what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-09-07

PHP 5.6 / 5.5 / 5.4 SplDoublyLinkedList Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php
MD5 | 2de59014619732816d790f93d2b9138f
PHP 5.6 GMP unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
MD5 | 522528985da39438d90798e3e00eee5b
PHP 5.6 / 5.5 / 5.4 Session Deserialized Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
MD5 | fd6e61fa94534057f41c7ce340a6c54a
WordPress eShop 6.3.13 Cross Site Scripting
Posted Sep 7, 2015
Authored by Ashiyane Digital Security Team, Ehsan Hosseini

WordPress eShop plugin version 6.3.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4e07b20e978f307df59e6340be4003d4
Endian Firewall Proxy Password Change Command Injection
Posted Sep 7, 2015
Authored by Ben Lincoln | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd (which changes the password for the Linux root account on the system to the value specified by console input once it is executed). The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use (http://jira.endian.com/browse/UTM-1002). Versions 2.3.x and 2.4.0 are not vulnerable because of a similar bug (http://bugs.endian.com/print_bug_page.php?bug_id=3083). Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.2, 2.5.1, 2.5.2. Should function against any version from 1.1 RC5 to 2.2.x, as well as 2.4.1 and 2.5.x.

tags | exploit, web, local, cgi, root, php
systems | linux
advisories | CVE-2015-5082
MD5 | 2da9577bea5e5b9856246321c15b9a23
FireEye Appliance Arbitrary File Disclosure
Posted Sep 7, 2015
Authored by Kristian Hermansen

FireEye appliances suffer from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 958a01986613c6dae53dd9ba5e2abaa5
NETGEAR WMS Authentication Bypass / Privilege Escalation
Posted Sep 7, 2015
Authored by Elliott Lewis

NETGEAR WMS5316 ProSafe 16AP Wireless Management System suffers from authentication bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability, bypass
MD5 | bb9efcdd5241eb92f9279663ae323dde
Debian Security Advisory 3353-1
Posted Sep 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3353-1 - Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service, protocol
systems | linux, debian
advisories | CVE-2015-5177
MD5 | 52e406af54bb01633004dfb872d2ce6f
HooToo Tripmate HT-TM01 Cross Site Request Forgery
Posted Sep 7, 2015
Authored by Ken Smith

HooToo Tripmate HT-TM01 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 90fbddf5c0f69415014acf140f9291ee
PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
MD5 | 91ba5fc013582949fd9075897b6402f3
Advantech WebAccess 8.0 / 3.4.3 Code Execution
Posted Sep 7, 2015
Authored by Praveen Darshanam

Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.

tags | exploit, activex
advisories | CVE-2014-9208
MD5 | f17c7b4d90cf1d0a5543245f4b52d5c9
AutoCAD DWG/DXF To PDF Converter 2.2 Buffer Overflow
Posted Sep 7, 2015
Authored by Robbie Corley

AutoCAD DWG/DXF to PDF Converter version 2.2 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 6cd22b786395a4311e18b733086f7c7d
PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or for executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
MD5 | c5bccf43ad4d87cc018bda0150416aed
Glibc Pointer Guarding Weakness
Posted Sep 7, 2015
Authored by Hector Marco, Ismael Ripoll | Site hmarco.org

Glibc pointer guarding weakness proof of concept code.

tags | exploit, proof of concept
MD5 | 026beab7e15d3f98f6f01d932849fa41
Linux/x86 execve(/bin/bash) Shellcode
Posted Sep 7, 2015
Authored by Ajith KP

31 bytes small Linux/x86 execve(/bin/bash) shellcode.

tags | x86, shellcode, bash
systems | linux
MD5 | 44a964b1f2f3d7b3ac4ce99318803e08
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close