what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed


MSI NTIOLib.sys / WinIO.sys Local Privilege Escalation
Posted Sep 26, 2016
Authored by ReWolf

MSI NTIOLib.sys and WinIO.sys suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 415b2d2aaef60ccb1d070b2c6d33045cf983ade86cec4127cad48888f27a3309

Related Files

Phrack Magazine Issue 70
Posted Oct 5, 2021
Authored by phrack | Site phrack.org

Phrack Magazine Issue 70 - Articles include Phrack Prophile on xerub, Attacking JavaScript Engines, .NET Instrumentation via MSIL bytecode injection, a VM escape QEMU case study, and much more.

tags | javascript, magazine
systems | unix
SHA-256 | 053261ccb38c70ec1d4d9245457b230f7ce71244326690fc256536d43772bbe6
CMSimple_XH 1.7.4 Remote Command Execution
Posted Oct 1, 2021
Authored by Halit Akaydin

CMSimple_XH version 1.7.4 remote command execution exploit.

tags | exploit, remote
SHA-256 | 9a204cd68fcab96b3fa95acfa0a331437c6c63aa3ad64cc954092cb1b4d477f6
Cmsimple 5.4 Remote Code Execution
Posted Sep 30, 2021
Authored by pussycat0x

Cmsimple version 5.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 9c66365017cd37b01e328c9eadccc39e261944d0e29fb70b25ae5aacd4f85a3a
CMSimple 5.2 Cross Site Scripting
Posted Apr 8, 2021
Authored by Quadron Research Lab

CMSimple version 5.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d18881acd229a2480e0ed28b3b47a69a6fea346d09b7022b220a880951971973
Ubuntu Security Notice USN-4467-3
Posted Feb 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4467-3 - USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13754
SHA-256 | 0af9f05cea9149bfe3ca52b755be60ad5124e2d45b7d3706d47f59dfa1ef633c
MSI Ambient Link Driver Privilege Escalation
Posted Sep 28, 2020
Authored by Matteo Malvica

MSI Ambient Link Driver version suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2020-17382
SHA-256 | d3812dcad998d0f840196864aac543b840cbaf34007890de731a2ca9e42a75b2
Microsoft Windows 10 MSI Privilege Escalation
Posted Feb 17, 2020
Authored by nu11secur1ty

Microsoft Windows 10 suffers from an MSI package symbolic link processing privilege escalation vulnerability.

tags | exploit
systems | windows
advisories | CVE-2020-0683
SHA-256 | 00a53a8599704007dcf1ab81c4f1e85e4a53537f72002c6e151492ba9771f7f6
Microsoft Windows/x86 msiexec.exe Download And Execute Shellcode
Posted Jan 30, 2019
Authored by Kartik Durg

95 bytes small Microsoft Windows x86 msiexec.exe download and execute shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | 6b242d4fe14ed187719c21da47d8aa29557d36d6ce464f8bbb53dadfed230099
.NET Instrumentation Via MSIL Bytecode Injection
Posted Jan 12, 2018
Authored by phrack, Antonio Parata

Whitepaper from Phrack called .NET Instrumentation via MSIL bytecode injection.

tags | magazine
SHA-256 | acb5753e7c1dd5a8761e4b64c287b722c9aa218dd3067cfe164c91339c03b03b
Windows System Information 6.1.7601 XXE Injection
Posted Dec 5, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Windows System Information MSINFO32.exe version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
systems | windows
SHA-256 | b295bc2456dfd9aa023fb2cc71b381c58428323e0645f6a1cec73a6adc913ec7
Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free
Posted Nov 19, 2016
Authored by SkyLined

A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue, and apparently all code in this module, is not mitigated by MemGC. This issue appears to have been addressed in July 2016, as it failed to reproduce after the July security updates were installed.

tags | exploit, web
SHA-256 | 01af43626269ff73fc6b2ea76ed5f2d57b9d1846e598b777c8690711208858f4
Emsisoft Privilege Escalation
Posted Nov 17, 2016
Authored by Stefan Kanthak

In an attempt to address DLL hijacking issues, Emsisoft has introduced additional security issues.

tags | advisory
systems | windows
SHA-256 | 3adced441acb8daaa8e7985e221c41156766e4a6efbf1c4eb4fa72158ea75f09
Microsoft Internet Explorer 11 MSHTML CMapElement::Notify Use-After-Free
Posted Nov 14, 2016
Authored by SkyLined

