Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 11 hours 54 min ago
Microsoft Office Word versions 2007, 2010, 2013, and 2016 suffer from an out-of-bounds read that allows for remote code execution. This vulnerability is noted in MS16-099.
Microsoft Internet Explorer read AV in MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal proof of concept exploit.
A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.
The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.
SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
EyeLock's nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the 'rpc.php' script located in the '/scripts' directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters 'timeserver' and 'localtime' that are called within a shell_exec() function for setting the local time and the hardware clock of the device. An attacker can exploit these conditions gaining full system (root) access and execute OS commands on the affected device by injecting special characters to the affected parameters and further bypass the access control in place.
nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
EyeLock Myris version 3.3.2 suffers from an unquoted search path issue impacting the service 'MyrisService' for Windows deployed as part of Myris solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.
AirSnort version 0.2.7 suffers from a stack corruption denial of service vulnerability.
Any Video Converter version 5.9.5 suffers from a dll hijacking vulnerability.
Microsoft GDI+ suffers from an out-of-bounds read in DIB palette handling in ValidateBitmapInfo.
Nuke Evolution version 2.0.9d suffers from multiple client-side cross site scripting vulnerabilities.
FortiVoice version 5.0 suffers from filter bypass and cross site scripting vulnerabilities.
Nagios Network Analyzer version 2.2.1 suffers from a cross site request forgery vulnerability.
Nagios Network Analyzer version 2.2.1 suffers from a cross site scripting vulnerability.
Navis WebAccess Express version suffers from a remote SQL injection vulnerability.
WebNMS Framework versions 5.2 and 5.2 SP1 suffer from directory traversal, code execution, weak obfuscation, and user impersonation vulnerabilities.