Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files from Felipe Xavier Oliveira

Email addressengfilipeoliveira89 at gmail.com
First Active2017-01-04
Last Active2018-07-13
G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-10018
MD5 | 90c8424162c88e3a300d66cb5666405a
Total AV 4.6.19 Insecure Permissions
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

tags | exploit, arbitrary, local
advisories | CVE-2018-5313
MD5 | faa27411003777a314b1bfe60253a563
ISS For Business 14.0.1400.2029 Blue Screen Of Death
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

tags | advisory, denial of service
advisories | CVE-2018-10018, CVE-2018-10098
MD5 | e43f0732680669dac8762679657968d3
Panda Global Security 17.0.1 NULL DACL Grants Full Access
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Panda Global Security version 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.

tags | exploit, denial of service, local
advisories | CVE-2018-6322
MD5 | 78a633d42e79810dad6911634f7b45e9
WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

WPS Free Office version 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.

tags | exploit, denial of service, local
advisories | CVE-2018-6400
MD5 | 9632d24c8cfec8d732dcac81951c9a47
Panda Global Security 17.0.1 Unquoted Service Path
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Panda Global Security version 17.0.1 suffers from an unquoted service path vulnerability.

tags | exploit
advisories | CVE-2018-6321
MD5 | 13cfd6979af78b1bf0f9385013a7115d
BitDefender Total Security 2018 Insecure Pipe Permissions
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

BitDefender Total Security 2018 suffers from an insecure pipe permissions vulnerability.

tags | advisory
advisories | CVE-2018-6183
MD5 | 9677f45e40c72ee291b90a48afee28cf
10-Strike Network Monitor 5.4 Unquoted Service Path
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

10-Strike Network Monitor version 5.4 suffers from an unquoted service path vulnerability.

tags | exploit
advisories | CVE-2018-6016
MD5 | 76d354f866dec2773e1d08ee03b36139
Hola VPN 1.79.859 Insecure Service Permissions
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Hola VPN version 1.79.859 suffers from an insecure service permission vulnerability.

tags | exploit
advisories | CVE-2018-6623
MD5 | 1876f7351ffbf17ac8b728051bcb8ddc
Rapid Scada 5.5.0 Insecure Permissions
Posted Mar 6, 2018
Authored by Felipe Xavier Oliveira

Rapid Scada version 5.5.0 suffers from an insecure permission vulnerability.

tags | exploit
advisories | CVE-2018-5313
MD5 | c81b2a59f24e59822c91601bace1421d
Handy Password 4.9.3 Buffer Overflow
Posted Jan 11, 2018
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence ADV-12/2018 - A buffer overflow in Handy Password version 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.

tags | advisory, remote, overflow, arbitrary
MD5 | 7353f4100afbf7c53aa46495663168d5
Sync Breeze 10.1.16 Buffer Overflow
Posted Oct 31, 2017
Authored by Felipe Xavier Oliveira

Sync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2017-15950
MD5 | f4f002630a2eed34a39911ef0c7be183
Telegram Desktop 0.10.1 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-6/2016 - Telegram Desktop version 0.10.1 is vulnerable to dll hijacking as it tries to load "COMBASE.dll" without supplying the absolute path, thus relying upon the presence of such dll on the system directory.

tags | advisory
MD5 | 171558ee8417ad73202f1b8bdbaf1480
Akamai NetSession 1.9.3.1 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-8/2016 - Akamai Netsession 1.9.3.1 is vulnerable to dll hijacking as it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned dll is missing from its installation. Thus making it possible to hijack the dll and subsequently inject code within the Akamai NetSession process space.

tags | advisory
MD5 | da85249731ae041efb5a09c61f89382b
Audacity 2.1.2 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-7/2016 - Audacity version 2.1.2 is vulnerable to dll hijacking as it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such dll on the system directory. This behavior results in an exploitable dll hijacking vulnerability, even if the SafeDllSerchMode flag is enabled.

tags | advisory
MD5 | a7907f7aa84259c696d23ab7126e138b
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    13 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close