A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various C<ElementName>Element::Notify functions to make another such call and at least one of these functions is non-reentrant. This can have various repercussions, e.g. when an attacker triggers this vulnerability using a CMapElement object, a reference to that object can be stored in a linked list and the object itself can be freed. This pointer can later be re-used to cause a classic use-after-free issue.

tags | exploit, web
advisories | CVE-2015-0040
SHA-256 | a298a13c199ace85ce391cd64bb90067724828fbbaf92483dc7624a141955abe
Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free
Posted Nov 2, 2016
Authored by SkyLined

Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an "image context" structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next "draw". However, the code continues to use the freed context almost immediately after it is freed.

tags | exploit
SHA-256 | 7c3474c2032d42f936d3ff0e59c7c8ce6f77233bc469225fdf7ba7bf031ca859
CMSimple 4.6.2 Cross Site Scripting
Posted May 31, 2016
Authored by Manuel Garcia Cardenas

CMSimple versions 4.6.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 81de68bdf9a7b279cdc44cfd72219c6809d4b4491086e1b683f57281cbc6f591
Ubuntu Security Notice USN-2891-1
Posted Feb 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2891-1 - Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. Lian Yihan discovered that QEMU incorrectly handled the VNC server. A remote attacker could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-7549, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8666, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198
SHA-256 | 580fef167211b4ece7f738dc32249f6c7969c59f39bd284bc8a9068f2cf50c33
Emsisoft Anti Malware DLL Hijacking
Posted Jan 7, 2016
Authored by Stefan Kanthak

Emsisoft Anti Malware suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 73ae11a582480d884f45c68f80e0ef4fd1559ee05d36fa346ac9015d908de52c
JScript 5.7 RegExpBase::FBadHeader Use-After-Free
Posted Oct 14, 2015
Authored by SkyLined

Recompiling the regular expression pattern during a replace in JScript version 5.7 (MSIE 8) can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size.

tags | exploit
advisories | CVE-2015-2482
SHA-256 | de4b362c98096f2627ba422def8ffe6b298c4c26b1bf19a41b77cd41aab24c77
Microsoft Internet Explorer 8 Use-After-Free
Posted Mar 27, 2015
Authored by SkyLined

When using the Developer Tools of MSIE 8, one might hover the mouse over a button in the "Script" tab, at which point a "tooltip" is shown. If one then clicks the button, a use-after-free occurs.

tags | advisory
SHA-256 | cec4afb711d5667871c3fd945bdf77db6ba3ca778cc12958105abb9afe2c84e3
AMSI 3.20.47 Build 37 File Disclosure
Posted Dec 23, 2014
Authored by KnocKout

AMSI version 3.20.47 build 37 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | f69ebc7b1974f5a8b8e971bbe32b26e3c1df8cf063404748a6b26e1efc807e87
Yii Framwork CmsInput Improper XSS Filter
Posted Dec 3, 2014
Authored by Jos Wetzels

Yii framework's CmsInput extension versions 1.2 and prior suffer from an improper cross site scripting sanitation implementation.

tags | exploit, xss
SHA-256 | ca8da68b1474bc4281b1f32954bc5774467cd5f06b1ea17ad128a0eaed3567b7
CMSimple 4.4.4 RFI / Code Execution / Default Password
Posted Jul 28, 2014
Authored by Govind Singh

CMSimple version 4.4.4 suffers from code execution, default credential, and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 546f3b040627c929621993bc0ed2e5a06d948532cc8351e131db507ae36d5b75
CMSimple 4.4.2 Remote File Inclusion
Posted Apr 17, 2014
Authored by NoGe

CMSimple versions 4.4.2 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | f91d039649d0d7455138e22a97cb9bbde986f51fffebbd0a62328e6e857ccbea
CMSimple 3.54 Cross Site Scripting
Posted Mar 20, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

CMSimple version 3.54 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2219
SHA-256 | c69a2e8bbe6fcf8ed4ef78f50033ee20cd9654bc968eb50e7e6c7488908078f3
3CX Phone 6 Outdated Libraries
Posted May 6, 2013
Authored by Stefan Kanthak

3CXPhone6.msi (for Windows) comes with vulnerable outdated third party libraries and components.

tags | advisory
systems | windows
SHA-256 | bb201f262088d88b08a2e77776c0afb02bbbe6e69f68855536164dd78da9e033
Page 1 of 4

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By