As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.
This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
In order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky […]
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver […]
AContent CMS version 1.3 suffers from a cross site scripting vulnerability.
QNAP NAS devices suffer from a heap overflow vulnerability.
Free M4A to MP3 Converter version 9.3ck suffers from a dll hijacking vulnerability.
This archive contains all of the 137 exploits added to Packet Storm in December, 2016.
Complete comprehensive archive of all 2,465 exploits added to Packet Storm in 2016.