| Real Name | Jeremy Brown |
|---|---|
| Email address | private |
| Website | www.patchtuesday.org |
| First Active | 2008-07-15 |
| Last Active | 2024-09-17 |
Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.
9dade0df8f26903fcb75bd7b183f65c133b07d815d2b11143e1d860fcdd45b69Ajenti suffers from a remote command execution vulnerability.
3ce7fe662dcd1fad936763e9f3e597eb74b20d6a571486419c63670bd70af341Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.
b15f4fd333fcf9d670e064eb5b3dad7f4a747ec68639d072cdd1b87952bd0932Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.
2ea784cb2e8c7480e908e5c807ce3794e55180d4810c749af54e54a9ebd67e38BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.
bd30887efb78ca75643bdfeb691e5df802ec1870544c4f1e7545cffa5cd735a5ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
2c0f6f6b21b511449035e2b2b61b08aee0745f3cdf87d7aafc0923f37045eda2Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
f28103bb662242ae801f776d08ccdde67c38f672be8c6e74442448c1196c65d8Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
782706b36ec37423bb60b4189000385c972cba361ddd33631487a01b1346633aSeagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.
4a656cf67191a9b5d586dc37c9e4d421b37d29b2e9e8805a00d6eaf3e1021219Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
63740e368582aaa39bf0e329e2d82cdd141937b5026cb93e2a3e1238803204cfComodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9f9180461e9cd73423e245a053523757ad172b33d270f5c669f95253b81dd237EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.
5c724dc11b55e6135597280fe27cc4c8461fd6d24bff85235297e73f979e85f7There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.
7297622cf93f018ee50d502b4deb7ac9d83396bceed64caa328eab02705135a7Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
b07c9e7c2f54011267e57cd0ce5a5198611a832d36e144dd8d1921b7f7ca3078This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
947c3e740f21931c7ef1cd3e576fdca5e6de25b2e58c1c570786397ac62955ddThis Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
9db02738e3d911d404dec888f15753cc6ace8f4996b9bf8064037d16d77e53a5This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.
a2a7abb62b7094d36913fa79d19bb69245717566e1704427edc640d574c4528eThis Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.
e26c45a50f92baafd2fb68a99ebdaa1c0b4d55454982b873642bcb3d0f2a41d7IBM Tivoli Endpoint version 4.1.1 remote SYSTEM exploit that leverages hard-coded base64 encoded authentication credentials in lcfd.exe and a stack-based buffer overflow when parsing HTTP variable values. Spawns a reverse shell to port 4444.
0f8374a53f9ea835a56ed4f488e0af7bb4381a6ce425701de24237adb0986946The Progea Movicon 11 TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.
fbc50819938d8873cd7f19b69cc6ec9e277dfe76726a60a616df1890c4c8cdf8There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.
d82e97b8f0e340895167edfec6e1532847830e7ddab52ff2c288237ef372149fAutomated Solutions Modbus/TCP OPC server remote heap corruption proof of concept exploit.
7ae800a71fe8daeefaa450bea5c62d13d9d5ab75b738f8589eca89bcfcdeec1fObjectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.
e70ea4466739e596a06c0f314f33e2954e9ab0e032242029fe9f8ed5bb3c90b8Ecava IntegraXor remote active-x buffer overflow proof of concept exploit that leverages a buffer overflow vulnerability.
ccf785b70aa56c4ae7dfb3573cb7ebb521c9081241644d03f355367c2785b3c0This Metasploit module exploits a stack overflow in SCADA Engine BACnet OPC Client v1.0.24. When the BACnet OPC Client parses a specially crafted csv file, arbitrary code may be executed.
2c6eff3365a8cd3ef62a57d222795cb41fc95f13bba51789e6bb9bd0f996aeda
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed