what you don't know can hurt you
Showing 1 - 25 of 68 RSS Feed

Files

Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
MD5 | 8f2f08abc21eb47fcebc2fa155f76257

Related Files

Microsoft Spooler Local Privilege Elevation
Posted Jan 18, 2021
Authored by bwatters-r7, Peleg Hadar, sailay1996, 404death, Tomer Bar | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1337
MD5 | 190acc955c26bdcd0792eec51903d02d
Microsoft Spooler Local Privilege Elevation
Posted Sep 17, 2020
Authored by bwatters-r7, shubham0d, Yarden Shafir, Alex Ionescu | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1048
MD5 | dfa46dafd7f5bbc3e8f526a18d5976b2
AsusWRT LAN Unauthenticated Remote Code Execution
Posted Feb 23, 2018
Authored by Pedro Ribeiro | Site metasploit.com

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

tags | exploit, web, root, udp
advisories | CVE-2018-5999, CVE-2018-6000
MD5 | 0a0cdd7637ea7a4a50df34cad0df396f
Razer Synapse rzpnk.sys ZwOpenProcess
Posted Jul 22, 2017
Authored by Spencer McIntyre | Site metasploit.com

A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.

tags | exploit, web, arbitrary, shellcode
advisories | CVE-2017-9769
MD5 | 05dbcbf512b9be0da1b9ceddb93d860c
Microsoft Word MTA Handler Remote Code Execution
Posted Jun 27, 2017
Authored by Juan Sacco

This exploit leverages an MTA handler remote code execution vulnerability in Microsoft Word.

tags | exploit, remote, code execution
advisories | CVE-2017-0199
MD5 | 85fe06cb7ff43ba872bc7b0a4c7dd68f
MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution
Posted May 10, 2017
Authored by Juan Sacco

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.

tags | exploit, remote, code execution
MD5 | 27aed1d2f12f7dbbf27284d6b7558bd7
Packet Storm Advisory 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

tags | advisory, bug bounty, packet storm
systems | linux
MD5 | a5d4f2cb712163a7ebbd72e95f1856ec
Packet Storm Exploit 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.

tags | exploit, proof of concept, bug bounty, packet storm
systems | linux
MD5 | 9b3003328fe6cdd2b86f5a1bb5b63531
Mac OS X NFS Mount Privilege Escalation
Posted Apr 25, 2014
Authored by joev, Kenzley Alphonse | Site metasploit.com

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
MD5 | 5e92458e6004639f97065439cc18b2ba
Apple Mac OS X Lion Kernel xnu Privilege Escalation
Posted Apr 11, 2014
Authored by Kenzley Alphonse

Apple Mac OS X Lion kernel xnu versions 1699.32.7 except 1699.24.8 NFS mount privilege escalation exploit. This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
MD5 | d22a4946d4bcaac98368388bba2dbfd4
Packet Storm Advisory 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

tags | advisory, arbitrary, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
MD5 | ca5e7fa75049ea31231c4272bb1b69be
ARRIS DG860A NVRAM Backup Compressor / Decompressor
Posted Oct 18, 2013
Authored by Justin Oberdorf

This exploit lets your extract the ARRIS DG860A NVRAM backup where password information is stored in plain text.

tags | exploit
MD5 | f2dc5f8d3ab15cf1030c4debf4bddf94
Packet Storm Advisory 2013-0917-1 - Oracle Java ShortComponentRaster.verify()
Posted Sep 17, 2013
Site packetstormsecurity.com

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | windows
MD5 | d214e42d098835e3c009f46b370f9bfb
Packet Storm Exploit 2013-0917-1 - Oracle Java ShortComponentRaster.verify() Memory Corruption
Posted Sep 17, 2013
Site packetstormsecurity.com

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | windows
MD5 | 0598551c2fbd314708de83c41bc77fd6
Packet Storm Advisory 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
MD5 | 84be806acc044302df636242b657b7ce
Packet Storm Exploit 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
MD5 | 787a49feec5e44d9cffe71f5e9015a71
Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 77519f9b4876e7d0d73f2f37ac46a425
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0484b9b754cdc4c848b8b28389bc8aaa
Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | d3b7d95ba0be7fa25a186fccfcc35995
Packet Storm Exploit 2013-0819-1 - Oracle Java BytePackedRaster.verify() Signed Integer Overflow
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | e8c53973c75ea825b56675a356e6958a
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
Posted Aug 19, 2013
Authored by Scott Buckel | Site packetstormsecurity.com

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

tags | exploit, remote, bug bounty, packet storm
advisories | CVE-2013-0632
MD5 | 448afcee7a93835f1d3e30d4fa429c9f
Packet Storm Advisory 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify()
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 66b47dfda969e55a09e7ac25861c8486
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0dbe90f085f956db88aac3e897a70289
Packet Storm Advisory 2013-0811-1 - Oracle Java storeImageArray()
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
advisories | CVE-2013-2465, OSVDB-96269
MD5 | db785e46bf5c2d592d198749b74d7acd
Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
advisories | CVE-2013-2465, OSVDB-96269
MD5 | 75f487c61517e74a3d453dff5eab12d5
Page 1 of 3
Back123Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close