Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 11 hours 54 min ago

Microsoft Office Word 2007 / 2010 / 2013 / 2016 Remote Code Execution

Fri, 08/12/2016 - 09:44
Microsoft Office Word versions 2007, 2010, 2013, and 2016 suffer from an out-of-bounds read that allows for remote code execution. This vulnerability is noted in MS16-099.
Categories: Security

MSIE Read AV In MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal

Fri, 08/12/2016 - 03:22
Microsoft Internet Explorer read AV in MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal proof of concept exploit.
Categories: Security

DLL Side Loading In VMware Host Guest Client Redirector

Wed, 08/10/2016 - 19:52
A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
Categories: Security

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution

Wed, 08/10/2016 - 19:50
The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
Categories: Security

NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution

Wed, 08/10/2016 - 19:46
The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
Categories: Security

Netcore Router Udp 53413 Backdoor

Wed, 08/10/2016 - 19:46
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.
Categories: Security

SAP CAR Archive Tool Denial Of Service / Security Bypass

Wed, 08/10/2016 - 19:42
SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
Categories: Security

EyeLock nano NXT 3.5 Remote Root

Wed, 08/10/2016 - 10:47
EyeLock's nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the 'rpc.php' script located in the '/scripts' directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters 'timeserver' and 'localtime' that are called within a shell_exec() function for setting the local time and the hardware clock of the device. An attacker can exploit these conditions gaining full system (root) access and execute OS commands on the affected device by injecting special characters to the affected parameters and further bypass the access control in place.
Categories: Security

EyeLock nano NXT 3.5 Local File Disclosure

Wed, 08/10/2016 - 10:46
nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
Categories: Security

EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation

Wed, 08/10/2016 - 10:43
EyeLock Myris version 3.3.2 suffers from an unquoted search path issue impacting the service 'MyrisService' for Windows deployed as part of Myris solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Categories: Security

Facebook User ID Bypass Issue

Tue, 08/09/2016 - 13:40
A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.
Categories: Security

AirSnort 0.2.7 Stack Corruption Denial Of Service

Tue, 08/09/2016 - 13:39
AirSnort version 0.2.7 suffers from a stack corruption denial of service vulnerability.
Categories: Security

Any Video Converter 5.9.5 DLL Hijacking

Tue, 08/09/2016 - 13:36
Any Video Converter version 5.9.5 suffers from a dll hijacking vulnerability.
Categories: Security

Microsoft GDI+ Out-Of-Bounds Read

Tue, 08/09/2016 - 13:35
Microsoft GDI+ suffers from an out-of-bounds read in DIB palette handling in ValidateBitmapInfo.
Categories: Security

Nuke Evolution 2.0.9d Cross Site Scripting

Tue, 08/09/2016 - 08:33
Nuke Evolution version 2.0.9d suffers from multiple client-side cross site scripting vulnerabilities.
Categories: Security

FortiVoice 5.0 Cross Site Scripting

Mon, 08/08/2016 - 21:22
FortiVoice version 5.0 suffers from filter bypass and cross site scripting vulnerabilities.
Categories: Security

Nagios Network Analyzer 2.2.1 Cross Site Request Forgery

Mon, 08/08/2016 - 18:23
Nagios Network Analyzer version 2.2.1 suffers from a cross site request forgery vulnerability.
Categories: Security

Nagios Network Analyzer 2.2.1 Cross Site Scripting

Mon, 08/08/2016 - 18:03
Nagios Network Analyzer version 2.2.1 suffers from a cross site scripting vulnerability.
Categories: Security

Navis WebAccess SQL Injection

Mon, 08/08/2016 - 17:22
Navis WebAccess Express version suffers from a remote SQL injection vulnerability.
Categories: Security

WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation

Mon, 08/08/2016 - 16:21
WebNMS Framework versions 5.2 and 5.2 SP1 suffer from directory traversal, code execution, weak obfuscation, and user impersonation vulnerabilities.
Categories: Security