what you don't know can hurt you

Recent Files

Files RSS Feed
LeHACK 2019 Call For Papers
Posted Jan 22, 2019
Authored by Le HACK Conference | Site submit.lehack.org

LeHACK 2019 is a yearly rendezvous where hackers and aficionados are meeting around with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2019 will be held in La Cite des Sciences, Paris (France) on the 6th and 7th of July 2019.

tags | paper, conference
Red Hat Security Advisory 2019-0137-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0137-01 - This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a broken CVE fix.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2019-0136-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0136-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Issues addressed include a SAML issue.

tags | advisory, java
systems | linux, redhat
Red Hat Security Advisory 2019-0139-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0139-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a SAML issue.

tags | advisory, java
systems | linux, redhat
PLC Wireless Router GPN2.4P21-C-CN Cross Site Request Forgery
Posted Jan 22, 2019
Authored by Kumar Saurav

PLC Wireless Router GPN2.4P21-C-CN suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control
Posted Jan 22, 2019
Authored by Kumar Saurav

PLC Wireless Router GPN2.4P21-C-CN suffers from an incorrect access control vulnerability.

tags | exploit
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Jan 22, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.

tags | exploit, overflow
ManageEngine OpManager 12.3 Privilege Escalation
Posted Jan 22, 2019
Authored by Humberto Cabrera | Site zeroscience.mk

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

tags | exploit
Ubuntu Security Notice USN-3865-1
Posted Jan 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3865-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
Flawfinder 2.0.8
Posted Jan 22, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: A number of bugs were addressed as well as some small improvements. Documentation has been tweaked.
tags | tool
systems | unix
Faraday 3.5.0
Posted Jan 22, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Redesign of new/edit vulnerability forms. Added new custom fields feature to vulnerabilities. Added ./manage.py migrate to perform alembic migrations. Various other additions and updates.
tags | tool, rootkit
systems | unix
Red Hat Security Advisory 2019-0131-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0131-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
Microsoft Windows VCF Arbitrary Code Execution
Posted Jan 22, 2019
Authored by Eduardo Braun Prado

Microsoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.

tags | exploit, arbitrary, x86, code execution, proof of concept
systems | windows, 7
Red Hat Security Advisory 2019-0130-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0130-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 6 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include open redirection and host name verification.

tags | advisory, java, web
systems | linux, redhat
Ubuntu Security Notice USN-3863-2
Posted Jan 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3863-2 - USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
Ubuntu Security Notice USN-3863-1
Posted Jan 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3863-1 - Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
Debian Security Advisory 4371-1
Posted Jan 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4371-1 - Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicious content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine.

tags | advisory, web, root, code execution
systems | linux, debian
Red Hat Security Advisory 2019-0109-01
Posted Jan 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0109-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, perl
systems | linux, redhat
Ubuntu Security Notice USN-3864-1
Posted Jan 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3864-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
NUUO CMS Session Tokens / Traversal / SQL Injection
Posted Jan 21, 2019
Authored by Pedro Ribeiro

NUUO CMS suffers from directory traversal, predictable session token, unauthenticated remote code execution, and various other vulnerabilities. Multiple metasploit modules included and various versions are affected by the various vulnerabilities.

tags | exploit, remote, vulnerability, code execution
Comodo KORUGAN VM 1.9.3.1100 Cross Site Scripting
Posted Jan 21, 2019
Authored by Ozer Goker

Comodo KORUGAN VM version 1.9.3.1100 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Comodo KORUGAN LITE 1.6.5.1024 Cross Site Scripting
Posted Jan 21, 2019
Authored by Ozer Goker

Comodo KORUGAN LITE version 1.6.5.1024 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SIDU 6.0 Cross Site Scripting
Posted Jan 21, 2019
Authored by Ozer Goker

SIDU version 6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
CA Service Desk Manager 14.1 / 17 Authentication Bypass
Posted Jan 21, 2019
Authored by Kevin Kotas, Bui Duy Hiep | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain additional privileges. CA published solutions to address the vulnerabilities. The first vulnerability is due to how survey access is implemented. A malicious actor can access and submit survey information without authentication. The second vulnerability allows for a malicious actor to gain additional privileges. Versions affected include 14.1 and 17.

tags | advisory, remote, vulnerability
Joomla Akeeba Backup 6.3.3 Database Disclosure
Posted Jan 21, 2019
Authored by KingSkrupellos

Joomla Akeeba Backup component version 6.3.3 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
View Older Files →

Recent News

News RSS Feed
Let's Encrypt Sets February 13 As Cut Off For TLS-SNI
Posted Jan 22, 2019

tags | headline, flaw, cryptography
ACLU Demands Justice Department Reveal Facial Recognition Tech Use
Posted Jan 22, 2019

tags | headline, government, privacy, usa, spyware
Russia Opens Case Against Facebook, Twitter Over Data Laws
Posted Jan 22, 2019

tags | headline, government, privacy, russia, spyware, facebook, twitter
Twitter Warns That Private Tweets Were Public For Years
Posted Jan 18, 2019

tags | headline, privacy, data loss, flaw, twitter
Microsoft Partner Portal Exposes Every Support Request Filed
Posted Jan 18, 2019

tags | headline, privacy, microsoft, data loss
Oracle Releases Patches For 284 Vulnerabilities
Posted Jan 18, 2019

tags | headline, database, flaw, patch, oracle
Microsoft Blue Biz Bug Bounty Bonanza Beckons
Posted Jan 18, 2019

tags | headline, hacker, microsoft, flaw, patch
Shutdown Threatens More Government Websites
Posted Jan 18, 2019

tags | headline, government, privacy, usa, flaw, cryptography
Cook Calls For Laws To Tackle Shadow Economy Of Data Firms
Posted Jan 17, 2019

tags | headline, government, privacy, data loss, fraud, apple, facebook
Monster 773 Million-Record Password Breach List Contains Plaintext Passwords
Posted Jan 17, 2019

tags | headline, hacker, privacy, data loss, password, identity theft
View More News →

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    3 Files
  • 21
    Jan 21st
    17 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close