Twenty Year Anniversary

Recent Files

Files RSS Feed
Linux Broken UID/GID Mapping
Posted Nov 16, 2018
Authored by Jann Horn, Google Security Research

Linux has a broken uid/gid mapping for nester user namespaces with greater than 5 ranges.

tags | exploit
systems | linux
Asterisk Project Security Advisory - AST-2018-010
Posted Nov 15, 2018
Authored by Jan Hoffmann | Site asterisk.org

Asterisk Project Security Advisory - There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker's request causes Asterisk to segfault and crash.

tags | advisory, overflow
PHP-Proxy 5.1.0 Local File Inclusion
Posted Nov 15, 2018
Authored by Ameer Pornillos

PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
Ubuntu Security Notice USN-3823-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
WordPress Ninja Forms 3.3.17 Cross Site Scripting
Posted Nov 15, 2018
Authored by MTK

WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting
Posted Nov 15, 2018
Authored by Socket_0x03

WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
PHP Mass Mail 1.0 Shell Upload
Posted Nov 15, 2018
Authored by Ihsan Sencan

PHP Mass Mail version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
Red Hat Security Advisory 2018-3618-01
Posted Nov 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
Ubuntu Security Notice USN-3822-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3822-2 - USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
2-Plan Team 1.0.4 Shell Upload
Posted Nov 15, 2018
Authored by Ihsan Sencan

2-Plan Team version 1.0.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
Simple E-Document 1.31 SQL Injection
Posted Nov 15, 2018
Authored by Ihsan Sencan

Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Ubuntu Security Notice USN-3822-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3822-1 - Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-3821-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3821-2 - USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
Kordil EDMS 2.2.60rc3 Shell Upload
Posted Nov 15, 2018
Authored by Ihsan Sencan

Kordil EDMS version 2.2.60rc3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, sql injection
Meneame English Pligg 5.8 SQL Injection
Posted Nov 15, 2018
Authored by Ihsan Sencan

Meneame English Pligg version 5.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
EverSync 0.5 Arbitrary File Download
Posted Nov 15, 2018
Authored by Ihsan Sencan

EverSync version 0.5 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
Ubuntu Security Notice USN-3817-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3817-2 - USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
Ubuntu Security Notice USN-3821-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3821-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-3820-3
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3820-3 - Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Galaxy Forces MMORPG 0.5.8 SQL Injection
Posted Nov 15, 2018
Authored by Ihsan Sencan

Galaxy Forces MMORPG version 0.5.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Net-Billetterie 2.9 SQL Injection
Posted Nov 15, 2018
Authored by Ihsan Sencan

Net-Billetterie version 2.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
BiP Messenger Denial Of Service
Posted Nov 15, 2018
Authored by KnocKout

BiP Messenger suffers from a denial of service vulnerability.

tags | exploit, denial of service
Malicious Git HTTP Server
Posted Nov 15, 2018
Site metasploit.com

This Metasploit module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.

tags | exploit
Apkatshu 1.0
Posted Nov 15, 2018
Authored by Abdeljalil Nouiri

Apkatshu is a tool for for extracting urls, emails, ip addresses, and interesting data from APK files. The user can choose either JADX or APKTOOL for de-compilation.

tags | tool
systems | unix
Ubuntu Security Notice USN-3820-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3820-2 - USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
View Older Files →

Recent News

News RSS Feed
It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price
Posted Nov 14, 2018

tags | headline, government, privacy, spyware
Falcon 9 Backlog Delays Canada's $1B Surveillance Project
Posted Nov 14, 2018

tags | headline, canada, space, spyware, science
US Asks London Court To Hand Over Two Alleged Hackers
Posted Nov 14, 2018

tags | headline, hacker, government, bank, usa, britain, cybercrime, fraud, identity theft
Want To Hack An ATM For Free Cash? It's As Easy As Windows XP
Posted Nov 14, 2018

tags | headline, hacker, bank, cybercrime, fraud, flaw
Facebook Patches Another User Data Harvesting Bug
Posted Nov 13, 2018

tags | headline, privacy, data loss, flaw, facebook, social
Nordstrom Data Breach Exposes Employee Information
Posted Nov 13, 2018

tags | headline, hacker, privacy, data loss
Google Hit With IP Hijack Taking Down Several Services
Posted Nov 13, 2018

tags | headline, russia, china, google
Pakistan Military Hit By Operation Shaheen Malware
Posted Nov 13, 2018

tags | headline, government, malware, cyberwar, pakistan, military
The Motherboard Guide To Not Getting Hacked
Posted Nov 12, 2018

Irony Meter Explodes As WordPress GDPR Plugin Used To Takeover Sites
Posted Nov 12, 2018

tags | headline, hacker, government, data loss, flaw, wordpress
View More News →

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close