PS Exploit News

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  1. Octopus Deploy Authenticated Code Execution

    This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.
  2. Samba is_known_pipename() Arbitrary Module Load

    This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some cases, anonymous access combined with common filesystem locations can be used to automatically exploit this vulnerability.
  3. JAD Java Decompiler 1.5.8e Buffer Overflow

    JAD Java Decompiler version 1.5.8e suffers from a local buffer overflow vulnerability.
  4. WordPress AffiliateWP 2.0.8 Cross Site Scripting

    WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.
  5. WordPress Huge-IT Video Gallery 2.0.4 SQL Injection

    WordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.
  6. WordPress All In One Schema.org Rich Snippets 1.4.1 XSS

    WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
  7. Aries QWR-1104 Wireless-N Cross Site Scripting

    Aries QWR-1104 Wireless-N router suffers from a cross site scripting vulnerability.
  8. Microsoft MsMpEng Denial Of Service

    Through fuzzing, a number of ways to crash the Microsoft MsMpEng service has been been discovered.
  9. SambaCry Exploit / Vulnerable Container

    This repo from github contains a SambaCry exploit and vulnerable container.
  10. WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure

    WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.
  11. Sandboxie 5.18 Denial Of Service

    Sandboxie version 5.18 suffers from a local denial of service vulnerability.
  12. D-Link DCS Series Cameras Insecure Crossdomain.xml

    D-Link DCS Series cameras implement a weak crossdomain.xml.
  13. Google Chrome 60.0.3080.5 V8 JavaScript Engine Out-Of-Bounds Write

    Google Chrome version 60.0.3080.5 V8 suffers from an out-of-bounds write vulnerability in the javascript engine.
  14. Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration

    Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.
  15. Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting

    Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.
  16. Sunell IPR54/14AKDN(II)/13 Cross Site Scripting

    Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.
  17. OpenVPN Access Server 2.1.4 CRLF Injection

    OpenVPN Access Server version 2.1.4 suffers from a CRLF injection vulnerability.
  18. WebKit Editor::Command::execute Universal Cross Site Scripting

    WebKit suffers from a universal cross site scripting vulnerability via Editor::Command::execute.
  19. WebKit enqueuePageshowEvent / enqueuePopstateEvent Universal XSS

    WebKit enqueuePageshowEvent and enqueuePopstateEvent suffer from a universal cross site scripting vulnerability.
  20. Mozilla Firefox ConvolvePixel Memory Disclosure

    Mozilla Firefox suffers from a memory disclosure vulnerability in ConvolvPixel. o.
  21. WebKit FrameLoader::clear Variable Theft

    WebKit suffers from a variable theft issue in FrameLoader::clear via page navigation.
  22. Microsoft MsMpEng Privilege Escalation

    Microsoft MsMpEng suffers from multiple privilege escalation vulnerabilities.
  23. WebKit HTMLObjectElement::updateWidget Universal XSS

    WebKit suffers from a cross site scripting vulnerability in HTMLObjectElement::updateWidget.
  24. WebKit WebCore::FrameView::scheduleRelayout Use-After-Free

    WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::scheduleRelayout.
  25. Mozilla Firefox gfxTextRun Out-Of-Bounds Read

    gfxTextRun in Mozilla Firefox suffers from a heap overflow vulnerability.
2 megabytes