exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2019-01-16

Microsoft Windows .contact Arbitrary Code Execution
Posted Jan 16, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.

tags | exploit, remote, web, arbitrary
systems | windows
SHA-256 | 52e7fff8b2469f2e46e7461221da6fa33e56fb572f280f549b64f91c087847d7
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
Posted Jan 16, 2019
Authored by Pasquale Turi

GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure
advisories | CVE-2019-6272, CVE-2019-6273, CVE-2019-6274, CVE-2019-6275
SHA-256 | 9c220137b98425fa5b66ac1679a50818c67ea12d2273b2dfd6e619e3d5fd36d7
Roxy Fileman 1.4.5 Arbitrary File Download
Posted Jan 16, 2019
Authored by Ihsan Sencan

Roxy Fileman version 1.4.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | c5c2d45dc567cb6eb279f46afbecebee3da3ce5e0ddee95feceef1aa8552bbd4
Coship Wireless Router Unauthenticated Admin Password Reset
Posted Jan 16, 2019
Authored by Adithyan AK

Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.

tags | exploit, bypass
advisories | CVE-2019-6441
SHA-256 | 8cf4fa6b17973d26fa8b7033f6326d26dc5c3c9b76556f9b7feb4e784bad0fde
FortiGate FortiOS LDAP Credential Disclosure
Posted Jan 16, 2019
Authored by Julio Urena

FortiGate FortiOS versions prior to 6.0.3 suffer from an LDAP credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-13374
SHA-256 | 9b58e264417085aa0cdd66440bce3e7bf404456ec14f6b215c9ba1ca0eb74588
Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation
Posted Jan 16, 2019
Authored by breenmachine, FoxGloveSec, decoder, phra, ohpe, lupman | Site metasploit.com

This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string.

tags | exploit
advisories | CVE-2016-3225
SHA-256 | 5e3f05cf275d9d2ae02e2d4ec7ec57c79e4e8a2edb6c3200d02245aa852d0dda
blueman set_dhcp_handler D-Bus Privilege Escalation
Posted Jan 16, 2019
Authored by The Grugq, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman version 1.23 on Debian 8 Jessie (x64).

tags | exploit, arbitrary, root, code execution, python
systems | linux, debian
advisories | CVE-2015-8612
SHA-256 | 85a43e99c894940e1f5253b2c619f91dc4dfc4fda5382f9ab944cf794316f8d4
Microsoft Windows XmlDocument Insecure Sharing Privilege Escalation
Posted Jan 16, 2019
Authored by James Forshaw, Google Security Research

A number of Partial Trust Windows Runtime classes expose the XmlDocument class across process boundaries to less privileged callers which in its current form can be used to elevate privileges and escape the Edge Content LPAC sandbox.

tags | exploit
systems | windows
advisories | CVE-2019-0555
SHA-256 | c424c234f0bbbf82e0e97152ab4029060170b5ecdc5e371726a2bbc2a62a4a45
Microsoft Windows RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Posted Jan 16, 2019
Authored by James Forshaw, Google Security Research

The WinRT RestrictedErrorInfo does not correctly check the validity of a handle to a section object which results in closing an unrelated handle which can lead to an elevation of privilege.

tags | exploit
advisories | CVE-2019-0570
SHA-256 | 7368ae1fbc7a1684f268e0456e118a6d77785b364e0f6b92f66b35659a90b7d1
Streamworks Job Scheduler Release 7 Authentication Weakness
Posted Jan 16, 2019
Authored by Simon Bieber

Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6d
EuskalHack Security Congress IV Call For Papers
Posted Jan 16, 2019
Site euskalhack.org

EuskalHack Security Congress Fourth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fourth edition. The participants include specialized companies, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 21st and 22nd of June 2019 in the lovely city of Donostia, San Sebastian.

tags | paper, conference
SHA-256 | 10cda2c1e56b8ff71214fb0e76b94aee173a5bd4df367f6636c51869ea58ef6f
SCP Server Verification Issues
Posted Jan 16, 2019
Authored by Harry Sintonen

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

tags | advisory, spoof, vulnerability
advisories | CVE-2000-0992, CVE-2018-20684, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111
SHA-256 | 7fa072fc8f371c8cc4668eb863810286b6651faaf3b8efdcdeee1bc7d0a40099
WebKit JSC JIT Use-After-Free
Posted Jan 16, 2019
Authored by Google Security Research, lokihardt

The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to a use-after-free condition.

tags | exploit
advisories | CVE-2018-4442
SHA-256 | bc8f411013dffe95aeaebd8e26ff3d39ee578b4902d99f8e61e2efdb6d784584
ownDMS 4.7 SQL Injection
Posted Jan 16, 2019
Authored by Ihsan Sencan

ownDMS version 4.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a29f20f6703fe6c36fe03fc96c5c4f04dc371255e3894f45c3a4f993da2b6a84
1Password Denial Of Service
Posted Jan 16, 2019
Authored by Valerio Brussani

1Password versions prior to 7.0 suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13042
SHA-256 | ef142489adece1b1e6f31f1812ddee20236f26a770e4f0a467699df795f8c7da
NTPsec 1.1.2 ntp_control Null Pointer Dereference
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control.

tags | exploit
advisories | CVE-2019-6445
SHA-256 | b81ba6f1beaa170420ebc0b70461980c9d0d023d7005c5fe2d9b7888f1d87d36
NTPsec 1.1.2 ntp_control Out-Of-Bounds Read
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ntp_control.

tags | exploit
advisories | CVE-2019-6444
SHA-256 | 91098aa8aea1e8ef86d75b817008e2b79b289ac2da253fbbfac32b2c82095578
WordPress Category Page Icons 3.6.1 CSRF / Shell Upload
Posted Jan 16, 2019
Authored by KingSkrupellos

WordPress category-page-icons plugin version 3.6.1 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | ca8ab3912db733d4722a14fa878a451f8517f85dab28ca58db9de271d66fa7fa
NTPsec 1.1.2 config Out-Of-Bounds Write
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffer from a config related out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2019-6442
SHA-256 | 6b3433c81fe24dd5ecaf440a32a0aaf724e59d870b7338d082f6f6031434f0dd
NTPsec 1.1.2 ctl_getitem Out-Of-Bounds Read
Posted Jan 16, 2019
Authored by Magnus Klaaborg Stubman

NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ctl_getitem.

tags | exploit
advisories | CVE-2019-6443
SHA-256 | a5e5d13c582d16c594c403824b5b8e67cfc6864c2231bdd1d18a68b31f335c5a
WordPress 2013 TwentyThirteen Theme 5.0.3 Open Redirection
Posted Jan 16, 2019
Authored by KingSkrupellos

WordPress 2013 TwentyThirteen theme version 5.0.3 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 17af8d808260cd382bb561a63cd216ad19865d85b01816a105f2f3c8c4691caa
Web Design SQL Injection 2019/01/16
Posted Jan 16, 2019
Authored by KingSkrupellos

Desarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.

tags | exploit, remote, web, vulnerability, sql injection, file upload
SHA-256 | 7f1551c440e4b35038cd546886f8cd2add3bb6648d093aade9dae8762ed8160b
Web Design SQL Injection 2019/01/14
Posted Jan 16, 2019
Authored by KingSkrupellos

Ariadna3 Web Design Spain, Desarrollado por C-Diseno Web Design Spain, Desenvolvido por Fidelizarte Web Design Portugal, Desarrollado por OxiGenic Web Design Spain, and Sedinet Web Design Spain suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | ac883f9107828f3d57825c0af9d4943308a4415a90ef0fabcb5f9bfca646c32d
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close