what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2015-10-13

K2 SmartForms / BlackPearl SQL Injection
Posted Oct 13, 2015
Authored by Wissam Bashour

K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-7299
SHA-256 | b5b8d94a74d115a5d21dcdfab6459b1fc2f07d4bd3bbd269226449b06d053835
Avast Antivirus X.509 Error Rendering Command Execution
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.

tags | exploit
systems | linux
SHA-256 | f3141a360bdf7ee6e4a571e6ac07b4d6860453bfd2d2651ec97cfa7f9a2ae196
Kaspersky Antivirus Yoda's Protector Unpacking Remote Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using "Yoda's protector". This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on all systems using Kaspersky Antivirus.

tags | exploit, remote, code execution
systems | linux
SHA-256 | 3c3dd5acd1e83e6d651af0ce396c0ce5a329d99348391da8dcc96d1f2d9db389
Kaspersky Antivirus UPX Parsing Remote Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, arbitrary, code execution
systems | linux
SHA-256 | 873dde06402e643e7c58d92fa1292dd7bd56e1ac4926fee21503ce6e92227045
Kaspersky Antivirus PE Unpacking Integer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | 5f6ace8e01df0d4d69eed14c4bfebe35cffb18417251166f12d0d919112d59ea
Kaspersky Antivirus ExeCryptor Parsing Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.

tags | exploit
systems | linux
SHA-256 | 9b88cbe181953642219bc9f3faab09f2d8454bba6f6371edce30a211c49ef39b
Kaspersky Antivirus CHM Parsing Remote Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | 955d664811abe68cd1b11cbbbfdcc3b1d291028188d72a8d67f997305e27df5c
New Methods In Automated XSS Detection And Dynamic Exploit Creation
Posted Oct 13, 2015
Authored by Kenneth F. Belva

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

tags | paper, xss
SHA-256 | 32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7b
Kerio Control 8.6.1 SQL Injection / Code Execution / CSRF
Posted Oct 13, 2015
Authored by Raschin Tavakoli

Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, csrf
SHA-256 | 5ade13cd16a1063aa69b48cb922256980ec682b6582c69ca0d6107b759ac4b36
Digital Whisper Electronic Magazine #65
Posted Oct 13, 2015
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 65. Written in Hebrew.

tags | magazine
SHA-256 | 5b592a3fd473f02b3de73891851460962b505cd4c3044c49983d8e41e5d6cddd
Debian Security Advisory 3372-1
Posted Oct 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, CVE-2015-7613
SHA-256 | 307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3
.NET Partial-Trust Bypass
Posted Oct 13, 2015
Authored by Google Security Research, matttait

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without "UnmanagedCode" permission to nevertheless directly control arguments passed to a "ShellExecute" invocation of the users' default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the "WebPermission" permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users' default browser.

tags | exploit, arbitrary
systems | linux, windows
SHA-256 | b4f6f4c64fcea757962a5b5527370c1e23ba0b0610e975f129a09d22efa39baa
Kaspersky Antivirus VB6 Parsing Integer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | c9ddc4ae299fb2e602e6dc2f065c0d2feca2d3364b70f32ea4e4bdc6ca8d7666
Kaspersky Antivirus DEX File Format Parsing Memory Corruption
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This is obviously exploitable for remote, zero-interaction code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.

tags | exploit, remote, code execution
systems | linux, windows
SHA-256 | 26951261beb7ff1122009b4bec4c8a0f4705fa105a3613ecb9448249512fe065
Kaspersky Antivirus ThinApp Parser Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Tavis Ormandy, Google Security Research

The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists in the ThinApp container parsing. Kaspersky Antivirus and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

tags | exploit, overflow
systems | linux
SHA-256 | 5ca3b319ffad1c37c2dc2b79e408a60512af7b432dd0803fc5b707285145f8b8
CDex Genre 1.79 Stack Buffer Overflow
Posted Oct 13, 2015
Authored by Un_N0n

CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 960dd65d0478b1f333da665417affee1a77c7938878b529651291ec7799fd8d8
Netgear Voice Gateway 2.3.0.23_2.3.23 XSS / Code Execution
Posted Oct 13, 2015
Authored by Karn Ganeshen

Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d00b6ccc7243ec76c13b6752206ecb24b7616afd8ccc5b5e94771fa108ece86e
How Yalu Works
Posted Oct 13, 2015
Authored by Mahyar Rezghi

Whitepaper called How Yalu Works. Written in Persian.

tags | paper
SHA-256 | 8e6baed03f1a0aca0b7a553306a79948004042a763a555423ed698efc3743e0a
Tomabo MP4 Converter 3.10.12 Denial Of Service
Posted Oct 13, 2015
Authored by M. Ibrahim

Tomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | e4aa0486624d997bce409a11e6d9c99d4f02853188e7581d6891d408b5236a42
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close