what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 81 RSS Feed

Files

activeprice-sql.txt
Posted Nov 29, 2008
Authored by R3d-D3v!L | Site ahacker.net

Active Price Comparison version 4 suffers from a SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
SHA-256 | bd5c898bd01aa3241536171f39c86a954205a2f26108643a3814ba11562d9f2a

Related Files

Windows Credential Guard Non-Constant Time Comparison Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.

tags | advisory, info disclosure
systems | windows
advisories | CVE-2022-34704
SHA-256 | 1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009
Simple Mobile Comparison Website 1.0 Cross Site Scripting
Posted Mar 18, 2022
Authored by Ayedh AlQahtani

Simple Mobile Comparison Website version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 16d744b61a5c5643b4343a47df5a1a31b7f68ca682626787096ae5896346c2f8
Ubuntu Security Notice USN-5310-1
Posted Mar 2, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5310-1 - Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Jason Royes and Samuel Dytrych discovered that the GNU C Library incorrectly handled signed comparisons on ARMv7 targets. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10228, CVE-2020-29562, CVE-2020-6096, CVE-2021-27645, CVE-2021-3326, CVE-2021-35942, CVE-2021-3998, CVE-2021-3999, CVE-2022-23219
SHA-256 | 0c11352a9e9620a9d78b56edf5a195481c3c772b41e829e66010783e0ca89f70
Simple Mobile Comparison Website 1.0 SQL Injection
Posted Feb 24, 2022
Authored by nu11secur1ty

Simple Mobile Comparison Website version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 695bf39dcd0d3744026fcb148bfc24bfa5cf5578621d80e3431287638536eca1
Asterisk Project Security Advisory - AST-2021-004
Posted Feb 19, 2021
Authored by gjoseph, Edvin Vidmar | Site asterisk.org

Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.

tags | advisory, overflow
advisories | CVE-2021-26714
SHA-256 | 514c38f88457c5adefa470f62cfa4733ee26d4eda6458c3b24c7bb21f2ec9701
Red Hat Security Advisory 2019-1884-01
Posted Jul 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1884-01 - The libssh2 packages provide a library that implements the SSH2 protocol. An out-of-bounds memory comparison was addressed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-3862
SHA-256 | 5cfb9fcc8f02e9d6047eb20d6cf69ad487c72dbced12cb72c9e1a5579ed42721
Ubuntu Security Notice USN-4001-2
Posted May 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4001-2 - USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators. An attacker could use this to bypass intended access restrictions for argument-filtered system calls. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-9893
SHA-256 | 3783ae85bece13ddc1bd387465ffc67476ccb3ef43cf43c7d11db72875308e08
Ubuntu Security Notice USN-4001-1
Posted May 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4001-1 - Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators. An attacker could use this to bypass intended access restrictions for argument-filtered system calls.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-9893
SHA-256 | 23b5565883c626d654d99f5b47bd16b675b6316293fe57bab66ec2f2bf383ccf
libseccomp Incorrect Compilation Of Arithmetic Comparisons
Posted Mar 18, 2019
Authored by Jann Horn, Google Security Research

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.

tags | exploit
SHA-256 | dddc73c41f25c68017fa3018c96fe964b4326e43e6cabe8e18b658d2b9935a72
OpenCart Price Comparison Store 3.x Open Redirection
Posted Mar 11, 2019
Authored by KingSkrupellos

OpenCart Price Comparison Store module version 3.x suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 0bd6d414d3abd4c0aed888a1c2a9d768afc6e326d7d854e6484927f0c3f33170
Everus.org 1.0.7 Second Factor Client-Side Validation
Posted Nov 8, 2018
Authored by Muhammad Shahbaz

The Everus.org Android application version1.0.7 has a fundamental design flaw where the server provides the second factor to the client for comparison instead of properly validating it server-side.

tags | exploit
SHA-256 | 6692defba0408aaffe64bbe95bc5c8092936c9174bf5aeb6c6109750fc09bd4f
Cash Back Comparison Script 1.0 SQL Injection
Posted Sep 22, 2017
Authored by Ihsan Sencan

Cash Back Comparison Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bf0129d1568c533f775662e94d71b60428120c4f89f7a7f646d79d5008c48602
ShopZilla Comparision Shopping Script 2.3 Cross Site Scripting
Posted Nov 13, 2016
Authored by indoushka

ShopZilla Comparison Shopping Script version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c45c7f8847b1bff8a2129f45b61e536b5b11e5ea2a7560ac533668557d7caf94
FreeBSD Security Advisory - FreeBSD-SA-16:18.atkbd
Posted May 18, 2016
Authored by CTurt and the HardenedBSD team | Site security.freebsd.org

