Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 3 hours 22 min ago

CMS Made Simple 2.2.1 Local File Inclusion

Sat, 07/01/2017 - 21:22
CMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.
Categories: Security

Packet Storm New Exploits For June, 2017

Sat, 07/01/2017 - 11:45
This archive contains all of the 207 exploits added to Packet Storm in June, 2017.
Categories: Security

Google Chrome RegExp Stubs Out-Of-Bounds Access

Fri, 06/30/2017 - 13:08
Google Chrome suffers from an out-of-bounds access vulnerability in RegExp.prototype.exec and RegExp.prototype.test.
Categories: Security

LG ASFParser::SetMetaData Stack Overflow

Fri, 06/30/2017 - 13:07
LG suffers from multiple stack overflows in ASFParser::SetMetaData.
Categories: Security

Linux Kernel ldso_dynamic Stack Clash Privilege Escalation

Fri, 06/30/2017 - 13:06
Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
Categories: Security

OpenBSD at Stack Clash Privilege Escalation

Fri, 06/30/2017 - 13:04
OpenBSD 'at' local stack clash privilege escalation exploit.
Categories: Security

Linux Kernel ldso_hwcap_64 Stack Clash Privilege Escalation

Fri, 06/30/2017 - 13:01
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
Categories: Security

Linux Kernel offset2lib Stack Clash

Fri, 06/30/2017 - 13:00
Linux kernel offset2lib stack clash exploit.
Categories: Security

Easy File Sharing Web Server 7.2 Account Import Buffer Overflow

Fri, 06/30/2017 - 12:58
Easy File Sharing Web Server version 7.2 suffers from an account import local buffer overflow vulnerability.
Categories: Security

Microsoft Dynamic CRM 2016 Cross Site Scripting

Fri, 06/30/2017 - 11:22
Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.
Categories: Security

Microsoft .NET Framework 4.7 DLL Hijacking

Fri, 06/30/2017 - 07:33
Microsoft .NET Framework version 4.7 suffers from dll hijacking vulnerabilities.
Categories: Security

Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions

Fri, 06/30/2017 - 06:01
Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.
Categories: Security

Digital Canal Structural Wind Analysis 9.1 Buffer Overflow

Fri, 06/30/2017 - 05:22
Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.
Categories: Security

Microsoft Machine Debug Manager (mdm) DLL Hijacking

Fri, 06/30/2017 - 00:55
Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.
Categories: Security

FreeBSD setrlimit Stack Clash Proof Of Concept

Thu, 06/29/2017 - 14:32
FreeBSD setrlimit stack clash proof of concept exploit.
Categories: Security

Linux Kernel ldso_hwcap Stack Clash Privilege Escalation

Thu, 06/29/2017 - 14:32
Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
Categories: Security

FreeBSD FGPE Stack Clash Proof Of Concept

Thu, 06/29/2017 - 13:32
FreeBSD FGPE stack clash proof of concept exploit.
Categories: Security

FreeBSD FGPU Stack Clash Proof Of Concept

Thu, 06/29/2017 - 12:32
FreeBSD FGPU stack clash proof of concept exploit.
Categories: Security

Oracle Solaris 11.1 / 11.3 rsh Stack Clash Privilege Escalation

Thu, 06/29/2017 - 11:23
Oracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.
Categories: Security

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

Thu, 06/29/2017 - 09:26
This Metasploit module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed. This Metasploit module supports 3 specific versions of the Backup Exec agent in the 14, 15 and 16 series on 64-bit and 32-bit versions of Windows and has been tested from Vista to Windows 10.
Categories: Security