Easy MOV Converter 1.4.24 Buffer Overflow

!/usr/bin/python Exploit Title: Easy MOV Converter 1.4.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 13-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Easy MOV Converter Vendor Homepage: http://www.divxtodvd.net/ Version: 1.4.24 Software Link:...

DiskBoss 8.0.16 - Input Directory Local Buffer Overflow

DiskBoss 8.0.16 - Input Directory Local Buffer Overflow !/usr/bin/python Exploit Title: DiskBoss v8.0.16 - Local Buffer Overflow Date: 11-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: DiskBoss v8.0.16 Freeware, Pro and Ultimate Vendor Homepage:...

ImageWorsener Denial of Service Vulnerability (CNVD-2017-08091)

ImageWorsener is a set of image scaling and processing utilities. A denial of service vulnerability exists in imagew-cmd.c:854:45 in the libimageworsener.a file in ImageWorsener version 1.3.1. A remote attacker can exploit this vulnerability to cause a denial of service except for a zero error wi...

Threat Outbreak Alert RuleID29035: Email Messages Distributing Malicious Software on May 8, 2017

Medium Alert ID: 53756 First Published: 2017 May 9 13:50 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID29035 may contain the following files: Name | Size ...

openSUSE Security Update : open-vm-tools (openSUSE-2017-385)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

SUSE SLES11 Security Update : open-vm-tools (SUSE-SU-2017:0705-1)

This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues : - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework CAF - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand ...

Apache Struts Jakarta Multipart Parser OGNL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

Rapid7 Metasploit Directory Traversal Vulnerability (CNVD-2017-02664)

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter stdapi CommandDispatcher.cmddownload function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the...

DEBIAN-CVE-2016-10028

The virglcmdgetcapset function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service out-of-bounds read and process crash via a VIRTIOGPUCMDGETCAPSET command with a maximum capabilities size...

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit)

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command...

dirLIST 0.3.0 - Arbitrary File Upload

dirLIST 0.3.0 - Arbitrary File Upload + + Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList...

dirLIST 0.3.0 - Arbitrary File Upload

Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList v0.3.0 Download: ===========...

Enigma Fileless UAC Bypass

a This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ Exploit Title : enigmafilelessuacbypass.rb Module...

Trend Micro Smart Protection Server Exec Remote Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' require 'base64' class MetasploitModule "Trend Micro Smart Protection Server Exec Remote Code Injection", 'Description' = %q This...

Apache Zookeeper Buffer Overflow Vulnerability

Apache Zookeeper is a software project of the U.S. Apache Apache Software Foundation, which can provide open source distributed configuration services, synchronization services, and naming registry for large-scale distributed computing. A buffer overflow vulnerability exists in the C cli shell in...

PT-2016-3454 · Apache +2 · Apache Zookeeper +2

Name of the Vulnerable Software and Affected Versions: Apache Zookeeper versions 3.4.9 and earlier, 3.5.x before 3.5.3 Description: The issue is related to a buffer overflow in the C cli shell of Apache Zookeeper when using the "cmd:" batch mode syntax. This can allow attackers to have an impact ...

CVE-2016-5676

cgi-bin/cgisystem in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action...

Design/Logic Flaw

cgi-bin/cgisystem in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action...

Fedora 24 : firewalld (2016-de55d2c2c9)

Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIGINFO - Update AppData configuration file. - tests/firewalldrich.py: Use new import structure and FirewallClient classes - tests/firewallddirect.py:...

Ubiquiti airOS - Arbitrary File Upload (Metasploit)

Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth fi...