what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-05-17

CEWE Photoshow 6.4.3 Password Denial Of Service
Posted May 17, 2019
Authored by Alejandra Sanchez

CEWE Photoshow version 6.4.3 dneial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 7ba463048951673c8690f50024dd9d79
CEWE Photo Importer 6.4.3 Denial Of Service
Posted May 17, 2019
Authored by Alejandra Sanchez

CEWE Photo Importer version 6.4.3 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 05037a4db7e1a25e179948fd51b7eb41
Iperius Backup 6.1.0 Privilege Escalation
Posted May 17, 2019
Authored by bzyo

Iperius Backup version 6.1.0 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 1f85b871cba1ea87b842a4f10df6934c
OpenDNSSEC 2.1.4
Posted May 17, 2019
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Various bug fixes.
tags | tool
systems | unix
MD5 | febaf107cd7b98c1fb8c4297bcee1b5e
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
Posted May 17, 2019
Authored by Marco Ivaldi

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2019-2832
MD5 | ea6e7c2d1a9b43266fe95e8a9d5cbc8a
Hydra Network Logon Cracker 9.0
Posted May 17, 2019
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Revamped rdp module to use FreeRDP library. Added memcached module. Added mongodb module. Various other updates.
tags | tool, web, imap
systems | cisco, unix
MD5 | 911974c25436f3ffa8598674081fcb84
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9418
MD5 | 43fe6543f8cb002cb254160219802dbf
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9417
MD5 | c36d1acbfc97338fa91b2582495a9065
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.

tags | exploit, overflow
advisories | CVE-2014-9415
MD5 | b8123371cc62e9e56ed5c1b8a3190dbf
Huawei eSpace 1.1.11.103 DLL Hijacking
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
advisories | CVE-2014-9416
MD5 | 164434fe76b34f5ac83975379ce13f13
Cisco Expressway Gateway 11.5.1 Directory Traversal
Posted May 17, 2019
Site redteam-pentesting.de

Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2019-1854
MD5 | 5e57b3dc6cda4bfab16fe178906a4ab3
Ubuntu Security Notice USN-3985-2
Posted May 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
MD5 | 55dea28f4172f9542a0210d49ab5565d
Freelance Cockpit CRM 3.3.1 SQL Injection
Posted May 17, 2019
Authored by Mehmet Emiroglu

Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9517e26f9795d2d12180dbcabcd3756f
Sandboxie 5.30 Denial Of Service
Posted May 17, 2019
Authored by Alejandra Sanchez

Sandboxie version 5.30 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | a39dc6b26c14772941be7448662b72cd
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
Posted May 17, 2019
Authored by Numan OZDEMIR

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, csrf
advisories | CVE-2019-12094, CVE-2019-12095
MD5 | 3a2774bb8454eb33abd06b33e79cff19
GAT-Ship Web Module 1.30 Information Disclosure
Posted May 17, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.

tags | exploit, web, info disclosure
advisories | CVE-2019-12163
MD5 | fa08f0398b0cd67b7741c9b10aaadbd5
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close