Exploit the possiblities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2015-10-13

K2 SmartForms / BlackPearl SQL Injection
Posted Oct 13, 2015
Authored by Wissam Bashour

K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-7299
MD5 | 28f5a7664e1c5968728cfb7f6bdc1010
Avast Antivirus X.509 Error Rendering Command Execution
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.

tags | exploit
systems | linux
MD5 | 3d3ef2017b6468fa517b211e680773b5
Kaspersky Antivirus Yoda's Protector Unpacking Remote Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using "Yoda's protector". This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on all systems using Kaspersky Antivirus.

tags | exploit, remote, code execution
systems | linux
MD5 | 86bf16d08cab43faa423a41e705365d3
Kaspersky Antivirus UPX Parsing Remote Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, arbitrary, code execution
systems | linux
MD5 | 491afabd9d55ae8e3c2be5f32a5749a3
Kaspersky Antivirus PE Unpacking Integer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | 8242cff80815f18dffb3fc1f31e301f0
Kaspersky Antivirus ExeCryptor Parsing Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.

tags | exploit
systems | linux
MD5 | 0cf0e8ba9788651eb2d6c51c72ee527b
Kaspersky Antivirus CHM Parsing Remote Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | 83be123a691963bbfadcda9e8ca1b1e3
New Methods In Automated XSS Detection And Dynamic Exploit Creation
Posted Oct 13, 2015
Authored by Kenneth F. Belva

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

tags | paper, xss
MD5 | eea59ae522b2132dc8ea3248dc761a26
Kerio Control 8.6.1 SQL Injection / Code Execution / CSRF
Posted Oct 13, 2015
Authored by Raschin Tavakoli

Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, csrf
MD5 | 26c35cb8f887d2b30e8f7f4df9d4518c
Digital Whisper Electronic Magazine #65
Posted Oct 13, 2015
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 65. Written in Hebrew.

tags | magazine
MD5 | ef1f9ef2d5cf37b029f223fa9443a7d4
Debian Security Advisory 3372-1
Posted Oct 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, CVE-2015-7613
MD5 | ffcadb74d5180c69e0353da1ed27e907
.NET Partial-Trust Bypass
Posted Oct 13, 2015
Authored by Google Security Research, matttait

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without "UnmanagedCode" permission to nevertheless directly control arguments passed to a "ShellExecute" invocation of the users' default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the "WebPermission" permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users' default browser.

tags | exploit, arbitrary
systems | linux, windows
MD5 | b7f3dfd8f64186ca99ba0c8ffa13ec22
Kaspersky Antivirus VB6 Parsing Integer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | 75eb5e5504092a083f9d5fd6d31985e4
Kaspersky Antivirus DEX File Format Parsing Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This is obviously exploitable for remote, zero-interaction code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.

tags | exploit, remote, code execution
systems | linux, windows
MD5 | 8dc65b12a04d634841d207aa6e0111eb
Kaspersky Antivirus ThinApp Parser Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists in the ThinApp container parsing. Kaspersky Antivirus and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

tags | exploit, overflow
systems | linux
MD5 | deaad9c12e5364f7052dfab757843159
CDex Genre 1.79 Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Un_N0n

CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c7cce48330e495f214023ad2474871ab
Netgear Voice Gateway 2.3.0.23_2.3.23 XSS / Code Execution
Posted Oct 13, 2015
Authored by Karn Ganeshen

Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | ad5d1e8ac0a6f1592962890c5f6b76fe
How Yalu Works
Posted Oct 13, 2015
Authored by Mahyar Rezghi

Whitepaper called How Yalu Works. Written in Persian.

tags | paper
MD5 | fbc3f3dca2fe5e78d978aebdde513c93
Tomabo MP4 Converter 3.10.12 Denial Of Service
Posted Oct 13, 2015
Authored by M. Ibrahim

Tomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | a6e759d4a0bceefe001388104a553129
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close