what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-02-03

MalwareFox AntiMalware 2.74.0.150 Local Privilege Escalation
Posted Feb 3, 2018
Authored by Souhail Hammou

MalwareFox AntiMalware version 2.74.0.150 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-6593
SHA-256 | 0cd89e4424f7e5ca7ded334e2c740e198543904d8777a8c6b61bd1ff38a9c646
Netgear WNR1000v3 Cross Site Request Forgery
Posted Feb 3, 2018
Authored by Sajibe Kanti

Netgear WNR1000v3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2af80b2ce51ed8b874bfcf4a11cfc41b69330dfdb9a8c12db63e7e709e6d4e81
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
Posted Feb 3, 2018
Authored by Shadow Brokers, Equation Group, sleepya, zerosum0x0 | Site metasploit.com

This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.

tags | exploit, vulnerability, code execution
advisories | CVE-2017-0143, CVE-2017-0146, CVE-2017-0147
SHA-256 | 77604488f33765e26b911f571e2011c59ddbaa3a8165e52e5cdbb9a739f4fb99
Apport / ABRT chroot Privilege Escalation
Posted Feb 3, 2018
Authored by Tavis Ormandy, Brendan Coles, StA(c)phane Graber, Ricardo F. Teixeira | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing 'usr/share/apport/apport' within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing 'usr/libexec/abrt-hook-ccpp' within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This Metasploit module has been tested successfully on Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64 and ABRT on Fedora 19 and 20 x86_64.

tags | exploit, x86, kernel, root, code execution
systems | linux, fedora, ubuntu
advisories | CVE-2015-1318
SHA-256 | 9c651a9002f5646905fcb8abdec1552897cd260c341ec403e60727c2cf691713
Claymore Dual GPU Miner 10.5 Format String
Posted Feb 3, 2018
Authored by res1n

Claymore Dual GPU Miner versions 10.5 and below suffer from format string vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-6317
SHA-256 | 7e6c1869c49221779469d27c21694cb9da2d490681b9871dbb8969ba1febc035
Ubuntu Security Notice USN-3556-2
Posted Feb 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6171, CVE-2017-15132
SHA-256 | ec5451f5f5fbad1a4b5d212e71f5225bc2c339fdc87e030edc7b410d020b013e
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
SHA-256 | d17589f8c87f68f43fdc0fdc6baa36cb0aad0bbdbb624cbb94def83e1f56fbfa
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
SHA-256 | 4fb18455a7824410e8bc9a432a98671261c8e1cd41ff089a645fad3cbe7dc9bd
FiberHome AN5506 Unauthenticated Remote DNS Change
Posted Feb 3, 2018
Authored by r0ots3c

FiberHome AN5506 unauthenticated remote DNS changing exploit.

tags | exploit, remote
SHA-256 | 52ab5c27dac6afe5f83b6fd4783d12125c72d521566458a00a91fbfeb81121c7
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
Posted Feb 3, 2018
Authored by Dmitry Chastuhin

Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-2636
SHA-256 | 6570490d9880f31aeb7fdbff964f9a9005e9983ee73dd712856ca52a42a37078
Joomla! JMS Music 1.1.1 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JMS Music component version 1.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6581
SHA-256 | 63fee11fd94329ce5734e84e7df1fc7e8f180f28dc8a34cc0962d2b071ca2ff5
Joomla! JEXTN Reverse Auction 3.1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JEXTN Reverse Auction component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6579
SHA-256 | 499b7bb35d134b9e0eb49f2f6aa38a49ecbd6da6bc24a8f425a03e7875c221a3
Event Manager PHP Script 1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2018-6576
SHA-256 | 7d4c6f79ed1d4fc794778cccf380429bbfd8fd82ce874aa4bfcf2201e86e91de
Joomla! JE PayperVideo 3.0.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JE PayperVideo component version 3.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6578
SHA-256 | 389817dc94ac3d964a75d021d61899ad6b846a254964cc66a51c44bc97115921
ifchk 1.0.9
Posted Feb 3, 2018
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | a12cb641290b2c83f598df89e91ebe5a4fada4b6fd008797fc0be41358edcdd4
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close