exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-02-07

Botan C++ Crypto Algorithms Library 1.10.12
Posted Feb 7, 2016
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: The 1.10.11 release notes incorrectly identified CVE-2016-2195 as CVE-2016-2915.
tags | library
systems | linux
advisories | CVE-2016-2195
SHA-256 | affc3a79919577943f896e64d3e4a4dcc4970c5bf80cc98c7f3a3144745eac27
Comodo Chromodo Browser Disable Same Origin Policy
Posted Feb 7, 2016
Authored by Tavis Ormandy, Google Security Research

When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.

tags | exploit
systems | linux
SHA-256 | bdbaab613e70202de64329e92a0aa11a5a23b6198f82463ba4715fdd151dcb53
Google Chrome Privilege Escalation
Posted Feb 7, 2016
Authored by Google Security Research, natashenka

There is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method in Google Chrome.

tags | exploit, overflow
systems | linux
SHA-256 | bd224e90b919011fec7fdaac0829c431dedd237dd5c4bc4e9724abccb5fe6fb5
Adobe Flash Processing AVC Causes Stack Corruption
Posted Feb 7, 2016
Authored by Google Security Research, mjurczyk

This mp4 file causes stack corruption in Flash. To run the test, load LoadMP42.swf?file=null.mp4 from a remote server.

tags | exploit, remote
systems | linux
SHA-256 | c1dd8ff07903035208e56e15a5c0096bd3f6903b52739b19bbcb008202a954ab
Samsung Galaxy S6 LibQjpeg Je_free Crash
Posted Feb 7, 2016
Authored by Google Security Research, natashenka

This jpg file causes an invalid pointer to be freed when media scanning occurs on Samsung Galaxy S6.

tags | exploit
systems | linux
SHA-256 | c28f5048c94508b781d43243304bf68709181131a5a4fdac2d1d3ce2a45f4842
Samsung Galaxy S6 Android.media.process Face Recognition Memory Corruption
Posted Feb 7, 2016
Authored by Google Security Research, natashenka

This proof of concept file causes memory corruption when it is scanned by the face recognition library in android.media.process.

tags | exploit, proof of concept
systems | linux
SHA-256 | f2ebb31f8a063f8972d6266edc011080f62366d4a268e944ad5de5ed57e2d0c6
Samsung SecEmailUI Script Injection
Posted Feb 7, 2016
Authored by Google Security Research, forshaw

The default Samsung email client's email viewer and composer (implemented in SecEmailUI.apk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary JavaScript when a user views a HTML email which contains HTML script tags or other events.

tags | exploit, arbitrary, javascript
systems | linux
advisories | CVE-2015-7893
SHA-256 | cdd3dca1431b631c7893709d3f20baf0ee1737418b177b7b11da853c74127bd8
Mobile Drive Free 1.8 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Mobile Drive Free 1.8 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
SHA-256 | 05155dd1e1a08c3f2e5935876d119490cc719dbdb964d9037411b49135cef67e
ThumbDrive 1.1 Local File Inclusion / File Upload
Posted Feb 7, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
SHA-256 | 24b1fbaf67ad57254b1eec0e9fd8d6d7cfb669cede0b24ddaea3ba1bc9fb7183
Norcon 2016 Call For Papers
Posted Feb 7, 2016
Site norcon.info

Norcon 2016 has announced its call for papers. It will be held in Chico, CA, USA from March 26th through the 27th, 2016.

tags | paper, conference
SHA-256 | 8a4c3ece5ea5746e91beb3957836bfc9ccbda0054339e75fc7b5c7498d2bac3a
Netgear Pro NMS 300 Code Execution / File Download
Posted Feb 7, 2016
Authored by Pedro Ribeiro

Netgear Pro NMS 300 suffers from code execution and arbitrary file download vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution
advisories | CVE-2016-1524, CVE-2016-1525
SHA-256 | bd8afe526581d0c940240674b8f3e8ad40ed6f11a99c8f7c416c4282267549ff
Avast File Read
Posted Feb 7, 2016
Authored by Tavis Ormandy, Google Security Research

This one is complicated, but allows an attacker to read any file on the filesystem by clicking a link. You don't even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary authenticated HTTP requests, and read the responses. This allows an attacker to read cookies, email, interact with online banking and so on.

tags | exploit, web, arbitrary
systems | linux
SHA-256 | 4bad7ddfedceb6f7b409d84aac5aa90382f66d898044ad874bda143180fe3992
MalwareBytes Insecure Signing
Posted Feb 7, 2016
Authored by Tavis Ormandy, Google Security Research

MalwareBytes fetches their signature updates over HTTP, permitting a man in the middle attack.

tags | advisory, web
systems | linux
SHA-256 | 3db7f35f2173b8f4b93e582cd2e3ad38fac889bb0120b08617db5d68d39ac26b
Joomla Pricelist 3.2.1 SQL Injection
Posted Feb 7, 2016
Authored by indoushka

Joomla Pricelist component version 3.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2fcd7c979b815c8f7b431ccb568f8b2065f52032445e94218b0044d3929612f0
Getdpd Filename Cross Site Scripting
Posted Feb 7, 2016
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Getdpd suffered from a cross site scripting vulnerability in the filename value.

tags | exploit, xss
SHA-256 | 129d32fa266a43572741cacd313cdcb606e1ce2a30bbe8b8332c7fe439d20f2e
Getdpd Cross Site Scripting
Posted Feb 7, 2016
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Getdpd suffered from a cross site scripting vulnerability in the id parameter.

tags | exploit, xss
SHA-256 | 418b52aecde43b710e0b2d2862b3a6e5875acb93269be717d6ec8d27e442ea15
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close