exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-07-13

Linux/Ubuntu Coredump Reading Access Bypass
Posted Jul 13, 2018
Authored by Jann Horn, Google Security Research

Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass.

tags | exploit
systems | linux, ubuntu
SHA-256 | a592a3eaac60c8a390da56980e7a4c2fa1044e45b3e50a5a299465a3f01de74d
Microsoft Windows POP/MOV SS Local Privilege Elevation
Posted Jul 13, 2018
Authored by Nick Peterson, can1357, bwatters-r7, Nemanja Mulasmajic | Site metasploit.com

This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.

tags | exploit, remote, kernel, code execution
advisories | CVE-2018-8897
SHA-256 | 8c042c8825650019d1e31b5398ad5381eeb236d87035fde08adff61e565143d1
Hadoop YARN ResourceManager Unauthenticated Command Execution
Posted Jul 13, 2018
Authored by cbmixx | Site metasploit.com

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.

tags | exploit
SHA-256 | 864dfd68b9447a32f48345c6bfee4e348eb5df86699f134c693a0977201110eb
GNU Privacy Guard 2.2.9
Posted Jul 13, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 6278eaabffa1ebc9fa2ceb3dc53eea9a1505ab02a668a86dd6fec06951af2164
Clam AntiVirus parsehwp3_paragraph() Denial Of Service
Posted Jul 13, 2018
Authored by Laurent Delosieres | Site secunia.com

Secunia Research has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parsehwp3_paragraph()" function (libclamav/hwp.c) can be exploited to trigger an infinite loop via a specially crafted Hangul Word Processor file. The vulnerability is confirmed in version 0.100.0 and reported in versions prior to 0.100.1.

tags | advisory, denial of service, overflow
advisories | CVE-2018-0360
SHA-256 | 35de8f1d0b377601d9193972f01694233332853eeac0bf4ef7798aa8df394deb
VMware Security Advisory 2018-0017
Posted Jul 13, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.

tags | advisory
advisories | CVE-2018-6969
SHA-256 | 86ec57319226d33988344e7bfea3bfafe67919ae2cbe080816b90e8b1cf1269e
G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-10018
SHA-256 | a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0
Total AV 4.6.19 Insecure Permissions
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

tags | exploit, arbitrary, local
advisories | CVE-2018-5313
SHA-256 | 7ddb47fa9650b8d0c8373db8166f2ded014751591383842dbb2ccdcaaeebaa73
ISS For Business 14.0.1400.2029 Blue Screen Of Death
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

tags | advisory, denial of service
advisories | CVE-2018-10018, CVE-2018-10098
SHA-256 | 8b95bb49aed9a1a93908ec4399e0088c6836bf8eba34be94d0cccbce2da183db
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
Posted Jul 13, 2018
Authored by Andrew Klaus

OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-1000611
SHA-256 | 1c40f13fb738e9a91991869459b8beb8b294dcd95634775a7427ab9531fbb0ba
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
Posted Jul 13, 2018
Authored by Alt3kx

Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-12463
SHA-256 | f3e1c3959ab0ee3579f60e32fbe1e85917f22334a58f48d1e070937e0785d71b
Barracuda ADC 5.x Cross Site Scripting
Posted Jul 13, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d510a450dc89aec128f740c2165feac1c2ecbea0f587ba64ba94777c83e5d268
Linux execve(/bin/sh) Shellcode
Posted Jul 13, 2018
Authored by Hashim Jawad

21 bytes small Linux x86_64 execve(/bin/sh) shellcode.

tags | shellcode
systems | linux
SHA-256 | 6885ff7099dd77b186692c4f4be3c1cfe8b14ec68b98e83b9a526ac97dce91c5
macOS / iOS OfficeImporter JavaScript Injection
Posted Jul 13, 2018
Authored by Google Security Research, lokihardt

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

tags | exploit, javascript
systems | cisco, ios
SHA-256 | e8a235449f752566cb48a2a1f6f65e02d52cbd77feb6354393a30e556c4552e2
Huawei eNSP Buffer Overflow
Posted Jul 13, 2018
Authored by Vulnerability Laboratory, S.AbenMassaoud | Site vulnerability-lab.com

Huawei eNSP version 1 suffers from a buffer overflow vulnerability that results in a denial of service condition.

tags | advisory, denial of service, overflow
advisories | CVE-2017-17321
SHA-256 | b24cbd5e44631497f980ada49ba84c0ec20abe4dc64b92098e4db7abc8e76407
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close