exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2017-11-15

Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
SHA-256 | e5ec99dd5f0ff5dc50fbd672fb369b25b1475f0428bbe0cafb6446272f611616
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
SHA-256 | 4ae4fb5d8cbd507e3447721fd51082bffd9323c200e7877477655e1aa4e15c0f
Microsoft Windows WLDP/Scriptlet CLSID UMCI Bypass
Posted Nov 15, 2017
Authored by James Forshaw, Google Security Research

The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
SHA-256 | 0a5bddd8f4ee903a132da519d294e7d062747a20ed0b075e6bb7f8fecc61a6ff
CA Identity Governance 12.6 Cross Site Scripting
Posted Nov 15, 2017
Authored by Kevin Kotas, Jake Miller | Site www3.ca.com

CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2017-9394
SHA-256 | aad777eb35b7f0095b61e0b61482090142d26c18db84ef8693c72377ea6cf30b
Vivotek IP Cameras Remote Stack Overflow
Posted Nov 15, 2017
Authored by bashis

Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C, FD816CA, FD816CA, FD816D, FD8177, FD8179, FD8182, FD8182, FD8182-F1, FD8365A_v2, FD8367A, FD8367A, FD8369A, FD8369A, FD836B, FD836BA, FD836D, FD8377, FD8379, FD8382, FD9171, FD9181, FD9371, FD9381, FE8174_v2, FE8181_v2, FE8182, FE8374_v2, FE8381_v2, FE9181, FE9182, FE9381, FE9382, IB8367A, IB8369A, IB836B, IB836BA, IB836D, IB8377, IB8379, IB8382, IB9371, IB9381, IP8166, IP9171, IP9181, IZ9361, MD8563, MD8564, MD8565, SD9161, SD9361, SD9362, SD9363, SD9364, SD9365, SD9366, and VC8101.

tags | exploit, remote, overflow
SHA-256 | 71b66ef8a75c88f47a5fd31b62fc8f98a8a75e48182e0b0e2d2cae1901cc3693
Anti-Virus Privileged File Write
Posted Nov 15, 2017
Authored by Florian Bogner

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part ("the UI") to restore files from the virus quarantine with the permissions of the privileged user mode part ("Windows service"). This may results in a privileged file write vulnerability.

tags | exploit, kernel, virus
systems | windows
SHA-256 | 7e5e2eeec5863b5ec1f6f099ae65481e3ec78f2df7b81c96f35a7b5b269bbcd5
Red Hat Security Advisory 2017-3200-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3200-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000111, CVE-2017-1000112, CVE-2017-14106
SHA-256 | 2ed8a67f11427e2d2b9d276e27f1f3887b343d36c2da2af2fbeeaf1a4deb0cdc
Red Hat Security Advisory 2017-3221-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3221-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, web, denial of service, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-10167, CVE-2016-10168
SHA-256 | c46af562f56ec06eef4a10c3f008756691db8bca10ed5bafc3dbe1b14013cd5a
Red Hat Security Advisory 2017-3226-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3226-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix: A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2016-2121
SHA-256 | d243d613a6b1e17c1814b834795370d8cf1a9d36c92a3a15a61331bb3068238a
Red Hat Security Advisory 2017-3222-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3222-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.187. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
SHA-256 | 7354d0085314c302225bad8692adcdb2b9de57ae2c7d179a1230d71ab35d8f54
Ulterius Server Directory Traversal
Posted Nov 15, 2017
Authored by Rick Osgood

Ulterius Server version prior to 1.9.5.0 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2017-16806
SHA-256 | 6cab2996d076aebf02646c924bcd8e6c8185e37ed027569c27bf457101d55e27
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
Posted Nov 15, 2017
Authored by LiquidWorm | Site zeroscience.mk

Allworx Server Manager versions 6x, 6x12, and 48x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 88af8cdcdd96c920dc9e23ca1fa08d58d77df2da164b57775e168335b6c5be46
Microsoft Security Bulletin Summary For November, 2017
Posted Nov 15, 2017
Site microsoft.com

This Microsoft bulletin summary holds information regarding Microsoft security updates for November, 2017.

tags | advisory
SHA-256 | becb9e788458f3cbc095293872a02785357f6f1c7e04f6cf57e69eae8c093b84
Red Hat Security Advisory 2017-3216-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3216-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2017-2582
SHA-256 | c6839de8a7da1f314e91840d5a632b506a67a6e3f704330ce58b280c3242fb70
Red Hat Security Advisory 2017-3220-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3220-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2017-2582
SHA-256 | e4a78fc5dd316852065b2ffb1f78fd8359e8375e643906abe6ce03614baf20d7
Red Hat Security Advisory 2017-3217-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3217-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2017-2582
SHA-256 | 642456f59d91ec99fa56c6667d3563e8e85ea2d34721d5ebfd28da86dbaa2c01
Red Hat Security Advisory 2017-3219-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3219-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.18. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-2582
SHA-256 | 4fbc9b62148f904eb99306f68c91d1356ebb1fa47fc1cd572011cf324db88987
Red Hat Security Advisory 2017-3218-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3218-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2017-2582
SHA-256 | 982adb962a8420d4182204aa1ef9af6c92b8c6ecc8970c607eb72cbcf87ccf48
Dup Scout Enterprise 10.0.18 Buffer Overflow
Posted Nov 15, 2017
Authored by sickness

Dup Scout Enterprise version 10.0.18 'Login' buffer overflow exploit.

tags | exploit, overflow
SHA-256 | bfcefabba134afcd83732d02efecadeec8b935e44a63f63793cf3af30cd26ba4
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close