FreeBSD Security Advisory - Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. A local user may crash the kernel, read a portion of kernel memory and execute arbitrary code in kernel context. The result of executing an arbitrary kernel code is privilege escalation.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2016-1886
SHA-256 | c7c48a6a99a2c6c01b08b27fe32854f8e9e9d8b0f9221e5d0765b78ae72824fc
Debian Security Advisory 3562-1
Posted May 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3562-1 - Several vulnerabilities were discovered in tardiff, a tarball comparison tool.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-0857, CVE-2015-0858
SHA-256 | 306fe98ee2aa902b2d646bdb1b17d3da65dad3d3946ef5bf60eb09601f001e6b
Microsoft Windows 8.1 Ahcache.sys/NtApphelpCacheControl Privilege Escalation
Posted Nov 17, 2015
Authored by Google Security Research, forshaw

On Windows 8.1 Update 32/64 bit, the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check.

tags | exploit, local
systems | linux, windows
advisories | CVE-2015-0001
SHA-256 | 72088e382599651c32cb9cdc5567e22509289abb4b5d97381967f2aafa755155
Kaspersky Small Office Security 13.0.4.233 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund | Site syss.de

By analyzing the password-based authentication for unloading the Kaspersky Small Office Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the module avpmain.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Small Office Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
SHA-256 | f56f7f4ad60158ad733a4f73ea4635638de505c45f25ef6e8047b7a8a8e5a7ce
Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund | Site syss.de

By analyzing the password-based authentication for unloading the Kaspersky Endpoint Security for Windows protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe, which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Endpoint Security for Windows in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
SHA-256 | 2d0462fc09a2607d7ee16b44834d6ec901e61cace833e168b9102654473f32bc
Kaspersky Anti-Virus 15.0.1.415 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund | Site syss.de

By analyzing the password-based authentication for unloading the Kaspersky Anti-Virus protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Anti-Virus in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory, virus
systems | windows
SHA-256 | 554441351ca1092de802550ffa43352381d6c7482cd5373295ac4d9310a088aa
Kaspersky Internet Security 15.0.2.361 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund | Site syss.de

By analyzing the password-based authentication for unloading the Kaspersky Internet Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Internet Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
SHA-256 | 15965bde1ae5e842c07d11a1778e4a501e0cade94ff4d28bf4c19ef058f87c30
Kaspersky Total Security 15.0.1.415 Authentication Bypass
Posted Oct 1, 2015
Authored by Matthias Deeg, Sven Freund | Site syss.de

By analyzing the password-based authentication for unloading the Kaspersky Total Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe (actually within the used module shell_service.dll), which runs or can be run in the context of the current Windows user, who can also be a standard, limited user. This fact allows a further analysis and the manipulation of the password comparison during runtime without administrative privileges, as every user is able to debug and manipulate the processes running with her user privileges. In order to bypass the password-based authentication to deactivate the protection of Kaspersky Total Security in an unauthorized manner, an attacker only has to patch this password comparison, so that it always returns true, for example by comparing the correct unload password with itself or by modifying the program control flow.

tags | advisory
systems | windows
SHA-256 | b12d3e03fd22c3e9658d41432c039d1d5f73a44ea1032e75289b6f1261bafbdf
Mandriva Linux Security Advisory 2015-217
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | d7abd24a5ede0ffb411a19c7b4916189dd8611c728e2fd9900a0d2d4bb39756e
Microsoft Windows NtApphelpCacheControl Improper Authorization Check
Posted Jan 15, 2015
Authored by sinn3r, James Forshaw | Site metasploit.com

On Windows, the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. This Metasploit module currently only affects Windows 8 and Windows 8.1, and requires access to C:\Windows\System\ComputerDefaults.exe (although this can be improved).

tags | exploit, local
systems | windows
advisories | CVE-2015-0002
SHA-256 | 36677bd1211abded7668cec79a01236adc56ce9a61fd946306e8c8d33aefa513
Ubuntu Security Notice USN-2368-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

tags | advisory, remote, udp
systems | linux, ubuntu
advisories | CVE-2013-2061
SHA-256 | d23623be892ad4e3082d9de02d10de4f885746f733ac9a7916528d54aa86b3b6
Mandriva Linux Security Advisory 2014-057
Posted Mar 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-057 - MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript. During internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid. During internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. Netanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way. MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces. MediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time. MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won't find links in the middle of api.php links. MediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others. Also, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22. Additionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks. Note: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed. You will need to maintain separate wiki instances manually.

tags | advisory, remote, php, javascript, code execution, xss
systems | linux, mandriva
advisories | CVE-2013-6451, CVE-2013-6452, CVE-2013-6453, CVE-2013-6472, CVE-2014-1610, CVE-2014-2242, CVE-2014-2243, CVE-2014-2244
SHA-256 | 69370204ce4cd8a16085a03afcffcb4b941504c2ffd0f56cd8dde6210167c57b
Page 1 of 4
Back1234Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close