ignore security and it'll go away
Showing 1 - 25 of 39,372 RSS Feed

Exploit Files

Disk Pulse Enterprise 9.9.16 GET Buffer Overflow
Posted Sep 21, 2017
Authored by Nipun Jaswal, Chance Johnson, Anurag Srivastava | Site metasploit.com

This Metasploit module exploits an SEH buffer overflow in Disk Pulse Enterprise version 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.

tags | exploit, web, overflow
systems | windows, nt
MD5 | 4357afe77b3f0d509c9cfa2b76ef1a5a
WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting
Posted Sep 20, 2017
Authored by Ricardo Sanchez

WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ed7cc9ee351abba47e1139929002ac68
SUSE/Portus 2.2 Cross Site Scripting
Posted Sep 19, 2017
Authored by Ricardo Sanchez

SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
systems | linux, suse
MD5 | 45c4673d073bbdcf395b309bad7cd3d0
DlxSpot Hardcoded Password
Posted Sep 19, 2017
Authored by Simon Brannstrom

DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.

tags | exploit, root
advisories | CVE-2017-12928, CVE-2017-12929, CVE-2017-12930
MD5 | a8c160f05eb5b14922777c74c7455bf9
DlxSpot Shell Upload
Posted Sep 19, 2017
Authored by Simon Brannstrom

DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.

tags | exploit, remote, shell
advisories | CVE-2017-12928, CVE-2017-12929, CVE-2017-12930
MD5 | 9af7a881088ecdf7ad4e03ae9466faeb
DlxSpot SQL Injection
Posted Sep 19, 2017
Authored by Simon Brannstrom

DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.

tags | exploit, remote, sql injection
advisories | CVE-2017-12928, CVE-2017-12929, CVE-2017-12930
MD5 | 2d94a5f031c7d5b9085cc566f159b20b
Microsoft Edge Partial Page Loading Memory Corruption
Posted Sep 19, 2017
Authored by Ivan Fratric, Google Security Research

There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.

tags | exploit, web, javascript
advisories | CVE-2017-8731
MD5 | 38a51b456f8f99a75032e480ca87fb20
Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8678
MD5 | 73d3685f1e900f98c6cd4f3a23681176
Microsoft Windows Kernel win32k!NtGdiDoBanding Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8687
MD5 | fe4029deb9c5251a89ca66ad88be9adc
Microsoft Edge COptionsCollectionCacheItem::GetAt Out-Of-Bounds Read
Posted Sep 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).

tags | exploit, remote, code execution
advisories | CVE-2017-8734
MD5 | f8f0367a62a7c9dadd43f0e6c52c13e5
Microsoft Windows Kernel win32k!NtGdiEngCreatePalette Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8685
MD5 | 83ee676927d72312fbb286ed64a835d8
Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetFontResourceInfoInternalW.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8684
MD5 | 61dc2229ecbf3b49ce1abc604e7d026d
Microsoft Windows Kernel TTF Font Processing glyf Out-Of-Bounds Read
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel win32k.sys TTF font processing suffers from an out-of-bounds read vulnerability with a malformed glyf table.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8683
MD5 | 6641efba2930501968ff7f836aa362bc
Microsoft Windows Kernel TTF Font Processing Out-Of-Bounds
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel win32k.sys TTF font procession functionality suffers from out-of-bounds read/write vulnerabilities.

tags | exploit, kernel, vulnerability
systems | windows
advisories | CVE-2017-8682
MD5 | aa8a1953e3c70722e1dd32b005aa020c
Microsoft Windows Kernel nt!NtSetIoCompletion / nt!NtRemoveIoCompletion Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtSetIoCompletion and nt!NtRemoveIoCompletion.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8708
MD5 | fd5025fc6a75cc5dbc1f54b354b0c2e7
Microsoft Windows Kernel win32k!NtGdiGetPhysicalMonitorDescription Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a memory disclosure in win32k!NtGdiGetPhysicalMonitorDescription.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8681
MD5 | 890bef0c1635255b9915dcca14ad5865
Microsoft Windows Kernel win32k!NtGdiGetGlyphOutline Memory Disclosure
Posted Sep 19, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in win32k!NtGdiGetGlyphOutline.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-8680
MD5 | 5b64942e584a037e7e24695cad37a8d2
Watchguard Firebox / XTM XML-RPC Empty Member Denial Of Service
Posted Sep 19, 2017
Authored by David Fernandez

Watchguard's Firebox and XTM appliances suffer from an XML-RPC empty member denial of service vulnerability. Firmware versions below 12.0 were found to be vulnerable.

tags | exploit, denial of service
MD5 | 834b3f0a96297865381ef9778e35cd66
iBall ADSL2+ Home Router Authentication Bypass
Posted Sep 19, 2017
Authored by Gem George

iBall ADSL2+ Home Router suffers from multiple authentication bypass vulnerabilities.

tags | exploit, vulnerability, bypass
MD5 | 1d79305ff9e23d0f385e458888f5616f
UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass
Posted Sep 19, 2017
Authored by Gem George

UTStar WA3002G4 ADSL Broadband Modem suffers from multiple authentication bypass vulnerabilities.

tags | exploit, vulnerability, bypass
advisories | CVE-2017-14243
MD5 | 76b06148bd896167e3da312b301ddd69
ZKTeco ZKTime Web 2.0.1.12280 Information Disclosure
Posted Sep 19, 2017
Authored by Arvind Vishwakarma

ZKTeco ZKTime Web version 2.0.1.12280 suffers from an information disclosure vulnerability.

tags | exploit, web, info disclosure
MD5 | 6b7fa287e7bbc910a93f0b738525a4b8
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Request Forgery
Posted Sep 19, 2017
Authored by Arvind Vishwakarma

ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
MD5 | 1ebd8d29476f9a7cfd4912a6b57b2711
D-Link DGS-3000-10TC Cross Site Scripting / Content Spoofing
Posted Sep 19, 2017
Authored by MustLive

D-Link DGS-3000-10TC suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | 3f6dd9f19a9efc47f919300380d1a65a
Astaro Security Gateway 7 Remote Code Execution
Posted Sep 15, 2017
Authored by Jakub Palaczynski, Maciej Grabiec

Astaro Security Gateway 7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-6315
MD5 | 593db61c13a32607441358ca66907051
XYZ Auto Classifieds 1.0 SQL Injection
Posted Sep 15, 2017
Authored by 8bitsec

XYZ Auto Classifieds version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a59c025d364f6d4da15216c1550a1164
Page 1 of 1,575
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close