Twenty Year Anniversary

Recent Files

Files RSS Feed
RabbitMQ Web Management Cross Site Request Forgery
Posted Jun 18, 2018
Authored by Dolev Farhi

RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.

tags | exploit, web, csrf
Pale Moon Browser Use-After-Free
Posted Jun 18, 2018
Authored by Berk Cem Goksel

Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.

tags | exploit
Nikto 2.1.6 CSV Injection
Posted Jun 18, 2018
Authored by Adam Greenhill

Nikto version 2.1.6 suffers from a csv injection vulnerability.

tags | exploit
Redatam Web Server Directory Traversal
Posted Jun 18, 2018
Authored by Berk Dusunur

Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.

tags | exploit, web, file inclusion
Redis-cli Buffer Overflow
Posted Jun 18, 2018
Authored by Fakhri Zulkifli

Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
Audiograbber 1.83 Buffer Overflow
Posted Jun 18, 2018
Authored by Dennis Herrmann

Audiograbber version 1.83 local SEH buffer overflow exploit.

tags | exploit, overflow, local
Joomla Jomres 9.11.2 Cross Site Request Forgery
Posted Jun 18, 2018
Authored by Borna Nematzadeh

Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
phpMyAdmin 4.x Remote Code Execution
Posted Jun 18, 2018
Authored by Matteo Cantoni, Cure53, Michal AihaA | Site metasploit.com

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

tags | exploit, remote, arbitrary, php
Tapplock Smart Lock Insecure Direct Object Reference
Posted Jun 18, 2018
Authored by Vangelis Stykas

Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.

tags | exploit, vulnerability
Ubuntu Security Notice USN-3675-3
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
Ubuntu Security Notice USN-3687-1
Posted Jun 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
Debian Security Advisory 4231-1
Posted Jun 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

tags | advisory, local
systems | linux, debian
Debian Security Advisory 4230-1
Posted Jun 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
Debian Security Advisory 4229-1
Posted Jun 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.

tags | advisory, vulnerability
systems | linux, debian
HP Security Bulletin MFSBGN03810 1
Posted Jun 17, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
HP Security Bulletin MFSBGN03809 1
Posted Jun 16, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
WordPress Redirection 2.7.1 Deserialization Code Execution
Posted Jun 15, 2018
Authored by Glyn Wintle

WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.

tags | exploit, code execution
CA Privileged Access Manager 2.x Code Execution
Posted Jun 15, 2018
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

tags | advisory, remote, vulnerability
Apple Security Advisory 2018-06-13-01
Posted Jun 15, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
Easy Chat Server 3.1 Add User Local Buffer Overflow
Posted Jun 15, 2018
Authored by Hashim Jawad

Easy Chat Server version 3.1 add user local buffer overflow exploit.

tags | exploit, overflow, local
RSA Authentication Manager Cross Site Scripting
Posted Jun 14, 2018
Site emc.com

RSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.

tags | advisory, xss
Debian Security Advisory 4228-1
Posted Jun 14, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.

tags | advisory, php, vulnerability, xss
systems | linux, debian
Ubuntu Security Notice USN-3678-4
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
Red Hat Security Advisory 2018-1852-01
Posted Jun 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
Ubuntu Security Notice USN-3675-2
Posted Jun 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
View Older Files →

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Recent News

News RSS Feed
Ex-Fitbit Employees Indicted For Allegedly Stealing Secrets
Posted Jun 15, 2018

tags | headline, data loss, fraud
This New Android Malware Delivers Banking Trojan, Keylogger And Ransomware
Posted Jun 15, 2018

tags | headline, malware, phone, google
Xen Project Patches Intel's Lazy FPU Flaw
Posted Jun 15, 2018

tags | headline, flaw, patch, intel
Quantum Cryptography Demo Shows No Need For New Infrastructure
Posted Jun 15, 2018

tags | headline, science, cryptography
Ether Doesn't Fall Under SEC Rules
Posted Jun 15, 2018

tags | headline, government, bank, usa, cryptography
Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature
Posted Jun 15, 2018

tags | headline, flaw, cryptography
LuckyMouse Threat Group Attacks Government Websites
Posted Jun 14, 2018

tags | headline, hacker, government, malware, china
US Senators Get Digging To Find Out The Truth About FCC DDoS Attack
Posted Jun 14, 2018

tags | headline, government, usa, denial of service, fraud
Backdoored Images Downloaded 5 Million Times Finally Removed From Docker Hub
Posted Jun 14, 2018

tags | headline, hacker, fraud, backdoor
Apple To Patch Flaw FBI Has Been Using To Hack iPhones
Posted Jun 14, 2018

tags | headline, government, privacy, usa, phone, flaw, patch, apple, fbi
View More News →

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    13 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close