exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-05-05

Adobe Flash Player Integer Underflow Remote Code Execution
Posted May 5, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

tags | exploit, remote, code execution, activex
systems | windows
advisories | CVE-2014-0497
SHA-256 | 594482f5a1c495d45be1ca68abe48c4f709881980182d2ec20827c5366645e8c
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
Posted May 5, 2014
Authored by Nils, Jon | Site metasploit.com

A kernel pool overflow in Win32k which allows local privilege escalation. The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process). This allows any unprivileged process to freely migrate to winlogon.exe, achieving privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox. NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash.

tags | exploit, overflow, kernel, local, shellcode
advisories | CVE-2013-1300
SHA-256 | 029ce3aa761be432ed6f02ed2e5c43c401df5d87b251095db17f6f35430afe2d
Debian Security Advisory 2919-1
Posted May 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2919-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0001, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
SHA-256 | 211d33cf4a0a9147a0a333d44965721999cae6a447df9efeff68784435350348
Windows Heap Overflow Exploitation
Posted May 5, 2014
Authored by Dark-Puzzle

This article goes into detail on how to overflow a custom heap in Microsoft Windows 7.

tags | paper, overflow
systems | windows
SHA-256 | da85d1c71e43d3dd424e4a8554fff860e473083210aa9ad816da6ab171e9b515
Lynis Auditing Tool 1.5.2
Posted May 5, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release has several warnings removed, new suggestions added, and an enhancement for the hardening index. Several controls have also been added to the website, to reflect the adjustments to Lynis.
tags | tool, scanner
systems | unix
SHA-256 | 9ee201497b61acfe2ef935d54175bd483734c536dd31eb5546342f92e45f156e
Ubuntu Security Notice USN-2192-1
Posted May 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2192-1 - It was discovered that OpenSSL incorrectly handled memory in the ssl3_read_bytes() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-5298, CVE-2014-0198
SHA-256 | 275431746e43cff91915528da806fe69dd0de9ee54ae7335cd4e1f427641f08e
Gentoo Linux Security Advisory 201405-05
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-5 - Multiple buffer overflows in Asterisk might allow remote attackers to cause a Denial of Service condition. Versions less than 11.8.1 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2014-2286, CVE-2014-2287, CVE-2014-2288, CVE-2014-2289
SHA-256 | e20cf599e40bf35f9126ba11837927f5dd4e6a0416456a5084e6042d42786582
Gentoo Linux Security Advisory 201405-04
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-4 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.356 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0498, CVE-2014-0499, CVE-2014-0502, CVE-2014-0503, CVE-2014-0504, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509, CVE-2014-0515
SHA-256 | 0d7538b1fc88d9f551a8f8fe917a6f977547e11bef85ff305bbd08eb214e0514
Gentoo Linux Security Advisory 201405-03
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-3 - Two vulnerabilities have been found in WeeChat, the worst of which may allow execution of arbitrary code. Versions less than 0.3.9.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5534, CVE-2012-5854
SHA-256 | 234a8401e1342ba2fca266d29b5f2e44dac59feca4adaab5bfc0792b304fcdd9
Gentoo Linux Security Advisory 201405-02
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-2 - A vulnerability in libSRTP can result in a Denial of Service condition. Versions less than 1.4.4_p20121108-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-2139
SHA-256 | 736863b3241e6336b6f24e5f4fe2c1f3ab925b1724a07863dc328f67403f4789
NTP DDoS Amplification
Posted May 5, 2014
Authored by Danilo PC

NTP distributed denial of service amplification tool that uses "get monlist".

tags | exploit, denial of service
advisories | CVE-2013-5211
SHA-256 | baaf6320ad214e35e7a2b7a7eb5035f1c589187e476175621d453bc6419fc028
AIEngine 0.7
Posted May 5, 2014
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Support for bloom filters and improvements on the python wrapper.
tags | tool
systems | unix
SHA-256 | e94469937713b4c3fbb5b9d5de13697472c17e92dfea99328051cec5132d8d4a
Heartbleed Analysis Daemon 1.0
Posted May 5, 2014
Site curesec.com

Heartbleed Analysis Daemon (hbad) is a tool that allows you to test clients that may be vulnerable to Heartbleed. Included is the release and the documentation pdf.

tags | tool
systems | linux, unix
SHA-256 | b6cc48397f33fb0d902c59fe2fa72734963d6e762b355d131f3ed215db958bea
KM Player 3.8.0.123 Stack Buffer Overflow
Posted May 5, 2014
Authored by Aryan Bayaninejad

KM Player version 3.8.0.123 suffers from an AVI file handling stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-3212
SHA-256 | af348d8849e4df2ae9ce1c043d509dc634be01b6efe7ea42bd6d4b975fcaba79
Team Helpdesk CWS / TWA Remote Credential Dump
Posted May 5, 2014
Authored by bhamb

Team Helpdesk Customer Web Service (CWS) and Technician Web Access (TWA) version 8.3.5 credential dump exploits that produce encrypted pairs. Decryption scripts are also included.

tags | exploit, web
SHA-256 | b55a0fca18653e17666a9e18f599993836259cbba81d9aa9c67cde5f0dde607b
WordPress Flexolio XSS / Disclosure / File Upload
Posted May 5, 2014
Authored by MustLive

WordPress Flexolio plugin suffers from cross site scripting, denial of service, path disclosure, abuse of functionality, and arbitrary file upload vulnerabilities.

tags | exploit, denial of service, arbitrary, vulnerability, xss, info disclosure, file upload
SHA-256 | 1c71e41e685661e1a0998430a82bd15735d3cdf70cf628becdd315daeb2ccd40
Digital Access Pass Cross Site Scripting
Posted May 5, 2014
Authored by Felipe Andrian Peixoto

Digital Access Pass suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 3990138978a83309b158d03bc2bc1e7b74a6f4d0df1fd1a0a2e832d9d130360a
PrestaShop 1.6.0 Blind SQL Injection
Posted May 5, 2014
Authored by indoushka

PrestaShop version 1.6.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 68d7b349624851fe1d3f459e64c8cffef293ee6c4e97380ea1a9a14056024e8f
K-Lite CODEC 9.x Memory Corruption
Posted May 5, 2014
Authored by Aryan Bayaninejad

K-Lite CODEC version 9.x suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3151
SHA-256 | 44823f937308937c93383078a461917543f4d74d0cb64b3abc607d678365a591
CMS HINTWEB Cross Site Scripting / SQL Injection
Posted May 5, 2014
Authored by Felipe Andrian Peixoto

CMS HINTWEB suffers from cross site scripting and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0b39f5e0aed97424fec875621406f87187076bc69ba0234a168c7789aded22f4
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close