exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-02-06

NDI5aster - Privilege Escalation Through NDIS 5.x Filter Intermediate Drivers
Posted Feb 6, 2016
Authored by Kyriakos Economou

The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.

tags | paper, remote, kernel, local, tcp, protocol
systems | windows
SHA-256 | 730dfd4333f38eeac096e605cfc535fc646d5e90e3533d3a53e73d4707bb7d53
Apache CloudStack 4.4.4 / 4.5.1 VM Credential Exposure
Posted Feb 6, 2016
Authored by John Kinsella

Apache CloudStack provides an API for managing network, compute, storage, and user aspects of a CloudStack cloud. Under certain circumstances, the results of certain API calls may expose the root password for a virtual machine related to an API call. Versions 4.4.4 and 4.5.1 are affected.

tags | advisory, root
advisories | CVE-2015-3251
SHA-256 | e1d9575a64a66d0b6de598436c6e55b6139760f94dc1d7be9d4fb1558d1c6e56
IPSet Bash Completion 2.7
Posted Feb 6, 2016
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Some code formatting changes. Various bug fixes and additions.
tags | tool, shell, firewall, bash
systems | linux, unix
SHA-256 | 2ca23b7e97c2fd21522510a597e6f8263fa3958d2ab155014a37a1855290c23f
Apache CloudStack 4.4.4 / 4.5.1 VNC Authentication Issue
Posted Feb 6, 2016
Authored by John Kinsella

Apache CloudStack sets a VNC password unique to each KVM virtual machine under management. Upon migrating a VM from one host to another, the VNC password is no longer set in KVM on the new host. To leverage this issue, an attacker would need to have network access to a CloudStack host to be able to connect via VNC directly. Versions 4.4.4 and 4.5.1 are affected.

tags | advisory
advisories | CVE-2015-3252
SHA-256 | 444ee4e43b5662436349058a9ae9bf309899af372366f8897acde09d71e4fb06
Asterisk Project Security Advisory - AST-2016-003
Posted Feb 6, 2016
Authored by Richard Mudgett, Walter Dokes, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.

tags | advisory
SHA-256 | d61d75b2607cad2c038cf03c5bb97339a5ed2401ece282ee0a7010c19c84efbf
Asterisk Project Security Advisory - AST-2016-002
Posted Feb 6, 2016
Authored by Richard Mudgett, Alexander Traud | Site asterisk.org

Asterisk Project Security Advisory - Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.

tags | advisory, overflow
SHA-256 | c3a9d55b8722a6698270f1449a33fc8ad65f440df0576b6607a8cd998bdbc47e
WordPress User Meta Manager 3.4.6 Blind SQL Injection
Posted Feb 6, 2016
Authored by Panagiotis Vagenas

WordPress User Meta Manager plugin version 3.4.6 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8f22b579767e7a3c6479eb7f920d37197735a234ed6858e1aef469d691d117eb
Asterisk Project Security Advisory - AST-2016-001
Posted Feb 6, 2016
Authored by Joshua Colp, Alex A. Welzi | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.

tags | advisory, web
SHA-256 | 6c3e6ff53bbb942a49afc289970e7d998f9f519da49bdeaeadd6a6a039422b8e
WordPress User Meta Manager 3.4.6 Privilege Escalation
Posted Feb 6, 2016
Authored by Panagiotis Vagenas

WordPress User Meta Manager plugin version 3.4.6 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | d088fb5cdcd30b60d6377e4125eb8d19e1450da48f358d4e2d26ff4678029417
WordPress Instagram 1.1.0 Cross Site Scripting
Posted Feb 6, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

WordPress Instagram 1.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b415a90ab2064dc918dbe4d97abaea9e9a91595f762c6ff138e61c114a50ae71
osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation
Posted Feb 6, 2016
Authored by Enrico Cinquini, Giovanni Cerrato

osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, file upload
SHA-256 | 4a19a2aa2c84b0fa5c0f2520b95e243cb8d22dc866f5c95fa4f4089635a66cbc
Netgear RP614v3 Authentication Bypass
Posted Feb 6, 2016

Netgear RP614v3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 8c216bb24afc3b481ba1388136665141d8f4161277f40e4c5de2e136025c1b64
WordPress Clikstats 0.8 Open Redirect
Posted Feb 6, 2016
Authored by Amir.ght

WordPress Clikstats plugin version 0.8 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 50ece61433282f067c9fdf3c6b88ab930e1b11b73b3cd1238aef0671409e835d
WordPress Newsletter Pro 2.5.3.3 Open Redirect
Posted Feb 6, 2016
Authored by Ac!D

WordPress Newsletter Pro plugin version 2.5.3.3 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | deea572ceba2f0ca6d74816c4848cee0e83729376ed6465667fcb6756891b2fa
IBM Security Website Cross Site Scripting
Posted Feb 6, 2016
Authored by RootByte

IBM Security Website suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 846d370ff13e8398291aa05fee5121ddefbf1cda285f7149ac3bc961505df56a
FTPShell Client 5.24 Buffer Overflow
Posted Feb 6, 2016
Authored by Arash Khazaei

FTPShell Client version 5.24 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | 39f0901fa8ec8cf5b431f7fc42d467c020a8c21351dae0d31f759fe3938ea531
Apple iOS Application Update Loop Pass Code Bypass
Posted Feb 6, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Apple iOS versions 9.1, 9.2, and 9.2.1 suffer from a pass code bypass vulnerability.

tags | exploit, bypass
systems | apple, ios
SHA-256 | 8de8b247155e4f185a6b01a539275a9f97a7f55492fd7fe8262ceba8fa6c9159
ASP Forums 2.1 Database Disclosure
Posted Feb 6, 2016
Authored by indoushka

ASP Forums version 2.1 suffers from a database disclosure vulnerability.

tags | exploit, asp, info disclosure
SHA-256 | 2a82cea0a7e0fc3cdf08bd773189c08f0aff6348e891a9283f84cac52de4e6d2
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close