exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-02-03 to 2018-02-04

MalwareFox AntiMalware 2.74.0.150 Local Privilege Escalation
Posted Feb 3, 2018
Authored by Souhail Hammou

MalwareFox AntiMalware version 2.74.0.150 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-6593
SHA-256 | 0cd89e4424f7e5ca7ded334e2c740e198543904d8777a8c6b61bd1ff38a9c646
Netgear WNR1000v3 Cross Site Request Forgery
Posted Feb 3, 2018
Authored by Sajibe Kanti

Netgear WNR1000v3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2af80b2ce51ed8b874bfcf4a11cfc41b69330dfdb9a8c12db63e7e709e6d4e81
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
Posted Feb 3, 2018
Authored by Shadow Brokers, Equation Group, sleepya, zerosum0x0 | Site metasploit.com

This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.

tags | exploit, vulnerability, code execution
advisories | CVE-2017-0143, CVE-2017-0146, CVE-2017-0147
SHA-256 | 77604488f33765e26b911f571e2011c59ddbaa3a8165e52e5cdbb9a739f4fb99
Apport / ABRT chroot Privilege Escalation
Posted Feb 3, 2018
Authored by Tavis Ormandy, Brendan Coles, StA(c)phane Graber, Ricardo F. Teixeira | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing 'usr/share/apport/apport' within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing 'usr/libexec/abrt-hook-ccpp' within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This Metasploit module has been tested successfully on Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64 and ABRT on Fedora 19 and 20 x86_64.

tags | exploit, x86, kernel, root, code execution
systems | linux, fedora, ubuntu
advisories | CVE-2015-1318
SHA-256 | 9c651a9002f5646905fcb8abdec1552897cd260c341ec403e60727c2cf691713
Claymore Dual GPU Miner 10.5 Format String
Posted Feb 3, 2018
Authored by res1n

Claymore Dual GPU Miner versions 10.5 and below suffer from format string vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-6317
SHA-256 | 7e6c1869c49221779469d27c21694cb9da2d490681b9871dbb8969ba1febc035
Ubuntu Security Notice USN-3556-2
Posted Feb 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3556-2 - USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6171, CVE-2017-15132
SHA-256 | ec5451f5f5fbad1a4b5d212e71f5225bc2c339fdc87e030edc7b410d020b013e
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
SHA-256 | d17589f8c87f68f43fdc0fdc6baa36cb0aad0bbdbb624cbb94def83e1f56fbfa
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
SHA-256 | 4fb18455a7824410e8bc9a432a98671261c8e1cd41ff089a645fad3cbe7dc9bd
FiberHome AN5506 Unauthenticated Remote DNS Change
Posted Feb 3, 2018
Authored by r0ots3c

FiberHome AN5506 unauthenticated remote DNS changing exploit.

tags | exploit, remote
SHA-256 | 52ab5c27dac6afe5f83b6fd4783d12125c72d521566458a00a91fbfeb81121c7
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
Posted Feb 3, 2018
Authored by Dmitry Chastuhin

Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-2636
SHA-256 | 6570490d9880f31aeb7fdbff964f9a9005e9983ee73dd712856ca52a42a37078
Joomla! JMS Music 1.1.1 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JMS Music component version 1.1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6581
SHA-256 | 63fee11fd94329ce5734e84e7df1fc7e8f180f28dc8a34cc0962d2b071ca2ff5
Joomla! JEXTN Reverse Auction 3.1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JEXTN Reverse Auction component version 3.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6579
SHA-256 | 499b7bb35d134b9e0eb49f2f6aa38a49ecbd6da6bc24a8f425a03e7875c221a3
Event Manager PHP Script 1.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2018-6576
SHA-256 | 7d4c6f79ed1d4fc794778cccf380429bbfd8fd82ce874aa4bfcf2201e86e91de
Joomla! JE PayperVideo 3.0.0 SQL Injection
Posted Feb 3, 2018
Authored by Ihsan Sencan

Joomla! JE PayperVideo component version 3.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6578
SHA-256 | 389817dc94ac3d964a75d021d61899ad6b846a254964cc66a51c44bc97115921
ifchk 1.0.9
Posted Feb 3, 2018
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | a12cb641290b2c83f598df89e91ebe5a4fada4b6fd008797fc0be41358edcdd4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close