Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-02-06

NDI5aster - Privilege Escalation Through NDIS 5.x Filter Intermediate Drivers
Posted Feb 6, 2016
Authored by Kyriakos Economou

The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.

tags | paper, remote, kernel, local, tcp, protocol
systems | windows, xp
MD5 | 7a760729b05fa6f6f5af09e62c2775ca
Apache CloudStack 4.4.4 / 4.5.1 VM Credential Exposure
Posted Feb 6, 2016
Authored by John Kinsella

Apache CloudStack provides an API for managing network, compute, storage, and user aspects of a CloudStack cloud. Under certain circumstances, the results of certain API calls may expose the root password for a virtual machine related to an API call. Versions 4.4.4 and 4.5.1 are affected.

tags | advisory, root
advisories | CVE-2015-3251
MD5 | 0c21b1885b38e8469c38a0942fe40627
IPSet Bash Completion 2.7
Posted Feb 6, 2016
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Some code formatting changes. Various bug fixes and additions.
tags | tool, shell, firewall, bash
systems | linux, unix
MD5 | c6657a49992f22ac95762fa2f9d41fde
Apache CloudStack 4.4.4 / 4.5.1 VNC Authentication Issue
Posted Feb 6, 2016
Authored by John Kinsella

Apache CloudStack sets a VNC password unique to each KVM virtual machine under management. Upon migrating a VM from one host to another, the VNC password is no longer set in KVM on the new host. To leverage this issue, an attacker would need to have network access to a CloudStack host to be able to connect via VNC directly. Versions 4.4.4 and 4.5.1 are affected.

tags | advisory
advisories | CVE-2015-3252
MD5 | b6ad3d34123256921f9cb9f76361d062
Asterisk Project Security Advisory - AST-2016-003
Posted Feb 6, 2016
Authored by Richard Mudgett, Walter Dokes, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.

tags | advisory
MD5 | 35c17d57906a2a400e39bb6fbd40e4b1
Asterisk Project Security Advisory - AST-2016-002
Posted Feb 6, 2016
Authored by Richard Mudgett, Alexander Traud | Site asterisk.org

Asterisk Project Security Advisory - Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.

tags | advisory, overflow
MD5 | 5042769cb92f966de13e32154bee662e
WordPress User Meta Manager 3.4.6 Blind SQL Injection
Posted Feb 6, 2016
Authored by panVagenas

WordPress User Meta Manager plugin version 3.4.6 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 91f619440d482a94d076f8d50510b565
Asterisk Project Security Advisory - AST-2016-001
Posted Feb 6, 2016
Authored by Joshua Colp, Alex A. Welzi | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.

tags | advisory, web
MD5 | 6a4fbedbc5d908f3f403f2cb676b9c18
WordPress User Meta Manager 3.4.6 Privilege Escalation
Posted Feb 6, 2016
Authored by panVagenas

WordPress User Meta Manager plugin version 3.4.6 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | b2b1f0f169c96b5403267398d5b31170
WordPress Instagram 1.1.0 Cross Site Scripting
Posted Feb 6, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

WordPress Instagram 1.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a4fd2f8e1ab4c02d192042b1e24e0009
osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation
Posted Feb 6, 2016
Authored by Enrico Cinquini, Giovanni Cerrato

osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, file upload
MD5 | e4ae9c91f937545f666496593c2c2a23
Netgear RP614v3 Authentication Bypass
Posted Feb 6, 2016

Netgear RP614v3 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | fbafba0a6e51749ffd88229f933054c3
WordPress Clikstats 0.8 Open Redirect
Posted Feb 6, 2016
Authored by Amir.ght

WordPress Clikstats plugin version 0.8 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 037ee1962b836da7b7d4b2f9bacfdb75
WordPress Newsletter Pro 2.5.3.3 Open Redirect
Posted Feb 6, 2016
Authored by Ac!D

WordPress Newsletter Pro plugin version 2.5.3.3 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 4502a1cb8746c48e320b777fe157ee97
IBM Security Website Cross Site Scripting
Posted Feb 6, 2016
Authored by RootByte

IBM Security Website suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b3a2eb862a4118dcd69218b459c202eb
FTPShell Client 5.24 Buffer Overflow
Posted Feb 6, 2016
Authored by Arash Khazaei

FTPShell Client version 5.24 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 78419c3d4e6679e1572a3737ce73b8b8
Apple iOS Application Update Loop Pass Code Bypass
Posted Feb 6, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Apple iOS versions 9.1, 9.2, and 9.2.1 suffer from a pass code bypass vulnerability.

tags | exploit, bypass
systems | apple, ios
MD5 | edd3b69ca185c14fb3aa72b717066f14
ASP Forums 2.1 Database Disclosure
Posted Feb 6, 2016
Authored by indoushka

ASP Forums version 2.1 suffers from a database disclosure vulnerability.

tags | exploit, asp, info disclosure
MD5 | 9bda0cee7848574a11e6fc4425560437
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close