exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-08-19

Windows Kernel ATMFD.DLL Invalid Memory Access Due To Malformed CFF Table (ATMFD+0x3440b / ATMFD+0x3440e)
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2460
SHA-256 | f3c9bc75807a1970026b1a04826e0374c827b906a3593467dfd94e746404d46e
EMC Documentum Content Server Privilege Escalation
Posted Aug 19, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.

tags | exploit, vulnerability
systems | linux
advisories | CVE-2015-4532
SHA-256 | 3e23749741e39d44281a4e37e4effeb870920b6c75bab3df444cee63831f8276
Ricoh FTP Server 1.1.0.6 Buffer Overflow
Posted Aug 19, 2015
Authored by Juan Sacco

Ricoh FTP Server versions 1.1.0.6 and below suffer from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 2e40b7ec94f5efc5004ef8320c004fcdad799161fdd49a36a373c9ef742e67e0
Windows Kernel ATMFD.DLL Write To Uninitialized Address Due To Malformed CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2432
SHA-256 | 6e52ae3b34903df13fac42f16c8c4249f5713a3b28e9e618f11bd01a076bfda5
Adobe Flash XML.childNodes Use-After-Free
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in a way that causes its child nodes to be enumerated, the watch will trigger. If the function in the watch deletes all the child nodes, the buffer containing the nodes will be deleted, even though the original function will still access it when it unwinds. This can lead to a childnodes array in ActionScript containing pointers that can be specified by an attacker.

tags | exploit
systems | linux
advisories | CVE-2015-5540
SHA-256 | 1295da6dedc93d6a1fe5a27a6f5a706c9506fa2c29602370bf75f3ab7f7f7165
Windows Kernel ATMFD.DLL Out-Of-Bounds Read Due To Malformed Name INDEX In The CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2461
SHA-256 | 6a8eb9549bb642753717c8d5defcb82e1195517e9f35e5373e1e62cfe755b503
Adobe Flash Heap Use-After-Free In SurfaceFilterList::C​reateFromScriptAtom
Posted Aug 19, 2015
Authored by bilou

Adobe Flash suffers from a heap use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.

tags | exploit
advisories | CVE-2015-5563
SHA-256 | a0281df3d7aa9384aee12714924135d0f2ba0281c842d544e991427f2733bd96
Adobe Flash Use-After-Free In AttachMovie
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in attachMovie due to the initObject. If the initObject contains an object that calls a method that deletes the movie clip that is being attached, a use-after-free occurs.

tags | exploit
systems | linux
advisories | CVE-2015-5551
SHA-256 | 90bd26fa45bf4967bccd506cc65201e1553ca1b0810ffe60271cde208371b15b
Easy File Management Web Server 5.6 Buffer Overflow
Posted Aug 19, 2015
Authored by Tracy Turben

Easy File Management Web Server version 5.6 suffers from a USERID remote buffer overflow vulnerability.

tags | exploit, remote, web, overflow
SHA-256 | b19ab4477f85492c83b73d22792d96687f0438dc4e7685e57c50546025bdf830
Windows Kernel ATMFD.DLL Invalid Memory Access Due To Malformed CFF Table
Posted Aug 19, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2459
SHA-256 | 86ad060ed6b0b92f73638bde724be9999e6d4cd36658f6ce0e727753ba8c5617
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 19, 2015
Authored by Jihui Lu

FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a race condition in FlashBroker BrokerMoveFileEx method. This race can be won by using an oplock to wait for the point where the BrokerMoveFileEx method opens the original file and then making destination to be a junction.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3081
SHA-256 | 4a8cd33a5f101e483a330b62c04d5e4cf5d733d46fdcb20efda5eb7f32e33f84
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 19, 2015
Authored by Jietao Yang, Jihui Lu

FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3083
SHA-256 | 1833e423f195e8f2809219e0689a0b518a6badd8204abdb35e1d3ceaabc57452
Adobe Flash Use-After-Free Pointer Storage
Posted Aug 19, 2015
Authored by Google Security Research, natashenka

There are use-after-frees related to storing a single pointer (this this pointer) in several MovieClip drawing methods, including beginFill, beginBitmapFill, beginGradientFill, linGradientStyle, lineTo, moveTo, curveTo and lineStyle.

tags | exploit
systems | linux
advisories | CVE-2015-3137
SHA-256 | eb82146aef2be66c90cc556f2ab77a11428236e2b722274ee758243d8ec6b0e3
Flash Broker-Based Sandbox Escape Via Forward Slash
Posted Aug 19, 2015
Authored by Jietao Yang

FlashBroker is vulnerable to an NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers "\" as delimiter. If the destination includes "/", FlashBroker will use a wrong destination folder for check.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-3082
SHA-256 | ecdb7f0d31c0d78cd25fb1e2a301573230e10f182d90e0e3e0fec1b6a16204ba
Adobe Flash AS2 Use-After-Free In TextField.filters
Posted Aug 19, 2015
Authored by bilou

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
advisories | CVE-2015-5561
SHA-256 | ba078b1fb9699fb28314ffceb29d7447e2439e39e19e7e403d97f297eec2762f
Magento CE Remote Command Execution
Posted Aug 19, 2015
Authored by Ebrietas0

Magento CE versions prior to 1.9.0.1 post authentication remote command execution exploit.

tags | exploit, remote
SHA-256 | b1acf8cae85e109aed30dc1846013198f9b3e4461b45f10d2540acfca0db7ffc
FTP Commander 8.02 Buffer Overflow
Posted Aug 19, 2015
Authored by Un_N0n

FTP Commander version 8.02 Costum Command SEH overwrite buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 19204400584faeee7ff9ada5ce57a23a62f130344c19391c083697f0f0dbc257
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close