Exploit the possiblities
Showing 1 - 25 of 30 RSS Feed

Files Date: 2015-10-01

Packet Storm New Exploits For September, 2015
Posted Oct 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 191 exploits that were added to Packet Storm in September, 2015.

tags | exploit
systems | linux
MD5 | fbdd7ccb2d08187b210204af0098df09
Kaspersky Small Office Security 13.0.4.233 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

By analyzing the password-based authentication for unloading the Kaspersky Small Office Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the module avpmain.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Small Office Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
MD5 | 5e46fdc705611011780a067f3a7e2b49
Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Unsalted Hash
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

The SySS GmbH found out that the admin password for protecting different functions of the Kaspersky Endpoint Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.

tags | exploit, registry
systems | windows
MD5 | 046ea318b27a89b15f537db5a397f8e5
Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

By analyzing the password-based authentication for unloading the Kaspersky Endpoint Security for Windows protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe, which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Endpoint Security for Windows in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
MD5 | 1086f747be3eb0c4c2fe2cf3b6779064
Kaspersky Anti-Virus 15.0.1.415 Unsalted Hash
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Anti-Virus software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.

tags | exploit, registry, virus
systems | windows
MD5 | 369760ef08cc2b83d83527f99b2c5299
Kaspersky Anti-Virus 15.0.1.415 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

By analyzing the password-based authentication for unloading the Kaspersky Anti-Virus protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Anti-Virus in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory, virus
systems | windows
MD5 | dbe91bf95bd0bc4235598ff893194b09
Kaspersky Internet Security 15.0.2.361 Unsalted Hash
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Internet Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.

tags | exploit, registry
systems | windows
MD5 | f880e334aba51f05b55d115bc9c61d3b
Kaspersky Internet Security 15.0.2.361 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

By analyzing the password-based authentication for unloading the Kaspersky Internet Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Internet Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
MD5 | 83058e3c88e6bdcf0882c306620e66bd
Kaspersky Total Security 15.0.1.415 Unsalted Hash
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Total Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.

tags | exploit, registry
systems | windows
MD5 | 30409400e9eb6a41ab0a7c7c0c4323c2
Kaspersky Total Security 15.0.1.415 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

By analyzing the password-based authentication for unloading the Kaspersky Total Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Total Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
MD5 | a4bdd4397fdcaf468c04a3e0387e5123
Kaspersky Small Office Security 13.0.4.233 Unsalted Hash
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund

The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Small Office Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry.

tags | exploit, registry
systems | windows
MD5 | 3c76465f7d59e37e5f167f1a8b4492a3
Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
MD5 | 394e001ee3e97a0e28026a7e3dd1db7f
Apple Security Advisory 2015-09-30-02
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-02 - Safari 9 is now available and addresses spoofing, communication compromise, and various other vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2015-3801, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5780, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810
MD5 | 630d3059674f988d08dfab9c6bb1fd5e
Apple Security Advisory 2015-09-30-01
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-01 - iOS 9.0.2 is now available and addresses a lock screen vulnerability.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2015-5923
MD5 | 206b2724df716833fc4e2076f9c8ae08
Microsoft Security Bulletin Revision Increment For September, 2015
Posted Oct 1, 2015
Site microsoft.com

This bulletin summary lists three bulletins that have undergone a major revision increment for September, 2015.

tags | advisory
MD5 | 0d8640b92d838047c100049a245668f6
MakeSFX.exe 1.44 Stack Buffer Overflow
Posted Oct 1, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

MakeSFX.exe version 1.44 suffers from stack-based buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 990f81246150f7790cefc6018371f516
Apache James Server 2.3.2 Arbitrary Command Execution
Posted Oct 1, 2015
Authored by Jakub Palaczynski

Apache James Server version 2.3.2 suffers from an arbitrary command execution vulnerability.

tags | advisory, arbitrary
MD5 | 757a48d6275b629b17bea8337370a644
ElasticSearch Path Traversal Arbitrary File Download
Posted Oct 1, 2015
Authored by Pedro Andujar

Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.

tags | exploit, arbitrary, proof of concept
systems | linux
advisories | CVE-2015-5531
MD5 | 07ca3f109ce62eba569e1484ff2cf009
Dropbox FinderLoadBundle OS X Local Root Exploit
Posted Oct 1, 2015
Authored by cenobyte

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

tags | exploit, arbitrary, shell, root
systems | apple, osx
MD5 | 04b4586c44bb0dd781367933375dfb86
WinRAR Expired Notification Command Execution
Posted Oct 1, 2015
Authored by R-73eN

WinRAR suffers from an expired notification OLE remote command execution vulnerability.

tags | exploit, remote
MD5 | 85ef6f8fc8f013883d631383df675305
Red Hat Security Advisory 2015-1852-01
Posted Oct 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1852-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
MD5 | 972db07b639ba883a6e6c79dc28e0a03
HP Security Bulletin HPSBGN03424 1
Posted Oct 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03424 1 - A potential security vulnerability was been identified in HP Cloud Service Automation version v4.5. The vulnerability could be exploited to allow remote authentication bypass. Note: HP C.A. contains a version of Node.js, that when used in FIPS mode is affected by Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793). The vulnerability may allow remote attacker to spoof a Certification Authority role and trigger unintended certificate verification. Revision 1 of this advisory.

tags | advisory, remote, spoof
advisories | CVE-2015-1793
MD5 | ea91af0da3cd17e871b4f1be10d6ab21
Red Hat Security Advisory 2015-1853-01
Posted Oct 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1853-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering was retired on September 30, 2015, and support is no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date. We encourage customers using Red Hat Enterprise Linux 6 to plan their migration from Red Hat Enterprise Developer Toolset Version 2 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.

tags | advisory
systems | linux, redhat
MD5 | d199cb9b220e12c383e0ffc96772c559
Ubuntu Security Notice USN-2758-1
Posted Oct 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2758-1 - It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2015-5589, CVE-2015-5590, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838
MD5 | ca53a395d17239d3ddffe893de8995c4
HP Security Bulletin HPSBST03502 1
Posted Oct 1, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03502 1 - A potential security vulnerability has been identified in HP 3PAR Service Processor (SP) SPOCC. The vulnerability could be exploited to allow remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2015-5443
MD5 | bf904dce1cb614e4f4068c769e04e154
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close