exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2019-01-16

Microsoft Windows .contact Arbitrary Code Execution
Posted Jan 16, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.

tags | exploit, remote, web, arbitrary
systems | windows
MD5 | 400f7619bf34f3975072761dde4b36b7
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
Posted Jan 16, 2019
Authored by Pasquale Turi

GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure
advisories | CVE-2019-6272, CVE-2019-6273, CVE-2019-6274, CVE-2019-6275
MD5 | d0de196650d9878fe7d588a4f063ad8d
Roxy Fileman 1.4.5 Arbitrary File Download
Posted Jan 16, 2019
Authored by Ihsan Sencan

Roxy Fileman version 1.4.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 5889efb4572742bf954e5cd0be9fefc7
Coship Wireless Router Unauthenticated Admin Password Reset
Posted Jan 16, 2019
Authored by Adithyan AK

Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.

tags | exploit, bypass
advisories | CVE-2019-6441
MD5 | a1080fb54c0071344277d41b76eb1f52
FortiGate FortiOS LDAP Credential Disclosure
Posted Jan 16, 2019
Authored by Julio Urena

FortiGate FortiOS versions prior to 6.0.3 suffer from an LDAP credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-13374
MD5 | 16a4d12211bd510a47e73534602cf947
Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation
Posted Jan 16, 2019
Authored by breenmachine, FoxGloveSec, decoder, phra, ohpe, lupman | Site metasploit.com

This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string.

tags | exploit
advisories | CVE-2016-3225
MD5 | 0bd51405f5de7b326324d452ffd4b299
blueman set_dhcp_handler D-Bus Privilege Escalation
Posted Jan 16, 2019
Authored by The Grugq, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman version 1.23 on Debian 8 Jessie (x64).

tags | exploit, arbitrary, root, code execution, python
systems | linux, debian
advisories | CVE-2015-8612
MD5 | 733a4a54285c7ff07e42208a0ada25be
Microsoft Windows XmlDocument Insecure Sharing Privilege Escalation
Posted Jan 16, 2019
Authored by James Forshaw, Google Security Research

A number of Partial Trust Windows Runtime classes expose the XmlDocument class across process boundaries to less privileged callers which in its current form can be used to elevate privileges and escape the Edge Content LPAC sandbox.

tags | exploit
systems | windows
advisories | CVE-2019-0555
MD5 | 397ad74317743a7207220aa6b8785b70
Microsoft Windows RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Posted Jan 16, 2019
Authored by James Forshaw, Google Security Research

The WinRT RestrictedErrorInfo does not correctly check the validity of a handle to a section object which results in closing an unrelated handle which can lead to an elevation of privilege.

tags | exploit
advisories | CVE-2019-0570
MD5 | 2dc1425b83ba55c550113e0d3f7b4578
Streamworks Job Scheduler Release 7 Authentication Weakness
Posted Jan 16, 2019
Authored by Simon Bieber

Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.

tags | exploit
advisories | CVE-2014-0160
MD5 | 253a22be9295e34bd04d4090fefbc845
EuskalHack Security Congress IV Call For Papers
Posted Jan 16, 2019
Site euskalhack.org

EuskalHack Security Congress Fourth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fourth edition. The participants include specialized companies, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 21st and 22nd of June 2019 in the lovely city of Donostia, San Sebastian.

tags | paper, conference
MD5 | 3cc4750bb9181d991e4016eefb223b28
SCP Server Verification Issues
Posted Jan 16, 2019
Authored by Harry Sintonen

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

tags | advisory, spoof, vulnerability
advisories | CVE-2000-0992, CVE-2018-20684, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111
MD5 | d3b18a0146f2be70c357e933eb037d03
WebKit JSC JIT Use-After-Free
Posted Jan 16, 2019
Authored by Google Security Research, lokihardt

The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to a use-after-free condition.

tags | exploit
advisories | CVE-2018-4442
MD5 | 6c7e9c82cba28e3a0216c2258377389d
ownDMS 4.7 SQL Injection
Posted Jan 16, 2019
Authored by Ihsan Sencan

ownDMS version 4.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ccf0858c7eaab8314df678adf8d3fe51
1Password Denial Of Service
Posted Jan 16, 2019
Authored by Valerio Brussani

1Password versions prior to 7.0 suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13042
MD5 | 2501e76bd0b44269494c7fa7f1324910
NTPsec 1.1.2 ntp_control Null Pointer Dereference
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control.

tags | exploit
advisories | CVE-2019-6445
MD5 | 221111085dd241b948c35bf89c3810ab
NTPsec 1.1.2 ntp_control Out-Of-Bounds Read
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ntp_control.

tags | exploit
advisories | CVE-2019-6444
MD5 | 46587dc2cfbba65855cf0240c0c8560f
WordPress Category Page Icons 3.6.1 CSRF / Shell Upload
Posted Jan 16, 2019
Authored by KingSkrupellos

WordPress category-page-icons plugin version 3.6.1 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | ee03dd20e1ad8f75eb5ed13bf04d7a38
NTPsec 1.1.2 config Out-Of-Bounds Write
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffer from a config related out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2019-6442
MD5 | f2bfd49b7a043ceaa0774df14e754f31
NTPsec 1.1.2 ctl_getitem Out-Of-Bounds Read
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ctl_getitem.

tags | exploit
advisories | CVE-2019-6443
MD5 | 069688fb7dacc5d4cc815d6201c09963
WordPress 2013 TwentyThirteen Theme 5.0.3 Open Redirection
Posted Jan 16, 2019
Authored by KingSkrupellos

WordPress 2013 TwentyThirteen theme version 5.0.3 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 983c9c4f8433327a769d758236cf112c
Web Design SQL Injection 2019/01/16
Posted Jan 16, 2019
Authored by KingSkrupellos

Desarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.

tags | exploit, remote, web, vulnerability, sql injection, file upload
MD5 | fc93865a9d598af487c83d0b9afc4afc
Web Design SQL Injection 2019/01/14
Posted Jan 16, 2019
Authored by KingSkrupellos

Ariadna3 Web Design Spain, Desarrollado por C-Diseno Web Design Spain, Desenvolvido por Fidelizarte Web Design Portugal, Desarrollado por OxiGenic Web Design Spain, and Sedinet Web Design Spain suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | 30d11192b49a1b444b44abb42f6b4f75
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close