ignore security and it'll go away
Showing 1 - 19 of 19 RSS Feed

Files Date: 2016-06-07

Windows x86 WinExec("cmd.exe",0) Shellcode
Posted Jun 7, 2016
Authored by Roziul Hasan Khan Shifat

Windows x86 WinExec("cmd.exe",0) shellcode.

tags | x86, shellcode
systems | windows
MD5 | 577b3de97beca0d12e1bf7f04ebc974c
League Of Legends Screensaver Unquoted Service Path Privilege Escalation
Posted Jun 7, 2016
Authored by Vincent Yiu

The League of Legends installer would install the League of Legends screensaver along with a service. The service would be called 'lolscreensaver'. This particular service was misconfigured such that the service binary path was unquoted. When the screensaver is installed to 'C:\Riot Games', the issue is not exploitable. However, during the installation process, users are able to specify a directory to install to. When a user chooses to install this to say an external drive, this becomes exploitable.

tags | exploit
MD5 | 662c1c0e79ec1589ad0d5575ffef39d5
League Of Legends Screensaver File Permission Privilege Escalation
Posted Jun 7, 2016
Authored by Vincent Yiu

The League of Legends screensaver was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary.

tags | exploit
MD5 | d139f9b4753c1faef4f2d8d39a6a5f48
Linux x86 /bin/nc -le /bin/sh -vp13337 Shellcode
Posted Jun 7, 2016
Authored by sajith

56 bytes small Linux/x86 /bin/nc -le /bin/sh -vp13337 shellcode.

tags | x86, shellcode
systems | linux
MD5 | dc7b508935ae05a428d9dd6ff6d915c7
HP Data Protector Encrypted Communication Remote Command Execution
Posted Jun 7, 2016
Authored by Ian Lovering, Jon Barg | Site metasploit.com

This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.

tags | exploit, remote, code execution
systems | windows, vista
advisories | CVE-2016-2004
MD5 | b07495ea7e4c584173df19bfad7af491
Adobe Reader CoolType Out-Of-Bounds Stack Manipulation
Posted Jun 7, 2016
Authored by Google Security Research, mjurczyk

Adobe Reader suffers from a CoolType unlimited out-of-bounds stack manipulation vulnerability via the BLEND operator.

tags | exploit
systems | linux
advisories | CVE-2015-3052
MD5 | 8ef27917f0c6d63d3f93e5648022d004
Red Hat Security Advisory 2016-1207-01
Posted Jun 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1207-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

tags | advisory, info disclosure
systems | linux, redhat, osx
advisories | CVE-2013-7423
MD5 | 5beb1dfce8d186fb975f8e55a9d14c00
Debian Security Advisory 3596-1
Posted Jun 7, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3596-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2016-0749, CVE-2016-2150
MD5 | d36908e546f36088750f4487a141d999
Red Hat Security Advisory 2016-1206-01
Posted Jun 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1206-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix: The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure.

tags | advisory, denial of service, info disclosure
systems | linux, redhat
advisories | CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727
MD5 | 1fc15b9cdc89a78728427626c199c3ef
Ubuntu Security Notice USN-2994-1
Posted Jun 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2994-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. CVE-2016-3627,CVE-2016-3705, It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483
MD5 | 0e42f3a6043a95dc25102edb7f547b51
Red Hat Security Advisory 2016-1205-01
Posted Jun 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1205-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.

tags | advisory, remote, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0749, CVE-2016-2150
MD5 | 624cada210d17094464170e271748e5b
Red Hat Security Advisory 2016-1204-01
Posted Jun 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1204-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.

tags | advisory, remote, overflow, arbitrary, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2016-0749, CVE-2016-2150
MD5 | 8f29e734880779fbedf5f49b58af7541
GNU Transport Layer Security Library 3.4.13
Posted Jun 7, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.

Changes: Various updates.
tags | protocol, library
MD5 | bdaccae1942c643fe907090438ec942a
Electroweb Online Examination System 1.0 SQL Injection
Posted Jun 7, 2016
Authored by Ali Ghanbari

Electroweb Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f2abb06478e328731b77cf3c7207099a
Apache Continuum 1.4.2 Command Injection / Cross Site Scripting
Posted Jun 7, 2016
Authored by David Shanahan

Apache Continuum version 1.4.2 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 04e66054d112399ff105757bce4dc0c6
Joomla JobGrokApp 3.1-1.2.55 SQL Injection
Posted Jun 7, 2016
Authored by Mojtaba MobhaM

Joomla JobGrokApp component version 3.1-1.2.55 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c384b4c0023a16252322a8240c17e6c6
Dream Gallery 1.0 Cross Site Request Forgery
Posted Jun 7, 2016
Authored by Ali Ghanbari

Dream Gallery version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 46d9985307020b7a35a1fd9c99bbea47
Packet Fence 6.0.3
Posted Jun 7, 2016
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed example in vlan filters showing incorrect operand for user_name. Fixed the display of the aup when printing a user. Fixed email_instructions blocking email registration. Fixed FreeRADIUS dynamic clients hanging the server when the database fails to respond. Various other fixes.
tags | tool, remote
systems | unix
MD5 | 598792f14595c71260e51c314ddedc39
Sun Secure Global Desktop / Oracle Global Desktop Shellshock
Posted Jun 7, 2016
Authored by lastc0de

Sun Secure Global Desktop and Oracle Global Desktop version 4.61.915 remote shellshock code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6278
MD5 | 9efceea0553c4104b049e6e31cd1d98b
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close