Exploit the possiblities
Showing 1 - 25 of 38 RSS Feed

Files Date: 2015-12-18

Dell Authentication Driver Uncontrolled Write
Posted Dec 18, 2015
Authored by Matthew Bergin

The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The 'OutputAddress' from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the kernel base address. Using multiple writes, it may be possible to overwrite the first entry of HalDispatchTable in a way that the entry would point to a user-land address. An attacker need only allocate shellcode at said address and call the ntdll!NtQueryIntervalProfile() function.

tags | exploit, arbitrary, kernel, shellcode
advisories | CVE-2015-6856
MD5 | 6ef6c020747218fad08aef364a75e2c2
Seagate GoFlex Satellite Remote Telnet Default Password
Posted Dec 18, 2015
Authored by Matthew Bergin

Seagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled.

tags | exploit
advisories | CVE-2015-2874
MD5 | 4e4939319b95c934d1dccaf415038778
Red Hat Security Advisory 2015-2670-01
Posted Dec 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2670-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 586c6f01eee4327732091ee9136031e8
Adobe Flash Sound.setTransform Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in Sound.setTransform. If a transform value is set to an object with valueOf defined, it can free the transform before the values are set.

tags | exploit
systems | linux
advisories | CVE-2015-8434
MD5 | 229f7ba36de32a61ea7173ee18ef2bb1
Slackware Security Advisory - grub Updates
Posted Dec 18, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New grub packages are available for Slackware 14.1 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-8370
MD5 | e1fe8dc867f607df7a542486554d4972
Slackware Security Advisory - libpng Updates
Posted Dec 18, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-8540
MD5 | 8aa2679f4b10a7ba29ed59a8b729f5ab
Debian Security Advisory 3426-1
Posted Dec 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3426-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-7446, CVE-2015-7799, CVE-2015-7833, CVE-2015-8104, CVE-2015-8374, CVE-2015-8543
MD5 | d6e3fbfbc3287ef9d8cb9a15c79551d6
Ubuntu Security Notice USN-2845-1
Posted Dec 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2845-1 - Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. Various other issues were also addressed.

tags | advisory, arbitrary, local, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-3925, CVE-2015-7529
MD5 | 605d321bb9ed06c801e42b63795b4d11
Avira Registry Cleaner DLL Hijacking
Posted Dec 18, 2015
Authored by Stefan Kanthak

Avira Registry Cleaner suffers from a local DLL hijacking vulnerability.

tags | exploit, local, registry
systems | windows
MD5 | 10dc4fdb3639717b7640103db5eca28e
Easy File Sharing FTP Server 3.6 Stack Buffer Overflow
Posted Dec 18, 2015
Authored by zeifan

Easy File Sharing FTP server version 3.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 87d8c2a6c08d6df9a455f7a6f8fd89ff
PFSense 2.2.5 Directory Traversal
Posted Dec 18, 2015
Authored by R-73eN

PFSense versions 2.2.5 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 77761926c57c910396212b39697d564b
Samsung SoftAP Weak Password
Posted Dec 18, 2015
Authored by Augusto Pereyra

Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours.

tags | advisory
advisories | CVE-2015-5729
MD5 | 8e6e1e6a07c89099c66cad01237c00ea
Pinger Remote Code Execution
Posted Dec 18, 2015
Authored by Ehsan Hosseini

Pinger suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f664045eb8b669e8127f7dcfbc4dece6
Adobe Flash MovieClip.attachBitmap Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.attachBitmap. If the depth parameter is an object with valueOf defined, this method can free the MovieClip, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8410
MD5 | 71fdc811c69ab798544eb6bd2270a5cd
Adobe Flash MovieClip.startDrag Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8411
MD5 | cdc5cf4db1356fda2d790eec7b9d7631
Adobe Flash MovieClip.duplicateMovieClip Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.duplicateMovieClip. If the depth or movie name parameter provided is an object with toString or valueOf defined, this method can free the MovieClip, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8412
MD5 | 7350fefb4d67e9fc4e88ed535af8dc29
Adobe Flash Selection.SetSelection Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in Selection.SetSelection. If it is called with a number parameter, which is an object with valueOf defined, and this function frees the parent of the TextField parameter, the object is used after it is freed. A minimal PoC follows:

tags | exploit
systems | linux
advisories | CVE-2015-8413
MD5 | 14093b26a537e5a2767eccee2a02c143
Adobe Flash TextField.sharpness Setter Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField sharpness setter. If the sharpness parameter is an object with valueOf set to a function which frees the TextField parent, it is used after it is freed.

tags | exploit
systems | linux
advisories | CVE-2015-8420
MD5 | f92b8f8ff8ca5c908454ddd819aa4842
Adobe Flash TextField.thickness Setter Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField thickness setter. If the thickness parameter is an object with valueOf set to a function which frees the TextField parent, it is used after it is freed.

tags | exploit
systems | linux
advisories | CVE-2015-8421
MD5 | 0d6485480540b41699a4ee3eeb7c2e65
Adobe Flash TextField.setFormat Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

The TextField setFormat method contains a use-after-free. If an integer parameter has valueOf defined, or the object parameter overrides a constructor, this method can free the TextField parent, which is subsequently used.

tags | exploit
systems | linux
advisories | CVE-2015-8422
MD5 | 3cc46fb9a9252bfcd4dee6bdbfd6be9d
Adobe Flash TextField.replaceText Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField.replaceText function. If the function is called with a string parameter with toString defined, or an integer parameter with valueOf defined, the parent object of the TextField can be used after it is freed.

tags | exploit
systems | linux
advisories | CVE-2015-8424
MD5 | 4f29897da8be1e246c622b70f0dc6a2f
Adobe Flash TextField Variable Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

If a TextField variable is set to a value with toString defined, and the TextField is updated, a use-after-free can occur if the toString method frees the TextField's parent.

tags | exploit
systems | linux
advisories | CVE-2015-8425
MD5 | d75e93b7856e1ea42a3b53aedff20611
Adobe Flash TextField.variable Setter Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField.variable setter. If the variable name that is added is an object with toString defined, the toString function can free the field's parent object, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8427
MD5 | 87eb8b471da0b2be39b8207850cbec89
Adobe Flash TextField.htmlText Setter Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField.htmlText setter. If the htmlText the field is set to is an object with toString defined, the toString function can free the field's parent object, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8428
MD5 | 7e885a866d92c849ab09ca28e3a36301
Adobe Flash TextField.type Setter Use-After-Free
Posted Dec 18, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField.type setter. If the type the field is set to is an object with toString defined, the toString function can free the field's parent object, which is then used.

tags | exploit
systems | linux
advisories | CVE-2015-8429
MD5 | fab6558b5b7239cc17ea777e96acf721
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close