Subscribe via feed.
Archive for September, 2016

Elantech-Smart Pad 11.9.0.0 Privilege Escalation

Posted by deepcore under exploit (No Respond)

Elantech-Smart Pad version 11.9.0.0 suffers from an unquoted service path privilege escalation vulnerability.

NetDrive 2.6.12 Privilege Escalation

Posted by deepcore under exploit (No Respond)

NetDrive version 2.6.12 suffers from an unquoted service path privilege escalation vulnerability.

Android Stagefright MP4 tx3g Integer Overflow

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two […]

Linux Kernel 4.6.3 Netfilter Privilege Escalation

Posted by deepcore under exploit (No Respond)

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), […]

Sparkasse (Bank) – Service Security Advisory WB021 2016

Posted by deepcore under exploit (No Respond)

No abstract description available in the upcomings!

FaceDancer 2 Platin – New Universal Case for PenTests

Posted by deepcore under exploit (No Respond)

No abstract description available in the upcomings!

http://www.paoordonchai.go.th/index.php?pages=event_detail&ev_id=95

Posted by deepcore under defacement (No Respond)

http://www.paoordonchai.go.th/index.php?pages=event_detail&ev_id=95 notified by hacksupport.ir

Tags:

http://www.sanmaka.go.th/index.php?pages=event_detail&ev_id=18

Posted by deepcore under defacement (No Respond)

http://www.sanmaka.go.th/index.php?pages=event_detail&ev_id=18 notified by hacksupport.ir

Tags:

Matrimonial Website Script 1.0.2 SQL Injection

Posted by deepcore under exploit (No Respond)

Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.

Microix Timesheet Module SQL Injection

Posted by deepcore under exploit (No Respond)

Microix Timesheet module suffers from a remote SQL injection vulnerability.