Twenty Year Anniversary
Showing 1 - 25 of 44 RSS Feed

Files Date: 2018-01-11

Microsoft Windows SMB Server Mount Point Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-0749
MD5 | 8bee2db391a04c548de7c3126b3c73a4
Microsoft Windows NtImpersonateAnonymousToken LPAC To Non-LPAC Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.

tags | exploit
systems | windows
advisories | CVE-2018-0752
MD5 | 8c8cfa8d06fb3178fe47edd96393a118
Microsoft Windows NtImpersonateAnonymousToken AC To Non-AC Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token's security level leading to impersonating a non-AC anonymous token leading to privilege escalation.

tags | exploit
systems | windows
advisories | CVE-2018-0751
MD5 | ec5a514309e694f43622f9260cc4f20a
Microsoft Windows NTFS Owner/Mandatory Label Privilege Bypass
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

When creating a new file on an NTFS drive it's possible to circumvent security checks for setting an arbitrary owner and mandatory label leading to a non-admin user setting those parts of the security descriptor with non-standard values which could result in further attacks resulting privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2018-0748
MD5 | 23055e91c47aae5d9ca3bd19f9708bba
Debian Security Advisory 4083-1
Posted Jan 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4083-1 - Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-1000472
MD5 | a45b8d30d6ca7026bed1a8599319f4b9
VMware Security Advisory 2018-0005
Posted Jan 11, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0005 - VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2017-4949, CVE-2017-4950
MD5 | 9626383bdd42e1ee3b4eb490bf37558c
VMware Security Advisory 2018-0004.1
Posted Jan 11, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0004.1 - VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest remediation for speculative execution issue.

tags | advisory
advisories | CVE-2017-5715
MD5 | 6c3dad31211a37710cf7f3e35ceb8eb7
Linux/ARM (Raspberry Pi) Bind Shell Shellcode
Posted Jan 11, 2018
Authored by Azeria

112 bytes small Linux/ARM (Raspberry Pi) null-free shellcode that binds a shell to 0.0.0.0:4444/TCP.

tags | shell, tcp, shellcode
systems | linux
MD5 | 80fbc5d27e17dc9e5bb4b1bf5f0abea2
LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow
Posted Jan 11, 2018
Authored by Daniel Teixeira, Tulpa | Site metasploit.com

This Metasploit module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | 8d30c79823a88f61fd7afa9d88d0562e
Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload
Posted Jan 11, 2018
Authored by Omar Mezrag, Algeria, Realistic Security | Site metasploit.com

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

tags | exploit, remote, web, arbitrary, local, root, php, file upload
advisories | CVE-2015-8279, CVE-2017-16524
MD5 | a040c104d632cd4ba7549225102c8f38
phpCollab 2.5.1 Unauthenticated File Upload
Posted Jan 11, 2018
Authored by Nicolas Serra, Nick Marcoccio | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit

tags | exploit, web, arbitrary, file upload
systems | linux, ubuntu
advisories | CVE-2017-6090
MD5 | 49412c9229ada92b55b3cbcd05d8eb54
Red Hat Security Advisory 2018-0081-01
Posted Jan 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0081-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-11305, CVE-2018-4871
MD5 | 9a6c4db77e3ce332ec06e707d527c1b0
Ubuntu Security Notice USN-3522-4
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-4 - USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | d73ea7e2336ce4f12a3f81d3406dd552
WordPress Testimonial Slider 1.2.4 SQL Injection
Posted Jan 11, 2018
Authored by DefenseCode, Neven Biruski

WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 171fbf4af364b138825c12c2a1ba6464
WordPress Smooth Slider 2.8.6 SQL Injection
Posted Jan 11, 2018
Authored by DefenseCode, Neven Biruski

WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3ca8963a8f503e09a95c667231a768d8
WordPress Dbox 3D Slider Lite 1.2.2 SQL Injection
Posted Jan 11, 2018
Authored by DefenseCode, Neven Biruski

WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 396bea3f46a47c839564e82ee3df2688
WordPress MQ ReLinks 1.8 XSS / Open Redirection
Posted Jan 11, 2018
Authored by Ricardo Sanchez

WordPress MQ ReLinks plugin version 1.8 suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 53ce06689dd3835a0618f5cfdf0f4cf4
Joomla! Easydiscuss Cross Site Scripting
Posted Jan 11, 2018
Authored by Mattia Furlani

Joomla! Easydiscuss component versions prior to 4.0.21 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-5263
MD5 | a5ecebe3d594d56be239429ba067ef39
Jungo Windriver 12.5.1 Privilege Escalation
Posted Jan 11, 2018
Authored by Fidus InfoSecurity

Jungo Windriver version 12.5.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-5189
MD5 | 67a0592b2d0d5d615ce9d10d56288a70
Ubuntu Security Notice USN-3522-3
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3522-3 - USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5754
MD5 | 4d7b4ced69dbbe793b9334bd984fd703
TP-Link Remote Command Injection
Posted Jan 11, 2018
Authored by chunibalon, puzzor

Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2017-15613, CVE-2017-15614, CVE-2017-15615, CVE-2017-15616, CVE-2017-15617, CVE-2017-15618, CVE-2017-15619, CVE-2017-15620, CVE-2017-15621, CVE-2017-15622, CVE-2017-15623, CVE-2017-15624, CVE-2017-15625, CVE-2017-15626, CVE-2017-15627, CVE-2017-15628, CVE-2017-15629, CVE-2017-15630, CVE-2017-15631, CVE-2017-15632, CVE-2017-15633, CVE-2017-15634, CVE-2017-15635, CVE-2017-15636, CVE-2017-15637
MD5 | 8de246217ead9b7cbf6d0453d197f92b
Ubuntu Security Notice USN-3528-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3528-1 - It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17790
MD5 | dc434c8e6d1bb07724a5d915b4e77117
Ubuntu Security Notice USN-3527-1
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3527-1 - Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208
MD5 | a4b97d44d7baaee22df4be21e098e115
Ubuntu Security Notice USN-3523-3
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3523-3 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864
MD5 | 5d97b063cad48e5c8411fa2be179fa07
Ubuntu Security Notice USN-3532-2
Posted Jan 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3532-2 - USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-16995, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-5754
MD5 | c5a3f8d746ddf39bee7abb6f9185111e
Page 1 of 2
Back12Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    13 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close