exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-07-13

Linux/Ubuntu Coredump Reading Access Bypass
Posted Jul 13, 2018
Authored by Jann Horn, Google Security Research

Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass.

tags | exploit
systems | linux, ubuntu
SHA-256 | a592a3eaac60c8a390da56980e7a4c2fa1044e45b3e50a5a299465a3f01de74d
Microsoft Windows POP/MOV SS Local Privilege Elevation
Posted Jul 13, 2018
Authored by Nick Peterson, can1357, bwatters-r7, Nemanja Mulasmajic | Site metasploit.com

This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.

tags | exploit, remote, kernel, code execution
advisories | CVE-2018-8897
SHA-256 | 8c042c8825650019d1e31b5398ad5381eeb236d87035fde08adff61e565143d1
Hadoop YARN ResourceManager Unauthenticated Command Execution
Posted Jul 13, 2018
Authored by cbmixx | Site metasploit.com

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.

tags | exploit
SHA-256 | 864dfd68b9447a32f48345c6bfee4e348eb5df86699f134c693a0977201110eb
GNU Privacy Guard 2.2.9
Posted Jul 13, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 6278eaabffa1ebc9fa2ceb3dc53eea9a1505ab02a668a86dd6fec06951af2164
Clam AntiVirus parsehwp3_paragraph() Denial Of Service
Posted Jul 13, 2018
Authored by Laurent Delosieres | Site secunia.com

Secunia Research has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parsehwp3_paragraph()" function (libclamav/hwp.c) can be exploited to trigger an infinite loop via a specially crafted Hangul Word Processor file. The vulnerability is confirmed in version 0.100.0 and reported in versions prior to 0.100.1.

tags | advisory, denial of service, overflow
advisories | CVE-2018-0360
SHA-256 | 35de8f1d0b377601d9193972f01694233332853eeac0bf4ef7798aa8df394deb
VMware Security Advisory 2018-0017
Posted Jul 13, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.

tags | advisory
advisories | CVE-2018-6969
SHA-256 | 86ec57319226d33988344e7bfea3bfafe67919ae2cbe080816b90e8b1cf1269e
G DATA TOTAL SECURITY Active-X Buffer Overflow
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

G DATA TOTAL SECURITY version suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-10018
SHA-256 | a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0
Total AV 4.6.19 Insecure Permissions
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

tags | exploit, arbitrary, local
advisories | CVE-2018-5313
SHA-256 | 7ddb47fa9650b8d0c8373db8166f2ded014751591383842dbb2ccdcaaeebaa73
ISS For Business 14.0.1400.2029 Blue Screen Of Death
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

tags | advisory, denial of service
advisories | CVE-2018-10018, CVE-2018-10098
SHA-256 | 8b95bb49aed9a1a93908ec4399e0088c6836bf8eba34be94d0cccbce2da183db
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
Posted Jul 13, 2018
Authored by Andrew Klaus

OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-1000611
SHA-256 | 1c40f13fb738e9a91991869459b8beb8b294dcd95634775a7427ab9531fbb0ba
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
Posted Jul 13, 2018
Authored by Alt3kx

Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-12463
SHA-256 | f3e1c3959ab0ee3579f60e32fbe1e85917f22334a58f48d1e070937e0785d71b
Barracuda ADC 5.x Cross Site Scripting
Posted Jul 13, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d510a450dc89aec128f740c2165feac1c2ecbea0f587ba64ba94777c83e5d268
Linux execve(/bin/sh) Shellcode
Posted Jul 13, 2018
Authored by Hashim Jawad

21 bytes small Linux x86_64 execve(/bin/sh) shellcode.

tags | shellcode
systems | linux
SHA-256 | 6885ff7099dd77b186692c4f4be3c1cfe8b14ec68b98e83b9a526ac97dce91c5
macOS / iOS OfficeImporter JavaScript Injection
Posted Jul 13, 2018
Authored by Google Security Research, lokihardt

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

tags | exploit, javascript
systems | cisco, ios
SHA-256 | e8a235449f752566cb48a2a1f6f65e02d52cbd77feb6354393a30e556c4552e2
Huawei eNSP Buffer Overflow
Posted Jul 13, 2018
Authored by Vulnerability Laboratory, S.AbenMassaoud | Site vulnerability-lab.com

Huawei eNSP version 1 suffers from a buffer overflow vulnerability that results in a denial of service condition.

tags | advisory, denial of service, overflow
advisories | CVE-2017-17321
SHA-256 | b24cbd5e44631497f980ada49ba84c0ec20abe4dc64b92098e4db7abc8e76407
Page 1 of 1

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By