Twenty Year Anniversary
Showing 51 - 75 of 427 RSS Feed

Files Date: 2017-06-01 to 2017-06-30

IBM DB2 Command Line Processor Buffer Overflow
Posted Jun 26, 2017
Authored by Leon Juranic, DefenseCode

IBM DB2 versions 9.7, 10.1, 10.5, and 11.1 suffer from a command line process buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-1297
MD5 | 5d5fdc9afef069a12acc4631e4723b9a
Microsoft Skype 7.2 / 7.35 / 7.36 Buffer Overflow
Posted Jun 26, 2017
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Microsoft Skype versions 7.2, 7.35 and 7.36 suffer from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 83bf427e9bb93af672310e8bd506f135
JAD 1.5.8e-1kali1 Buffer Overflow
Posted Jun 26, 2017
Authored by Juan Sacco

JAD version 1.5.8e-1kali1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 2b1879456767fcc7e710df4a24db0153
Linux/x86 Bind Shell Shellcode
Posted Jun 26, 2017
Authored by wetw0rk

75 bytes small Linux/x86 shellcode that binds a shell to port 4444. Contains no NULLs.

tags | shell, x86, shellcode
systems | linux
MD5 | 501256220065b8b18c393c129a24f35f
LAME 3.99.5 II_step_one Buffer Overflow
Posted Jun 26, 2017
Authored by Agostino Sarubbo

LAME version 3.99.5 suffers from a II_step_one buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a3341973e3bfcb873573a2ccad573a0f
LAME 3.99.5 III_dequantize_sample Buffer Overflow
Posted Jun 26, 2017
Authored by Agostino Sarubbo

LAME version 3.99.5 suffers from a III_dequantize_sample stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-9872
MD5 | 598e7a87386258e4cc7a05c3337e3bba
NTFS 3.1 Denial Of Service
Posted Jun 26, 2017
Authored by EagleWire

NTFS version 3.1 master file table denial of service exploit.

tags | exploit, denial of service
MD5 | 9ff51ea50d574fafdc8b0b679560602a
D-Link DIR-100 Brute Force / Cross Site Request Forgery
Posted Jun 26, 2017
Authored by MustLive

D-Link DIR-100 suffers from brute force and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | b8b887922adc51bf8cd2293906751d38
Fully Undetectable Malware
Posted Jun 26, 2017
Authored by Alessandro Groppo

Whitepaper called Fully Undetectable Malware. Translated to English.

tags | paper
MD5 | d68cb4f5d9b821df21203ba5a14b4e8a
Telegram 4.0.1 Two Factor Authentication Bypass
Posted Jun 25, 2017
Authored by Shahab Shamsi

Telegram version 4.0.1 suffers from a two-factor authentication bypass vulnerability.

tags | exploit, bypass
MD5 | a874728318ad389b5b51f22df6fc748f
PHPMailer Cross Site Scripting
Posted Jun 25, 2017
Authored by Shahab Shamsi

PHPMailer versions prior to 5.2.23 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 805a38cbb28d9f509ff048255eec6de7
AIEngine 1.8.0
Posted Jun 24, 2017
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Support for Point to Point over Ethernet protocol. Support for multiple schedulers (multiple Timers). Support for Radix trees on IP lookups. Various other updates and changes.
tags | tool
systems | unix
MD5 | d9eab973015d9ae7367b5b6444304b5f
Microsoft MsMpEng VFS API Heap Corruption
Posted Jun 24, 2017
Authored by Tavis Ormandy, Google Security Research

The Microsoft MsMpEng mpengine x86 emulator suffers from a heap corruption vulnerability in VFS API.

tags | exploit, x86
MD5 | ad6ec64ce4f80c869242f035e8688c22
Microsoft Edge CssParser::RecordProperty Type Confusion
Posted Jun 24, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from a type confusion vulnerability in CssParser::RecordProperty.

tags | exploit
advisories | CVE-2017-8496
MD5 | f35998a34964e3e7b3233570554effa6
Adobe Flash ATF Parser Heap Corruption
Posted Jun 24, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from a heap corruption vulnerability in the ATF parser.

tags | exploit
advisories | CVE-2017-3078
MD5 | 83d61c18657820557c73cb2d152956c9
Adobe Flash Image Decoding Out-Of-Bounds Read
Posted Jun 24, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an image decoding out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2017-3077
MD5 | d44d9d62ca4f62183db58ce7b5e30180
Adobe Flash AVC Edge Processing Out-Of-Bounds Read
Posted Jun 24, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an avc edge processing out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2017-3076
MD5 | db15faf294917351ee9b000efff23f89
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
Posted Jun 24, 2017
Authored by bl4ck h4ck3r | Site metasploit.com

This Metasploit module exploits a POST buffer overflow in the Easy File Sharing FTP Server 7.2 software.

tags | exploit, overflow
MD5 | af2f364b556cf0c3975be59929373439
Symantec Messaging Gateway Remote Code Execution
Posted Jun 24, 2017
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause an command injection vulnerability. But given parameters, such a SSH ip address, port and credentials are validated before executing terminal command. Thus, you need to configure your own SSH service and set the required parameter during module usage. This Metasploit module was tested against Symantec Messaging Gateway 10.6.2-7.

tags | exploit, web, root
advisories | CVE-2017-6326
MD5 | ec43893d466be8d6bcf23e16f2e3a697
Netgear DGN2200 dnslookup.cgi Command Injection
Posted Jun 24, 2017
Authored by SivertPL, thecarterb | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.

tags | exploit
advisories | CVE-2017-6334
MD5 | f053d7be56b2e53f65f1c42a3828cf27
Eltek SmartPack Backdoor Account
Posted Jun 24, 2017
Authored by Saeed reza Zamanian

Eltek SmartPack has backdoor accounts that are disclosed via some json files.

tags | exploit
MD5 | 79e0ad16c5b8a359a1479599433c968a
Introduction To Honeypots
Posted Jun 24, 2017
Authored by Ahmed Al Mutairi

This whitepaper gives an introduction to honeypots. Written in Arabic.

tags | paper
MD5 | fec929e7e01e1bfea85418af51150cf1
Red Hat Security Advisory 2017-1574-01
Posted Jun 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1574-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000368
MD5 | 44f2e0da4add069336a1015cbe154411
Gentoo Linux Security Advisory 201706-26
Posted Jun 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-26 - Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 8.0.0386 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5953, CVE-2017-6349, CVE-2017-6350
MD5 | b5938b0fa1ced5d16cd0b6ee292ef0e0
Gentoo Linux Security Advisory 201706-25
Posted Jun 23, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-25 - An out-of-bounds write in Graphite might allow remote attackers to execute arbitrary code. Versions less than 1.3.8-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2017-5436
MD5 | ba5da42d4e15431423360b5321a1b965
Page 3 of 18
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    13 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close