what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft Windows SMB 3.1.1 Remote Code Execution
Posted Mar 15, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
advisories | CVE-2020-0796
SHA-256 | d9fdfb9e61bb275a5d1ad888c25c5fcac36b178ec52a684eb9a5d2fca36c1f21

Related Files

Secunia Security Advisory 50114
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | fd192c27c1a662c3c39472fc60c7ce046c6de1f5d8d69b9e0bf62ba894f90934
LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
SHA-256 | 4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227
Hydra Network Logon Cracker 7.3
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple enhancements and fixed to Hydra main, the SNMP module, the HTTP module, and more. Added IDN and PCRE support for Cygwin.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | 14805ba70f3f22beb00344db161a1a84d61059655f2be37dd02a5c5cceae306d
Red Hat Security Advisory 2012-0902-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0902-04 - The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.

tags | advisory, local, protocol
systems | linux, redhat
advisories | CVE-2012-1586
SHA-256 | b6831be7a80bfb064ce96ffee7b691ceb05ca7ce5ebc98fd5bf2e47dea32809a
Mandriva Linux Security Advisory 2012-070
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
SHA-256 | f73e89882b6346ed93095ab15bfe3217fa69a9be28af45eabd68ea7d46a92cfa
Mandriva Linux Security Advisory 2012-069
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-069 - A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
SHA-256 | b43d6952e069ab1c764cbca75c6c3956e4fbed97ca5cf8d5101e51452823a6f3
Actuality Of SMBRelay In Modern Windows Networks
Posted Apr 28, 2012
Authored by Ares

Whitepaper called Actuality of SMBRelay in Modern Windows Networks.

tags | paper
systems | windows
SHA-256 | f87fc888c4e56b21d8c099e4f1faceacf01f9e809547979686a603d553e4449e
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
SHA-256 | e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bc
Snort 2 DCE/RPC Preprocessor Buffer Overflow
Posted Apr 10, 2012
Authored by Neel Mehta | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2006-5276, OSVDB-67988
SHA-256 | 4831463187a96ae8a63ec6bde91a0cbca65b38578ad54e60da0525ce6c81e52a
Mandriva Linux Security Advisory 2012-025
Posted Feb 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0870
SHA-256 | af6946ff7346145357d5f9633e3b4cabee3c482c6018138fa764fa1f07c698c8
Sun Java Web Start Plugin Command Line Argument Injection (2012)
Posted Feb 24, 2012
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.

tags | exploit, java, web, arbitrary, root
advisories | CVE-2012-0500, OSVDB-79227
SHA-256 | 81161207244c8e7484b4277932284c0018d20eb38ceb3a2c62bd1e994ede6a05
Red Hat Security Advisory 2012-0332-01
Posted Feb 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-0870
SHA-256 | 83217c4f85e67c38de8250edb78839110461105a09c8ced94de19612811108b2
Hydra Network Logon Cracker 7.2
Posted Feb 16, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple bug fixes.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | f15c6b833c6c34891aacefa1c6d1afb67d0d50350d26273a784e29114f69970e
SciTools Understand 2.6 DLL Loading Code Execution
Posted Feb 8, 2012
Authored by LiquidWorm | Site zeroscience.mk

A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
SHA-256 | 5cda689106931a122f885350c46515532ff0a47fdb0e7ef0f9f15038b40dc6e7
Oracle Job Scheduler Named Pipe Command Execution
Posted Dec 23, 2011
Authored by David Litchfield, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.

tags | exploit, arbitrary
systems | windows
SHA-256 | a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418
Snort IDS 2.9.2
Posted Dec 15, 2011
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: Various new additions and modifications.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
SHA-256 | 04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
SAP NetWeaver RSTXSCRP Path Traversal
Posted Nov 17, 2011
Authored by Dmitriy Chastuchin

SAP NetWeaver RSTXSCRP Report has a path traversal vulnerability that can lead to an SMB relay attack and full control of the system.

tags | advisory
SHA-256 | 21855c07195fb743d05e10fc4148abc62479e631abbe3e8e1d6b011ef74209df
SAP NetWeaver ABAP Authorization Bypass / SMBRelay
Posted Nov 17, 2011
Authored by Alexey Sintsov

SAP NetWeaver ABAP suffers from authorization bypass, directory traversal, and SMBRelay vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 0aabc6d28819f80fb0cdcc88f63dbe1fcd8013c3f12b2c36acb808d75c57fb08
Anatomy Of A Pass Back Attack
Posted Nov 1, 2011
Authored by Deral Heiland, Michael Belton | Site foofus.net

Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.

tags | paper
SHA-256 | 4c1967b52b737e8378e0591046c4fbeb02462547b019cb3d9e260b1c5939d804
Smbwebdemo SQL Injection
Posted Oct 30, 2011
Authored by 3spi0n

Smbwebdemo suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 9f6d2e901d93dd909e2d8ba0d59467eb2f2b7dc40ca8c6d05a0ef591d6ff278a
Apple Safari file:// Arbitrary Code Execution
Posted Oct 17, 2011
Authored by sinn3r, Aaron Sigel | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.

tags | exploit, java, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3230
SHA-256 | 813e7b6681dffdbb170749ba71603be94be65c52baeeeffe39b6f94697d09ec4
Mandriva Linux Security Advisory 2011-148
Posted Oct 12, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-148 - Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils. smbfs in Samba 3.5.8 and earlier attempts to use mount.cifs to append to the /etc/mtab file and umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes.

tags | advisory, denial of service, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1678, CVE-2011-2724
SHA-256 | 91640800ce2136b96dfd389b427321e0b3185f315f748dcc3abb4044c1b1d06c
Hydra Network Logon Cracker 7.1
Posted Oct 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added HTTP Proxy URL enumeration module, SOCKS4/SOCKS5 proxy support with authentication, IPv6 support for SOCKS5 module, and more. Various bug fixes and enhancements.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | 551ef1f72848dab19f6a1ff9fe31f08143c8cef26f638d93e7110b4bce49d0a4
Hydra Network Logon Cracker 7.0
Posted Sep 25, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: New main engine for hydra. Lots of bugfixes and additions.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | a2457636b51f8a958bc092aafb7a59af57fa31e31d9b90211566247ac7cda33c
SQL-Ledger 2.8.33 / LedgerSMB 1.2.24 SQL Injection
Posted Aug 31, 2011
Authored by Chris Travers

SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1
Page 1 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close