Exploit the possiblities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-08-19

Windows Kernel ATMFD.DLL Invalid Memory Access Due To Malformed CFF Table (ATMFD+0x3440b / ATMFD+0x3440e)
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2460
MD5 | dc81563a83363c0231dd00ee3ee6bd48
EMC Documentum Content Server Privilege Escalation
Posted Aug 19, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.

tags | exploit, vulnerability
systems | linux
advisories | CVE-2015-4532
MD5 | f077c7b66a88a4d79bd35466aceeea97
Ricoh FTP Server 1.1.0.6 Buffer Overflow
Posted Aug 19, 2015
Authored by Juan Sacco

Ricoh FTP Server versions 1.1.0.6 and below suffer from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | a3db0998554c0ee02a6bc32bd9b22398
Windows Kernel ATMFD.DLL Write To Uninitialized Address Due To Malformed CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2432
MD5 | a01f24953896348dc6f6dadc5dadeee4
Adobe Flash XML.childNodes Use-After-Free
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in a way that causes its child nodes to be enumerated, the watch will trigger. If the function in the watch deletes all the child nodes, the buffer containing the nodes will be deleted, even though the original function will still access it when it unwinds. This can lead to a childnodes array in ActionScript containing pointers that can be specified by an attacker.

tags | exploit
systems | linux
advisories | CVE-2015-5540
MD5 | dbfcad470cd2d0765f274267378842e4
Windows Kernel ATMFD.DLL Out-Of-Bounds Read Due To Malformed Name INDEX In The CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2461
MD5 | e3ec72c3ee6af469dd7ffed262d4c78b
Adobe Flash Heap Use-After-Free In SurfaceFilterList::C​reateFromScriptAtom
Posted Aug 19, 2015
Authored by bilou

Adobe Flash suffers from a heap use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.

tags | exploit
advisories | CVE-2015-5563
MD5 | ff1d8e0a1bdc6bea5ca4c6eb1ca21993
Adobe Flash Use-After-Free In AttachMovie
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in attachMovie due to the initObject. If the initObject contains an object that calls a method that deletes the movie clip that is being attached, a use-after-free occurs.

tags | exploit
systems | linux
advisories | CVE-2015-5551
MD5 | 65449246fb616186f3d8775e03863416
Easy File Management Web Server 5.6 Buffer Overflow
Posted Aug 19, 2015
Authored by Tracy Turben

Easy File Management Web Server version 5.6 suffers from a USERID remote buffer overflow vulnerability.

tags | exploit, remote, web, overflow
MD5 | 8392e2a22628ed3845a114640c49b3b9
Windows Kernel ATMFD.DLL Invalid Memory Access Due To Malformed CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2459
MD5 | a04792266971bd371446f29979bbb2f5
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 19, 2015
Authored by Jihui Lu

FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a race condition in FlashBroker BrokerMoveFileEx method. This race can be won by using an oplock to wait for the point where the BrokerMoveFileEx method opens the original file and then making destination to be a junction.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3081
MD5 | aeb668d5c4d500bdefc0a7b96f4b5d69
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 19, 2015
Authored by Jietao Yang, Jihui Lu

FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3083
MD5 | 82bec32c03e0fa8f8aa3240eafc033fc
Adobe Flash Use-After-Free Pointer Storage
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

There are use-after-frees related to storing a single pointer (this this pointer) in several MovieClip drawing methods, including beginFill, beginBitmapFill, beginGradientFill, linGradientStyle, lineTo, moveTo, curveTo and lineStyle.

tags | exploit
systems | linux
advisories | CVE-2015-3137
MD5 | 3f3c20ec44b22e890a74ccb6dcacc6cd
Flash Broker-Based Sandbox Escape Via Forward Slash
Posted Aug 19, 2015
Authored by Jietao Yang

FlashBroker is vulnerable to an NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers "\" as delimiter. If the destination includes "/", FlashBroker will use a wrong destination folder for check.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3082
MD5 | d370ca321e3847af3b1084115829485c
Adobe Flash AS2 Use-After-Free In TextField.filters
Posted Aug 19, 2015
Authored by bilou

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
advisories | CVE-2015-5561
MD5 | 6845bb4a55e69b441e68f8eaa252e0ee
Magento CE Remote Command Execution
Posted Aug 19, 2015
Authored by Ebrietas0

Magento CE versions prior to 1.9.0.1 post authentication remote command execution exploit.

tags | exploit, remote
MD5 | ed418db3ba12a4d3aebbd763f7e6b663
FTP Commander 8.02 Buffer Overflow
Posted Aug 19, 2015
Authored by Un_N0n

FTP Commander version 8.02 Costum Command SEH overwrite buffer overflow exploit.

tags | exploit, overflow
MD5 | 57b14e8297384c2fd2c62b621c60d586
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close