what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed


Avira Free Security Suite 2019 Software Updater Improper Access Control
Posted Aug 4, 2019
Authored by Silton Santos

Avira Free Security Suite 2019 Software Updater version suffers from an improper access control that allows for arbitrary file write that can allow an unprivileged user to obtain SYSTEM privileges.

tags | advisory, arbitrary
advisories | CVE-2019-11396
SHA-256 | 69fdf1c757c972b00a6ac38b381268805e095c1577ed18107e11edadd414cc65

Related Files

Ubuntu Security Notice USN-6320-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577, CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
SHA-256 | 2c00e5233a4b95c7e2c687bc947a2caa809fd9c1dbecf3436ec032c47d968974
Acer Updater Service 1.2.3500.0 Unquoted Service Path
Posted May 20, 2021
Authored by Emmanuel Lujan

Acer Updater Service version 1.2.3500.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 77d928a50880722ae51c1f2c416a5749ab865706aa2dae17514953f5869b0507
WebKit WebCore::SVGTRefElement::updateReferencedText Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4315
SHA-256 | 7b9a7b1fa82bf893ede05de1b61f81670d536065bdd12d48311c4d40d6bbd860
Google Software Updater Local Privilege Escalation
Posted Mar 21, 2018
Authored by Google Security Research, Ian Beer

Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects.

tags | exploit, local
advisories | CVE-2018-6084
SHA-256 | 822ce848f9f1b05721b777be30e35ae0e8bf4ac89fae50e6d3282fdb215603ce
Microsoft Skype DLL Hijacking
Posted Feb 9, 2018
Authored by Stefan Kanthak

Microsoft's Skype home-grown updater suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 216eae84a9fa62444079df49cbfe75e118c010a069585d13c866dc34ddeb3837
Apple updateRateSetAsyncCallback Heap Overflow
Posted Sep 22, 2017
Authored by Google Security Research, laginimaineb

A heap overflow vulnerability exists in Apple's updateRateSetAsyncCallback when handling ioctl results.

tags | advisory, overflow
systems | apple
advisories | CVE-2017-7108
SHA-256 | 5baf4461e02f823d473ce5e80cdf29107fb3e4d0bc77201b0a37d01d752ae1ba
Avira Antivirus Command Execution
Posted Nov 9, 2016
Authored by R-73eN

Avira Antivirus versions and below suffer from a command execution vulnerability.

tags | exploit
SHA-256 | 78a59e0dd369a5bd39deaf1ea862d4e542548155f19cd30868dfaf06d9060e7d
Avira Free Antivirus DLL Hijacking
Posted Aug 30, 2016
Authored by Stefan Kanthak

Avira's free antivirus package installers suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | cd4e84ee068f9e9cfe8d95ea64f7b69bb88001d7158979971fe5682f3df4324d
Avira Cross Site Scripting
Posted Jan 29, 2016
Authored by RootByte

translate.avira.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d71d8ff7e41f6aa75bf4b383a4ad84b35a924e19ee1f73dce983f4e1bc088f07
Avira Registry Cleaner DLL Hijacking
Posted Dec 18, 2015
Authored by Stefan Kanthak

Avira Registry Cleaner suffers from a local DLL hijacking vulnerability.

tags | exploit, local, registry
systems | windows
SHA-256 | 25dbcc7db394b17559de2ca3d0756be3cb74f12b5d2bde975cdaeb1e15c10f9d
Avira Mobile Security Insecure Transit
Posted Sep 5, 2015
Authored by David Coomber

Avira Mobile Security versions 1.5.7 and below send credentials in the clear over HTTP.

tags | advisory, web
SHA-256 | 07268a63a10e9e04ee38ecd991fda216994295c0b1d633261d7e59f97a112f35
Rackspace Windows Agent / Updater Arbitrary Code Execution
Posted Nov 24, 2013
Authored by Andrew Hay | Site blog.cloudpassage.com

The Rackspace Windows Agent and Updater allows for modified Agent binaries to be remotely uploaded (without authentication) to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then be executed after the service is restarted. Previous versions of the Updater (before allowed for unsigned agent updates utilizing a specially crafted .NET remote call to TCP port 1984.

tags | advisory, remote, arbitrary, tcp
systems | windows
advisories | CVE-2013-6795
SHA-256 | e1432ce56dfb5361bc47edbd2d3c8d08d7d01f9b5dba847ea442095175de0442
Avira Secure Backup Build 3616 Buffer Overflow
Posted Nov 16, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Avira Secure Backup version build 3616 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2013-6356
SHA-256 | 8a2c729190e444854e9eea2ba4a3bf9fc83b7990ca632fb6cff00b8e685190a9
Avira Internet Security Filter Bypass / Privilege Escalation
Posted Oct 24, 2013
Authored by Ahmad Moghimi

Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.

tags | exploit
SHA-256 | 702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84f
Avira Personal Privilege Escalation
Posted May 12, 2013
Authored by Akastep

Avira Personal appears to suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
Raspberry Pi Firmware Updater File Clobber
Posted Mar 4, 2013
Authored by Technion

Raspberry Pi firmware updater suffers from a /tmp/file clobber vulnerability and also fails to offer a secure means to update the system.

tags | exploit
SHA-256 | 8ae9e75ba7ef9fa85acaf5cb66e9b8df15d576eed17c890be91b11f0dfa9146e
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

AOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | 5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9d
Secunia Security Advisory 48945
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94
Secunia Security Advisory 49550
Posted Jun 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AOL dnUpdater ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | fc7a2a87cf39494972026c879d31baadb70d85fcacc86227d58fd63a49bc0a39
Zero Day Initiative Advisory 12-098
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, arbitrary, activex
SHA-256 | a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
Drupal Modules Cross Site Scripting / Cross Site Request Forgery
Posted Mar 14, 2012
Site drupal.org

Various Drupal modules such as Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, and Redirecting click bouncer suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
SHA-256 | dfba66004ce172b759e13bd0d69c968ca2876ae3c5a889fa13c062cb84aef994
Mandriva Linux Security Advisory 2011-111
Posted Jun 23, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-111 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-0083, CVE-2011-0085, CVE-2011-2363, CVE-2011-2362, CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2371, CVE-2011-2373, CVE-2011-2377
SHA-256 | f7dd994ed60b9ada7310c8c1c6924839daffb71af4e1d407d023ec1f99cea07e
Zero Day Initiative Advisory 11-225
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nsXULCommandDispatcher.cpp source code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to force command dispatcher to remove all the updaters in the mUpdaters chain including the one that is currently in use. As a result, the local variable updater becomes a stale pointer and updater->mNext refers to memory previously freed. Successful exploitation can lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, local, code execution
advisories | CVE-2011-0085
SHA-256 | 7863f617a6f44ef8bf90e7543ea93c2246ad911302f2326be55b6031f03e0ecb
Avira AntiVirus QUA File Crash
Posted Feb 19, 2011
Authored by KedAns-Dz

Avira AntiVirus local proof of concept exploit that creates a malicious QUA file.

tags | exploit, local, proof of concept
SHA-256 | e2ef3c0258d84a42617b7cddadf0129c7b654cd36d3ad3612bbf696e8749f11f
Avira Premium Security Suite Race Condition
Posted Nov 4, 2010
Authored by Nikita Tarakanov

The avipbb.sys kernel driver distributed with Avira Premium Security Suite contains a race condition vulnerability in the handling parameters of NtCreatekey function. Proof of concept included.

tags | exploit, kernel, proof of concept
SHA-256 | c7a322a2c2f49b80da7890160c04b2a4cf83452613be02530e2c277ec67dba34
Page 1 of 2

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By