secfeeds_exploit

secfeeds_exploit Pipes Output http://pipes.yahoo.com/pipes/pipe.info?_id=GCiNc_TY3BGxBZ9TmLokhQ Thu, 01 Oct 2015 22:12:51 +0000 http://pipes.yahoo.com/pipes/ Packet Storm New Exploits For September, 2015 https://packetstormsecurity.com/files/133814/1509-exploits.tgz This archive contains 191 exploits that were added to Packet Storm in September, 2015. https://packetstormsecurity.com/files/133814/1509-exploits.tgz Thu, 01 Oct 2015 18:03:30 +0000 Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Unsalted Hash https://packetstormsecurity.com/files/133812/SYSS-2015-002.txt The SySS GmbH found out that the admin password for protecting different functions of the Kaspersky Endpoint Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry. https://packetstormsecurity.com/files/133812/SYSS-2015-002.txt Thu, 01 Oct 2015 17:59:10 +0000 Kaspersky Anti-Virus 15.0.1.415 Unsalted Hash https://packetstormsecurity.com/files/133810/SYSS-2015-010.txt The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Anti-Virus software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry. https://packetstormsecurity.com/files/133810/SYSS-2015-010.txt Thu, 01 Oct 2015 17:56:33 +0000 Kaspersky Internet Security 15.0.2.361 Unsalted Hash https://packetstormsecurity.com/files/133808/SYSS-2015-008.txt The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Internet Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry. https://packetstormsecurity.com/files/133808/SYSS-2015-008.txt Thu, 01 Oct 2015 17:53:48 +0000 Kaspersky Total Security 15.0.1.415 Unsalted Hash https://packetstormsecurity.com/files/133806/SYSS-2015-006.txt The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Total Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry. https://packetstormsecurity.com/files/133806/SYSS-2015-006.txt Thu, 01 Oct 2015 17:48:14 +0000 Kaspersky Small Office Security 13.0.4.233 Unsalted Hash https://packetstormsecurity.com/files/133804/SYSS-2015-004.txt The SySS GmbH found out that the administrator password for protecting different functions of the Kaspersky Small Office Security software, like managing backups or stopping protection services, is stored as raw, unsalted MD5 hash value in the Windows registry. https://packetstormsecurity.com/files/133804/SYSS-2015-004.txt Thu, 01 Oct 2015 17:44:13 +0000 MakeSFX.exe 1.44 Stack Buffer Overflow https://packetstormsecurity.com/files/133799/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt MakeSFX.exe version 1.44 suffers from stack-based buffer overflow vulnerability. https://packetstormsecurity.com/files/133799/AS-MAKESFX-BUFF-OVERFLOW-09302015.txt Thu, 01 Oct 2015 16:07:56 +0000 ElasticSearch Path Traversal Arbitrary File Download https://packetstormsecurity.com/files/133797/CVE-2015-5531.tgz Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure. https://packetstormsecurity.com/files/133797/CVE-2015-5531.tgz Thu, 01 Oct 2015 16:00:19 +0000 Dropbox FinderLoadBundle OS X Local Root Exploit https://packetstormsecurity.com/files/133796/dropboxfinderloadbundle.sh.txt The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell. https://packetstormsecurity.com/files/133796/dropboxfinderloadbundle.sh.txt Thu, 01 Oct 2015 15:55:54 +0000 WinRAR Expired Notification Command Execution https://packetstormsecurity.com/files/133795/win_rar_rce.py.txt WinRAR suffers from an expired notification OLE remote command execution vulnerability. https://packetstormsecurity.com/files/133795/win_rar_rce.py.txt Thu, 01 Oct 2015 15:53:44 +0000 [local] - Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation https://www.exploit-db.com/exploits/38371 Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation edb-38371 Thu, 01 Oct 2015 00:00:00 +0000 local [remote] - PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities https://www.exploit-db.com/exploits/38370 PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities edb-38370 Thu, 01 Oct 2015 00:00:00 +0000 remote [webapps] - Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection https://www.exploit-db.com/exploits/38369 Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection edb-38369 Thu, 01 Oct 2015 00:00:00 +0000 webapps Kaseya Virtual System Administrator Code Execution / Privilege Escalation https://packetstormsecurity.com/files/133782/kaseyavsa-execescalate.txt Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected. https://packetstormsecurity.com/files/133782/kaseyavsa-execescalate.txt Wed, 30 Sep 2015 04:13:09 +0000 Mitsubishi Melsec FX3G-24M Denial Of Service https://packetstormsecurity.com/files/133780/mitsubishimelsec-dos.txt Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability. https://packetstormsecurity.com/files/133780/mitsubishimelsec-dos.txt Wed, 30 Sep 2015 04:08:00 +0000 Western Digital My Cloud Command Injection https://packetstormsecurity.com/files/133777/westerndigitalmycloud-exec.txt Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability. https://packetstormsecurity.com/files/133777/westerndigitalmycloud-exec.txt Wed, 30 Sep 2015 03:57:03 +0000 WordPress mTheme-Unus Local File Inclusion https://packetstormsecurity.com/files/133778/wpmthemeunus-lfi.txt WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability. https://packetstormsecurity.com/files/133778/wpmthemeunus-lfi.txt Wed, 30 Sep 2015 00:00:22 +0000 [local] - MakeSFX.exe 1.44 - Stack Buffer Overflow https://www.exploit-db.com/exploits/38362 MakeSFX.exe 1.44 - Stack Buffer Overflow edb-38362 Wed, 30 Sep 2015 00:00:00 +0000 local [local] - Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit https://www.exploit-db.com/exploits/38360 Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit edb-38360 Wed, 30 Sep 2015 00:00:00 +0000 local Centreon 2.6.1 Persistent Cross Site Scripting https://packetstormsecurity.com/files/133758/ZSL-2015-5266.txt Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability. https://packetstormsecurity.com/files/133758/ZSL-2015-5266.txt Tue, 29 Sep 2015 01:14:40 +0000 PCMan FTP Server 2.0.7 Directory Traversal https://packetstormsecurity.com/files/133756/pcman_dir_traversal.py.txt PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability. https://packetstormsecurity.com/files/133756/pcman_dir_traversal.py.txt Tue, 29 Sep 2015 01:11:49 +0000 Vtiger CRM 6.3 Remote Code Execution https://packetstormsecurity.com/files/133755/vtiger-crm-authenticated-rce-cve-2015-6000.txt Vtiger CRM versions 6.3 and below suffer from an authenticated remote code execution vulnerability. https://packetstormsecurity.com/files/133755/vtiger-crm-authenticated-rce-cve-2015-6000.txt Tue, 29 Sep 2015 01:09:53 +0000 [local] - Ubuntu Apport - Local Privilege Escalation https://www.exploit-db.com/exploits/38353 Ubuntu Apport - Local Privilege Escalation edb-38353 Tue, 29 Sep 2015 00:00:00 +0000 local [remote] - ManageEngine EventLog Analyzer Remote Code Execution https://www.exploit-db.com/exploits/38352 ManageEngine EventLog Analyzer Remote Code Execution edb-38352 Tue, 29 Sep 2015 00:00:00 +0000 remote [webapps] - Kaseya Virtual System Administrator - Multiple Vulnerabilities https://www.exploit-db.com/exploits/38351 Kaseya Virtual System Administrator - Multiple Vulnerabilities edb-38351 Tue, 29 Sep 2015 00:00:00 +0000 webapps [webapps] - Western Digital My Cloud 04.01.03-421, 04.01.04-422 - Command Injection https://www.exploit-db.com/exploits/38350 Western Digital My Cloud 04.01.03-421, 04.01.04-422 - Command Injection edb-38350 Tue, 29 Sep 2015 00:00:00 +0000 webapps [local] - IconLover 5.42 - Local Buffer Overflow Exploit https://www.exploit-db.com/exploits/38349 IconLover 5.42 - Local Buffer Overflow Exploit edb-38349 Tue, 29 Sep 2015 00:00:00 +0000 local Centreon 2.6.1 Command Injection https://packetstormsecurity.com/files/133754/ZSL-2015-5265.txt Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks. https://packetstormsecurity.com/files/133754/ZSL-2015-5265.txt Mon, 28 Sep 2015 22:03:28 +0000 IconLover 5.4.5 Stack Buffer Overflow https://packetstormsecurity.com/files/133753/VL-1609.txt IconLover version 5.4.5 suffers from a stack buffer overflow vulnerability. https://packetstormsecurity.com/files/133753/VL-1609.txt Mon, 28 Sep 2015 22:02:19 +0000 Photos In Wifi 1.0.1 File Upload https://packetstormsecurity.com/files/133752/VL-1600.txt Photos in Wifi version 1.0.1 suffers from a remote shell upload vulnerability. https://packetstormsecurity.com/files/133752/VL-1600.txt Mon, 28 Sep 2015 22:01:02 +0000 Centreon 2.6.1 Add Administrator Cross Site Request Forgery https://packetstormsecurity.com/files/133751/ZSL-2015-5263.txt Centreon version 2.6.1 add administrator cross site request forgery exploit. https://packetstormsecurity.com/files/133751/ZSL-2015-5263.txt Mon, 28 Sep 2015 20:53:39 +0000 Flash Failing Checks On uint Capacity Field https://packetstormsecurity.com/files/133750/GS20150928205154.tgz The latest version of the Vector.primitive length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it is no longer possible to obviously bypass the length check there is still unguarded data in the object which could be corrupted to serve as a useful primitive. https://packetstormsecurity.com/files/133750/GS20150928205154.tgz Mon, 28 Sep 2015 20:51:54 +0000 BisonWare BisonFTP 3.5 Directory Traversal https://packetstormsecurity.com/files/133749/bisonftp_dir_trav.py.txt BisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability. https://packetstormsecurity.com/files/133749/bisonftp_dir_trav.py.txt Mon, 28 Sep 2015 20:48:44 +0000 ManageEngine EventLog Analyzer Remote Code Execution https://packetstormsecurity.com/files/133747/manageengine_eventlog_analyzer_rce.rb.txt This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1. https://packetstormsecurity.com/files/133747/manageengine_eventlog_analyzer_rce.rb.txt Mon, 28 Sep 2015 20:46:07 +0000 Rowhammer Linux Kernel Privilege Escalation Proof Of Concept https://packetstormsecurity.com/files/133746/GS20150928204418.tgz Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability. https://packetstormsecurity.com/files/133746/GS20150928204418.tgz Mon, 28 Sep 2015 20:44:24 +0000