 35168ee3e1ef80184519266a4d9d93f2
Observium 0.16.7533 Cross Site Request Forgery
Posted Apr 30, 2016
Authored by Dolev Farhi

Observium version 0.16.7533 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | fa5e93ad4142a25b46a850aea9df8aeb
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
Posted Apr 30, 2016
Authored by Nixawk | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

tags | exploit, remote, code execution
advisories | CVE-2016-3081
MD5 | bb77e1c207231c0a1ce3a4a82373b2c0
GLPI 0.90.2 SQL Injection
Posted Apr 29, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2c2bc727021894555545066d1c21025e
Mozilla Firefox / Thunderbird DLL Hijacking
Posted Apr 29, 2016
Authored by Stefan Kanthak

Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.

tags | exploit
systems | windows
MD5 | 3a7773a1eef943e50f4d2710742d2ba2
WordPress Truemag Theme Cross Site Scripting
Posted Apr 29, 2016
Authored by ICG SEC | Site vulnerability-lab.com

WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f1ca607fdfa4b0f1d2365da088941388
PHP 7.x Heap Overflow
Posted Apr 28, 2016
Authored by Hans Jerry Illikainen

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.

tags | exploit, overflow, php
advisories | CVE-2016-3078
MD5 | a681c55094ed13770f1f961d5c5dde1d
Microsoft Windows Kernel win32k.sys TTF Processing Pool Corruption
Posted Apr 28, 2016
Authored by Google Security Research, mjurczyk

A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2016-0145
MD5 | 03655c617bca96ec7e0f05501dd92609
Android Service Manager One Way Binder Transaction Crash
Posted Apr 28, 2016
Authored by Google Security Research, forshaw

If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.

tags | exploit, denial of service
systems | linux
MD5 | 99e18c7b5134fd0d4dcd4383654d1372
Mach Race OS X Local Privilege Escalation
Posted Apr 27, 2016
Authored by reverser

This is a SUID, SIP, and binary entitlements universal OS X local privilege escalation exploit.

tags | exploit, local
systems | apple, osx
advisories | CVE-2016-1757
MD5 | 5e928a94c937ab6683178d70d0000c4e
EMC ViPR SRM Cross Site Request Forgery
Posted Apr 27, 2016
Authored by Securify B.V.

EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-0891
MD5 | 5c998f817d0bd863cd2844f5ca0014b5
AWS CAPTCHA Bypass
Posted Apr 27, 2016
Authored by David Leo

AWS appears to suffer from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
MD5 | c4514c132311303459541cc65e978f96
Voo Branded Netgear CG3700b Firmware CSRF / Authentication
Posted Apr 27, 2016
Authored by dev

Voo branded Netgear CG3700b custom firmware version 2.02.03 suffers from cross site request forgery and insufficient authentication vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | f56165d9368729c1623e374b5e46c6e3
Microsoft Windows CSRSS Privilege Escalation
Posted Apr 27, 2016
Authored by Google Security Research, forshaw

The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges.

tags | exploit
systems | linux
advisories | CVE-2016-0151
MD5 | b53f1c042d141766251ba3d2c5ce4315
RomPager 4.34 Authentication Bypass
Posted Apr 27, 2016
Authored by Milad Doorbash

RomPager versions 4.34 and below router authentication remover exploit.

tags | exploit, bypass
advisories | CVE-2015-9222
MD5 | dddb8137bfb41bc6a81b2ba6faf61148
Sophos XG Firewall (SF01V) Cross Site Scripting
Posted Apr 27, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

Sophos XG Firewall (SF01V) suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 010e9867bc631f294c4f0c3ed62527d6
Trend Micro Email Spoofing
Posted Apr 27, 2016
Authored by Hadji Samir | Site vulnerability-lab.com

Trend Micro's website suffered from an email spoofing vulnerability.

tags | exploit, spoof
MD5 | fc7fa0ab6b11a6451088da82b1611508
Oracle Discoverer Viewer BI Open Redirect
Posted Apr 27, 2016
Authored by Tommy DeVoss | Site vulnerability-lab.com

Oracle Discoverer Viewer BI suffered from an open redirection vulnerability.

tags | exploit
MD5 | 052fd2096bdf29f3442854f7afb6b25f
VoipNow 4.0.1 Script Insertion
Posted Apr 26, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

VoipNow version 4.0.1 suffers from script insertion vulnerabilities.

tags | exploit, vulnerability
MD5 | fbcd1e5d0a313c374e70631380b3a2d1
Gemtek CPE7000 WLTCS-106 sysconf.cgi Remote Command Execution
Posted Apr 26, 2016
Authored by Federico Scalco | Site metasploit.com

A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the service runs as root, the remote command execution has the same administrative privileges. The remote shell is obtained uploading the payload and executing it. A reverse shell is preferred rather then a bind one, since firewall won't allow (by default) incoming connections. Tested on Hardware version V02A and Firmware version 01.01.02.082.

tags | exploit, remote, arbitrary, shell, root
MD5 | 8c9acdb8adb4e72def752d38fa76cc09
Gemtek CPE7000 WLTCS-106 Administrator SID Retriever
Posted Apr 26, 2016
Authored by Federico Scalco | Site metasploit.com

A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 which allows unauthenticated remote attackers to retrieve a valid Administrative SID.

tags | exploit, remote
MD5 | 084fd60ae3774dbe408b8a2a38425ad8
Yasr 0.6.9-5 Buffer Overflow
Posted Apr 26, 2016
Authored by Juan Sacco

Yasr console screen reader version 0.6.9-5 proof of concept buffer overflow exploit.

tags | exploit, overflow, proof of concept
MD5 | 0c29a4801678f46ec428371630318ae6
NationBuilder Cross Site Scripting
Posted Apr 25, 2016
Authored by LiquidWorm | Site zeroscience.mk

NationBuilder suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 53a97766290b8666006121f7e9bae0bf
IrIran Shopping Script 4.1 Cross Site Scripting
Posted Apr 25, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

IrIran Shopping Script version 4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 400a4d8b29bc562681ec9c8119580576
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close