Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-05-05

Adobe Flash Player Integer Underflow Remote Code Execution
Posted May 5, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

tags | exploit, remote, code execution, activex
systems | windows, xp, 7
advisories | CVE-2014-0497
MD5 | 6b1a9b03120530ac586d1d91aed1eb53
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
Posted May 5, 2014
Authored by Nils, Jon | Site metasploit.com

A kernel pool overflow in Win32k which allows local privilege escalation. The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process). This allows any unprivileged process to freely migrate to winlogon.exe, achieving privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox. NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash.

tags | exploit, overflow, kernel, local, shellcode
advisories | CVE-2013-1300
MD5 | 8465b04a506a8ce41624fcd378f6dab1
Debian Security Advisory 2919-1
Posted May 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2919-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0001, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440
MD5 | 41ad9c63bb0dfc0e33c05d21aa7668e7
Windows Heap Overflow Exploitation
Posted May 5, 2014
Authored by Dark-Puzzle

This article goes into detail on how to overflow a custom heap in Microsoft Windows 7.

tags | paper, overflow
systems | windows, 7
MD5 | 864670304d3ffa9a9f96099e7be1f91a
Lynis Auditing Tool 1.5.2
Posted May 5, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release has several warnings removed, new suggestions added, and an enhancement for the hardening index. Several controls have also been added to the website, to reflect the adjustments to Lynis.
tags | tool, scanner
systems | unix
MD5 | 2b868f1007cc18f8887269d52680249e
Ubuntu Security Notice USN-2192-1
Posted May 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2192-1 - It was discovered that OpenSSL incorrectly handled memory in the ssl3_read_bytes() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-5298, CVE-2014-0198
MD5 | 40c82fe14539be7bb3f24e117638d647
Gentoo Linux Security Advisory 201405-05
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-5 - Multiple buffer overflows in Asterisk might allow remote attackers to cause a Denial of Service condition. Versions less than 11.8.1 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2014-2286, CVE-2014-2287, CVE-2014-2288, CVE-2014-2289
MD5 | 892ed57efb88910bfbf7c7cd89bb7a67
Gentoo Linux Security Advisory 201405-04
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-4 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.356 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0498, CVE-2014-0499, CVE-2014-0502, CVE-2014-0503, CVE-2014-0504, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509, CVE-2014-0515
MD5 | 81b0ff9e226d752bfeaa515554bfca89
Gentoo Linux Security Advisory 201405-03
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-3 - Two vulnerabilities have been found in WeeChat, the worst of which may allow execution of arbitrary code. Versions less than 0.3.9.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5534, CVE-2012-5854
MD5 | 25fd005470e78881223e0d9ac2893af3
Gentoo Linux Security Advisory 201405-02
Posted May 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-2 - A vulnerability in libSRTP can result in a Denial of Service condition. Versions less than 1.4.4_p20121108-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-2139
MD5 | bdc44b467ffccf89f6383245b951d562
NTP DDoS Amplification
Posted May 5, 2014
Authored by Danilo PC

NTP distributed denial of service amplification tool that uses "get monlist".

tags | exploit, denial of service
advisories | CVE-2013-5211
MD5 | f71733635049c1f598c2587ce3e48bd8
AIEngine 0.7
Posted May 5, 2014
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Support for bloom filters and improvements on the python wrapper.
tags | tool
systems | unix
MD5 | 609285fe2d0352b335611a5dc77fbfd0
Heartbleed Analysis Daemon 1.0
Posted May 5, 2014
Site curesec.com

Heartbleed Analysis Daemon (hbad) is a tool that allows you to test clients that may be vulnerable to Heartbleed. Included is the release and the documentation pdf.

tags | tool
systems | linux, unix
MD5 | 6d50aa1d6435b6e344796f38ff9237dc
KM Player 3.8.0.123 Stack Buffer Overflow
Posted May 5, 2014
Authored by Aryan Bayaninejad

KM Player version 3.8.0.123 suffers from an AVI file handling stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-3212
MD5 | 755061ef3bb6147f04eaae34a1e47b72
Team Helpdesk CWS / TWA Remote Credential Dump
Posted May 5, 2014
Authored by bhamb

Team Helpdesk Customer Web Service (CWS) and Technician Web Access (TWA) version 8.3.5 credential dump exploits that produce encrypted pairs. Decryption scripts are also included.

tags | exploit, web
MD5 | 438953dcb988b379af356bc1b9e5e0e7
WordPress Flexolio XSS / Disclosure / File Upload
Posted May 5, 2014
Authored by MustLive

WordPress Flexolio plugin suffers from cross site scripting, denial of service, path disclosure, abuse of functionality, and arbitrary file upload vulnerabilities.

tags | exploit, denial of service, arbitrary, vulnerability, xss, info disclosure, file upload
MD5 | 5695a0fd5f31b168dc8938f074e8be50
Digital Access Pass Cross Site Scripting
Posted May 5, 2014
Authored by Felipe Andrian Peixoto

Digital Access Pass suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 1e555cfc95782a51aa53d29e26f7e3ea
PrestaShop 1.6.0 Blind SQL Injection
Posted May 5, 2014
Authored by indoushka

PrestaShop version 1.6.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7d6b81a738200fd7574623c8f8001289
K-Lite CODEC 9.x Memory Corruption
Posted May 5, 2014
Authored by Aryan Bayaninejad

K-Lite CODEC version 9.x suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3151
MD5 | 545267f3b7a689c54db4e7fea5fc5204
CMS HINTWEB Cross Site Scripting / SQL Injection
Posted May 5, 2014
Authored by Felipe Andrian Peixoto

CMS HINTWEB suffers from cross site scripting and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 201361ecbcdbaef5c5a83633da7c65ea
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close