Exploit the possiblities
Showing 1 - 25 of 239 RSS Feed

Files

Packet Storm New Exploits For June, 2016
Posted Jun 30, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 234 exploits added to Packet Storm in June, 2016.

tags | exploit
systems | linux
MD5 | ca77423622cbe297aadf81e2231d9aa3
Huawei HiSuite For Windows 4.0.3.301 Privilege Escalation
Posted Jun 30, 2016
Authored by Benjamin Gnahm

A privilege escalation vulnerability was identified in the Huawei HiSuite software which can be used by a local user to elevate privileges to become the SYSTEM user. The root cause of the problem are insecure ACLs on the HandSet service directory which allows any authenticated user to place a crafted DLL file in that directory to perform a DLL hijacking attack. Versions 4.0.3.301 and below are affected.

tags | exploit, local, root
systems | windows
advisories | CVE-2016-5821
MD5 | 4a47cc8b8db59a2d9c68e01eef3e016b
Joomla SmartFormer 2.4.1 Shell Upload
Posted Jun 30, 2016
Authored by indoushka

Joomla Smartformer component version 2.4.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 87b4cf503ae790e52d9884ac4311e1cc
Ktools Photostore 4.7.5 Blind SQL Injection
Posted Jun 30, 2016
Authored by Viktor Minin, Gal Goldshtein

Ktools Photostore versions 4.7.5 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-4337
MD5 | 31585cbb01e8a944faec1e5a184b2224
RockLoader SQL Injection / Shell Upload
Posted Jun 30, 2016
Authored by Danail Velev

The RockLoader malware tool suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 9ead0cdbfb4aa372c930fa5b739b199a
Phoenix Exploit Kit Remote Code Execution
Posted Jun 30, 2016
Authored by CrashBandicot

Phoenix Exploit Kit suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 13da5f7b6460e5b2914ab6d216963f28
Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect
Posted Jun 30, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2016-3652, CVE-2016-3653, CVE-2016-5304
MD5 | 7ffb2e34fe50285c721b4aedd83c7b4b
WordPress Ultimate Membership Pro 3.3 SQL Injection
Posted Jun 30, 2016
Authored by wp0Day.com

WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1edf720e1cf5a3365de1109374788267
Cuckoo Sandbox Guest 2.0.1 Code Execution
Posted Jun 30, 2016
Authored by Remi ROCHER

Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.

tags | exploit, remote, code execution
MD5 | ad8c34babcb2db9a30ec00d0ae690133
Lenovo ThinkPad System Management Mode Arbitrary Code Execution
Posted Jun 30, 2016
Authored by Cr4sh

This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.

tags | exploit
systems | linux
MD5 | adf159af4673497e918b5c92202dab2b
Windows 7 SP1 x86 Privilege Escalation
Posted Jun 30, 2016
Authored by blomster81

Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.

tags | exploit, x86
systems | windows, 7
advisories | CVE-2016-0400
MD5 | 74a7278c257d49aa95bce167963b335c
Symantec PowerPoint Misaligned Stream-Cache Buffer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from a PowerPoint misaligned stream-cache remote stack buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | linux
advisories | CVE-2016-2209
MD5 | 116aa31c3493272f2691214bff41fc78
Symantec dec2zip ALPkOldFormatDecompressor::UnShrink Missing Bounds Check
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from a missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink.

tags | exploit
systems | linux
advisories | CVE-2016-3646
MD5 | 3a43bfce36616cabf71d499e016c7f27
Symantec TNEF Decoder Integer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec suffers from an integer overflow in the TNEF decoder.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-3645
MD5 | f21c39e1d3e50be281d83c1bf1b1ee26
Symantec MIME Message Modification Heap Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components from MIME encoded messages in CMIMEParser::UpdateHeader() assumes that filenames cannot be longer than 77 characters. This assumption is obviously incorrect, names can be any length, resulting in a very clean heap overflow.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-3644
MD5 | 42c9fc23525f28d7c9bf9817cb618d06
Symantec Antivirus MSPACK Unpacking Memory Corruption
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec Antivirus suffers from multiple remote memory corruption issues when unpacking MSPACK archives.

tags | exploit, remote
systems | linux
advisories | CVE-2016-2211
MD5 | 27d7a1936055cb7ca8a671830a2eef8f
Symantec dec2lha Remote Stack Buffer Overflow
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

The Symantec dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::get_header() routine has a trivial stack buffer overflow.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-2210
MD5 | 33bac75a9c3004d9122edae68ccd0901
Symantec Antivirus RAR Unpacking Memory Corruption
Posted Jun 29, 2016
Authored by Tavis Ormandy, Google Security Research

Symantec Antivirus version 5.3.11 suffers from multiple remote memory corruption vulnerabilities when unpacking RAR files.

tags | exploit, remote, vulnerability
systems | linux
advisories | CVE-2016-2207
MD5 | d39fc11703c648b6bb9c46f8b091c6c6
Ubiquiti Administration Portal CSRF / Remote Command Execution
Posted Jun 29, 2016
Authored by Matthew Bergin | Site korelogic.com

The Ubiquiti AirGateway, AirFiber, and mFi platforms feature remote administration via an authenticated web-based portal. Lack of CSRF protection in the Remote Administration Portal, and unsafe passing of user input to operating system commands executed with root privileges, can be abused in a way that enables remote command execution.

tags | exploit, remote, web, root
MD5 | 88f3cb53aec137818114812416ad3c2c
Concrete5 5.7.3.1 Local File Inclusion
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7aad8a3d1adf10f05ea51ee8ca0e546d
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d058d3ec001d3a60cfa71271ebc40d36
Alfine CMS 2.6 SQL Injection
Posted Jun 28, 2016
Authored by mr_mask_black | Site vulnerability-lab.com

Alfine CMS version 2.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 75cd1b6946f65df2c039324395587d74
Mutualaid CMS 4.3.1 SQL Injection
Posted Jun 28, 2016
Authored by mr_mask_black | Site vulnerability-lab.com

Mutualaid CMS version 4.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 86f564c316a2a73a0e47ecc65f70d499
Ladesk Agent Session Reset Password
Posted Jun 28, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A password reset session web vulnerability has been discovered in the official Ladesk online service web-application. The vulnerability allows remote attackers to reset a session credentials to unauthorized access user accounts or data.

tags | exploit, remote, web
MD5 | 14f2773a6cc8d488356f00b105460dbe
Iranian Weblog Services 3.3 Cross Site Scripting / Shell Upload / SQL Injection
Posted Jun 28, 2016
Authored by ICG SEC | Site vulnerability-lab.com

Iranian Weblog Service CMS version 3.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | 4ddc8466b03565a099972f84ceb9a69a
Page 1 of 10
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close