| Email address | private |
|---|---|
| Website | hyp3rlinx.altervista.org |
| First Active | 2015-04-28 |
| Last Active | 2024-02-19 |
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafefMicrosoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
c2f70b789eac66e7e0227b39147f2ee878460b9df5a5059f2aa17a51234cda97HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service.
c7ab5ba2d2663b28ffedb5d9db2e23328041d24057b118524685224b0d480c62WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.
2b5dfe00be1334114c04e743db783c3a3f1ad2d5004db2216f1ead8c50be8631Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.
feed9ac59fa8c29769c827c9ab64c5533cc3930d33aaf789ed75c1605b9ace7eCloudMe version 1.11.2 SEH / DEP / ASLR buffer overflow exploit. The original discovery of this vulnerability was by hyp3rlinx.
f9b36ce85715513e6297fe5545cc87bca3c5904d7f17206e43521ab4744650b8CloudMe version 1.11.2 buffer overflow proof of concept exploit. Original vulnerability discovered by hyp3rlinx.
ed65bed8b662b7e2d11fe184fc29b26b92fddd08fc3a706685a4125ca60acc16Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.
85cb5f2e3f8cc5c5c6046d113ad20c3b308549088088cf06664f3bfe93538150netABuse is a scanner that identifies systems susceptible to a Microsoft Windows insufficient authentication logic flaw.
0c7c190bc3e955ffedd16a90504abb79b5245412afb286a43ee38af4ebf3a6c4The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.
951dfb35f9a363b5e914b804355769c12f596ba4c1d0f4de84c1869765e684c7Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
146ce8d8d2242cab323c77d566f77441925783b4b3a014f6c04050d000ff0ae7The HP System Event service "HPMSGSVC.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named "Program.exe" if it is found in the user's c:\ drive.
bb1d3051684f78e6f20b0e7c0fac35b0688b7e5e924cc09e9446024ad1d60e8bNTCrackPipe is a basic local Windows account cracking tool.
369ffc766bb6af146aedb08cf5932e5a672718d60587bd5577a06c772171cd8fNeowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
860427dfdb6db41fffd3c10a92aede4d5de72be4b33b6d78f1ca5d953c68d971Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.
e85735c3e297446cefa2f372abec28e211d0a44ffa2d1cc7c2afff07bd24cd6bTrend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
2bef0a7498592f26d2748979ed451cc8771185733de0a4a4c86834cf8e60b081Microsoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code.
23613acde96bc092834f853c7d6e424e24e1583a58842d20b61e423112829027Microsoft Windows suffers from a .group file code execution vulnerability that leverages the URL field.
0cc8cf1ee01183130f5056a2c6b4777780caa9886d84996afb3457a57d7d5962Microsoft Windows Media Center suffers from an XML external entity injection vulnerability. This vulnerability was originally released back on December 4, 2016, yet remains unfixed.
71f1d0e6eb8642b53c59fcde6fde7854e016c87218d242fece55f62a8f552da6Microsoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.
2b347e3e3aa8c05872e5d91abda3e6e4738812564cc798a749efdc8982d35ec9Microsoft Excel 2016 version 1901 suffers from an XML external entity injection vulnerability.
e44c33d8e03b25f973e061cc13989210104717a2cc6f7198f78cc1802ddf7edeMax Secure Anti Virus Plus version 19.0.4.020 suffers from an insecure permission vulnerability.
76f4e179622075025b7eb99563a43f43d4f74eb445470abbb8a207a9f416a093NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.
861555c2816d3e8545ed29c5458dbc9afd6526714f4d2b3d853f8b78e2022d5dScanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
12643e28158492899f52e92bbc5e77ba369893a4dd0a17e789ee127277138b91Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below suffer from a remote code execution vulnerability.
038bb3d0ceff9e12031ec2a31746a5ecf155f068a1c05d9fed3e640cb91241c8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed