Twenty Year Anniversary

Recent Files

Files RSS Feed
QEMU Guest Agent 2.12.50 Denial Of Service
Posted Jun 22, 2018
Authored by Fakhri Zulkifli

QEMU Guest Agent version 2.12.50 suffers from a denial of service vulnerability.

tags | exploit, denial of service
phpMyAdmin 4.8.1 Code Execution / Local File Inclusion
Posted Jun 22, 2018
Authored by VulnSpy

phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.

tags | exploit, local, code execution, file inclusion
phpLDAPadmin 1.2.2 LDAP Injection
Posted Jun 22, 2018
Authored by Berk Dusunur

phpLDAPadmin version 1.2.2 suffers from a server_id LDAP injection vulnerability.

tags | exploit
GreenCMS 2.3.0603 Information Disclosure
Posted Jun 22, 2018
Authored by vr_system

GreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.

tags | exploit, info disclosure
phpMyAdmin 4.8.1 Local File Inclusion
Posted Jun 22, 2018
Authored by ChaMd5

phpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
Case Study: Security Of Modern Bluetooth Keyboards
Posted Jun 22, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

tags | paper, vulnerability
Ubuntu Security Notice USN-3691-1
Posted Jun 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
NewMark CMS 2.1 SQL Injection
Posted Jun 21, 2018
Authored by Berk Dusunur

NewMark CMS version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
LFCMS 3.7.0 Cross Site Request Forgery
Posted Jun 21, 2018
Authored by bay0net

LFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.

tags | exploit, csrf
IPConfigure Orchid VMS 2.0.5 Directory Traversal / Information Disclosure
Posted Jun 21, 2018
Authored by Sanjiv Kawa | Site metasploit.com

Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.

tags | exploit, remote, web, arbitrary, file inclusion
systems | linux, windows
Apache CouchDB Remote Code Execution
Posted Jun 21, 2018
Authored by Cody Zacharias

Apache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
TP-Link TL-WA850RE Remote Command Execution
Posted Jun 21, 2018
Authored by yoresongo

TP-Link TL-WA850RE suffers from a remote command execution vulnerability.

tags | exploit, remote
Dell EMC RecoverPoint Local Root Command Execution
Posted Jun 21, 2018
Authored by Paul Taylor

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.

tags | exploit, local, root
LFCMS 3.7.0 Cross Site Request Forgery
Posted Jun 21, 2018
Authored by bay0net

LFCMS version 3.7.0 suffers from an add administrator cross site request forgery vulnerability.

tags | exploit, csrf
Mirasys DVMS Workstation 5.12.6 Path Traversal
Posted Jun 21, 2018
Authored by Dick Snel

Mirasys DVMS Workstation versions 5.12.6 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
Dell EMC RecoverPoint Remote Root
Posted Jun 21, 2018
Authored by Paul Taylor

Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.

tags | exploit, remote, root
FreeBSD Security Advisory - FreeBSD-SA-18:07.lazyfpu
Posted Jun 21, 2018
Authored by Julian Stecklina | Site security.freebsd.org

FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.

tags | advisory, local
systems | freebsd, bsd
Opencart 3.0.2.0 google_sitemap Remote Denial Of Service
Posted Jun 21, 2018
Authored by Todor Donev

Opencart versions 3.0.2.0 and below suffer from a google_sitemap remote denial of service vulnerability.

tags | exploit, remote, denial of service
ntp 4.2.8p11 Local Buffer Overflow
Posted Jun 21, 2018
Authored by Fakhri Zulkifli

ntp version 4.2.8p11 local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
VideoInsight WebClient 5 SQL Injection
Posted Jun 21, 2018
Authored by vosec

VideoInsight WebClient version 5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Redis 5.0 Denial Of Service
Posted Jun 21, 2018
Authored by Fakhri Zulkifli

Redis version 5.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MaDDash 2.0.2 Directory Listing
Posted Jun 21, 2018
Authored by ManhNho

MaDDash version 2.0.2 suffers from a directory listing disclosure vulnerability.

tags | exploit, info disclosure
Slackware Security Advisory - gnupg Updates
Posted Jun 20, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
Debian Security Advisory 4232-1
Posted Jun 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.

tags | advisory
systems | linux, debian
Red Hat Security Advisory 2018-1954-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.

tags | advisory
systems | linux, redhat
View Older Files →

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Recent News

News RSS Feed
Script Kiddie Gets 20 Months After DDoSing 911
Posted Jun 20, 2018

tags | headline, hacker, government, denial of service
Hackers Rob Bithumb Of $32m
Posted Jun 20, 2018

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
China-Based Hackers Burrow Inside Satellite, Defense, And Telecom Firms
Posted Jun 20, 2018

tags | headline, hacker, government, china, cyberwar
Tesla Sues Former Worker For Hacking
Posted Jun 20, 2018

tags | headline, hacker, data loss
Hackers Who Sabotaged The Olympic Games Return For More Mischief
Posted Jun 19, 2018

tags | headline, hacker, cyberwar
Alleged Leaker Of Vault7 Cache Busted By Poor OpSec
Posted Jun 19, 2018

tags | headline, government, usa, data loss, cyberwar, password, fbi, cia
7 Time Jeopardy! Winner Pleads Guilty To Hacking
Posted Jun 19, 2018

tags | headline, hacker, privacy, email
FBI Recovers WhatsApp, Signal Data Stored On Michael Cohen's BlackBerry
Posted Jun 18, 2018

tags | headline, government, usa, phone, russia, fraud, fbi
US Exposes North Korea Government's Typeframe Malware
Posted Jun 18, 2018

tags | headline, government, malware, usa, cyberwar, korea
PageUp Confirms Some Data Compromised In Breach
Posted Jun 18, 2018

tags | headline, hacker, data loss
View More News →

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close