what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-09-07

PHP 5.6 / 5.5 / 5.4 SplDoublyLinkedList Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php
SHA-256 | 7068d7798e322a46c2e69230045e711ecf86cbeed6a1aeb9c0bfd3cc11b7c949
PHP 5.6 GMP unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
SHA-256 | 78b8814f488debb34e76681ef84991ebba8a99b93c4858fce8dfddcbc8a3470b
PHP 5.6 / 5.5 / 5.4 Session Deserialized Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
SHA-256 | 379922b40d47340abc8e7b18eb526b13f875829b3cc5a5eb48390af82be079ec
WordPress eShop 6.3.13 Cross Site Scripting
Posted Sep 7, 2015
Authored by Ashiyane Digital Security Team, Ehsan Hosseini

WordPress eShop plugin version 6.3.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e23cf2ca249e37beda9c5ac64979314f1328db60c63aca25bd874fdb5e7a32b6
Endian Firewall Proxy Password Change Command Injection
Posted Sep 7, 2015
Authored by Ben Lincoln | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd (which changes the password for the Linux root account on the system to the value specified by console input once it is executed). The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use (http://jira.endian.com/browse/UTM-1002). Versions 2.3.x and 2.4.0 are not vulnerable because of a similar bug (http://bugs.endian.com/print_bug_page.php?bug_id=3083). Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.2, 2.5.1, 2.5.2. Should function against any version from 1.1 RC5 to 2.2.x, as well as 2.4.1 and 2.5.x.

tags | exploit, web, local, cgi, root, php
systems | linux
advisories | CVE-2015-5082
SHA-256 | 93595333575588a0761fd710896979bd064097e42ff0603d14d9ecebcedd6cff
FireEye Appliance Arbitrary File Disclosure
Posted Sep 7, 2015
Authored by Kristian Hermansen

FireEye appliances suffer from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | b08c801d04316817e1dd1d0ce1e4ef2deb1071508763d3d3c6729b45dee84968
NETGEAR WMS Authentication Bypass / Privilege Escalation
Posted Sep 7, 2015
Authored by Elliott Lewis

NETGEAR WMS5316 ProSafe 16AP Wireless Management System suffers from authentication bypass and privilege escalation vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | 86cc59ece6d7740256a5f0acbd7fe46d2604e8275a7d58e19671e76ed8abe30c
Debian Security Advisory 3353-1
Posted Sep 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3353-1 - Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an implementation of the IETF Service Location Protocol. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service, protocol
systems | linux, debian
advisories | CVE-2015-5177
SHA-256 | 7c92b056231ea09c230cb71e51a12433b1b2b6d79d97211dd0e0976f7ff7b105
HooToo Tripmate HT-TM01 Cross Site Request Forgery
Posted Sep 7, 2015
Authored by Ken Smith

HooToo Tripmate HT-TM01 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 5829fc86548ba014302ddd93ff445c798e2c46a9db2a94506942297d2824697e
PHP 5.6 / 5.5 / 5.4 SplOnjectStorage unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or executing arbitrary code remotely. Affected are PHP versions prior to 5.6.13.

tags | exploit, arbitrary, php
SHA-256 | 4fd5caf7c4dcacd754676a3cbc4212c2832b480514c1f218168a70d4dc9d6079
Advantech WebAccess 8.0 / 3.4.3 Code Execution
Posted Sep 7, 2015
Authored by Praveen Darshanam

Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.

tags | exploit, activex
advisories | CVE-2014-9208
SHA-256 | 675e8f8ab88e9c12215588d7fd0ea9ed4240581e811774c53a4d540b46b2fe91
AutoCAD DWG/DXF To PDF Converter 2.2 Buffer Overflow
Posted Sep 7, 2015
Authored by Robbie Corley

AutoCAD DWG/DXF to PDF Converter version 2.2 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f81c62210b1b8a813c20a05f429363519ef706bff3abe4245f3d48df6f604534
PHP 5.6 / 5.5 / 5.4 unserialize() Use-After-Free
Posted Sep 7, 2015
Authored by Taoguang Chen

Multiple use-after-free vulnerabilities were discovered in unserialize() with Serializable class that can be abused for leaking arbitrary memory blocks or for executing arbitrary code remotely. Affected are PHP versions 5.6.12 and below, 5.5.28 and below, and 5.4.44 and below.

tags | exploit, arbitrary, php, vulnerability
SHA-256 | 77d34f5cfa55e4abcf2086a401126827fa0bf5ae4047ceeb353c35148cd1c48c
Glibc Pointer Guarding Weakness
Posted Sep 7, 2015
Authored by Hector Marco, Ismael Ripoll | Site hmarco.org

Glibc pointer guarding weakness proof of concept code.

tags | exploit, proof of concept
SHA-256 | 64411cf75336417b9d476a2bf486dd76842d1e2a6149f57b59c3900238a08677
Linux/x86 execve(/bin/bash) Shellcode
Posted Sep 7, 2015
Authored by Ajith KP

31 bytes small Linux/x86 execve(/bin/bash) shellcode.

tags | x86, shellcode, bash
systems | linux
SHA-256 | 173c71f69962fc12b9cfc727b360eac922f71f7737dcd388c690f9991132a1c7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close