This tool helps exploit race conditions on Windows filesystems.
Monthly Archives: October 2015
WinRAR Settings Import Command Execution
WinRAR settings import command execution proof of concept exploit.
vCenter Java JMX/RMI Remote Code Execution
VMware vCenter Server provides a centralized platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware vCenter was found to bind an unauthenticated JMX/RMI service to the network stack. An attacker with access can abuse the configuration to achieve remote code execution, providing SYSTEM level access to the server.
Pygments FontManager._get_nix_font_path Shell Injection
Pygments FontManager._get_nix_font_path version 1.2.2-2.0.2 suffers from a shell injection vulnerability.
CVE-2015-2858
Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do.
CVE-2015-3876
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
CVE-2015-4546
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
CVE-2015-6602
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
Bugtraq: [SYSS-2015-002] Kaspersky Endpoint Security – Use of One-Way Hash withouth a Salt
[SYSS-2015-002] Kaspersky Endpoint Security – Use of One-Way Hash withouth a Salt
Bugtraq: [SYSS-2015-003] Kaspersky Small Office Security – Authentication Bypass
[SYSS-2015-003] Kaspersky Small Office Security – Authentication Bypass