PS Exploit News

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  1. Trend Micro Security (Consumer) Arbitrary Code Execution

    Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.
  2. Trend Micro Security 2019 Security Bypass Protected Service Tampering

    Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
  3. Common Desktop Environment 2.3.1 Buffer Overflow

    A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE is based on the original CDE 1.x train, which is different from the CDE 2.x codebase that was later open sourced. Most notably, the vulnerable buffer in the Oracle Solaris CDE is stack-based, while in the open source version it is heap-based.
  4. Solaris xlock Information Disclosure

    A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.
  5. WordPress Time Capsule 1.21.16 Authentication Bypass

    WordPress Time Capsule plugin version 1.21.16 suffers from an authentication bypass vulnerability.
  6. GTalk Password Finder 2.2.1 Denial Of Service

    GTalk Password Finder version 2.2.1 suffers from a denial of service vulnerability.
  7. WordPress InfiniteWP Client 1.9.4.5 Authentication Bypass

    WordPress InfiniteWP Client plugin version 1.9.4.5 suffers from an authentication bypass vulnerability.
  8. Torrent FLV Converter 1.51 Build 117 Stack Overflow

    Torrent FLV Converter version 1.51 Build 117 suffers from a stack overflow vulnerability.
  9. APKF Product Key Finder 2.5.8.0 Denial Of Service

    APKF Product Key Finder version 2.5.8.0 suffers from a denial of service vulnerability.
  10. WordPress Resim ara 1.0 Cross Site Scripting

    WordPress Resim ara plugin version 1.0 suffers from a cross site scripting vulnerability.
  11. Citrix ADC / Gateway Path Traversal

    This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.
  12. Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

    Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.
  13. CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept

    Proof of concept exploit for the Microsoft Windows CurveBall vulnerability where the signature of certificates using elliptic curve cryptography (ECC) is not correctly verified. ECC relies on different parameters. These parameters are standardized for many curves. However, Microsoft did not check all these parameters. The parameter G (the generator) was not checked, and the attacker can therefore supply his own generator, such that when Microsoft tries to validate the certificate against a trusted CA, it will only look for matching public keys, and then use then use the generator of the certificate.
  14. CurveBall Microsoft Windows CryptoAPI Spoofing Proof Of Concept

    This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.
  15. Tautulli 2.1.9 Denial Of Service

    This Metasploit module exploits a denial of service vulnerability in Tautulli version 2.1.9.
  16. Online Book Store 1.0 Arbitrary File Upload

    Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.
  17. SunOS 5.10 Generic_147148-26 Local Privilege Escalation

    SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.
  18. WordPress Postie 1.9.40 Cross Site Scripting

    WordPress Postie plugin versions 1.9.40 and below suffer from a persistent cross site scripting vulnerability.
  19. Huawei HG255 Directory Traversal

    This Metasploit module exploits a directory traversal in Huawei HG255.
  20. Online Book Store 1.0 SQL Injection

    Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.
  21. Plantronics Hub SpokesUpdateService Privilege Escalation

    The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).
  22. Rukovoditel Project Management CRM 2.5.2 SQL Injection

    Rukovoditel Project Management CRM version 2.5.2 suffers from multiple remote SQL injection vulnerabilities.
  23. Barco WePresent file_transfer.cgi Command Injection

    This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
  24. Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution

    This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.
  25. IBM RICOH 6400 Printer HTML Injection

    The IBM RICOH 6400 printer suffers from an html injection vulnerability.
Новое на форуме