exploit the possibilities

Recent Files

Files RSS Feed
GNU Privacy Guard 2.2.14
Posted Mar 19, 2019
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple code updates and an updated Russian translation.
tags | tool, encryption
JFrog Artifactory Pro 6.5.9 Signature Validation
Posted Mar 19, 2019
Authored by Timo Juhani Lindfors

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.

tags | exploit
Slackware Security Advisory - libssh2 Updates
Posted Mar 19, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
Debian Security Advisory 4409-1
Posted Mar 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.

tags | advisory, denial of service
systems | linux, debian
Red Hat Security Advisory 2019-0600-01
Posted Mar 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.

tags | advisory, web, ruby
systems | linux, redhat
Gentoo Linux Security Advisory 201903-15
Posted Mar 19, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
Abine Blur 7.8.24x Authentication Bypass
Posted Mar 19, 2019
Authored by RS Tyler Schroder

The Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.

tags | advisory, bypass
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
Posted Mar 19, 2019
Authored by Orange Tsai, wvu | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.

tags | exploit
Ubuntu Security Notice USN-3906-2
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2019-0597-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.

tags | advisory
systems | linux, redhat
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted Mar 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
Microsoft Windows Binary Planting
Posted Mar 18, 2019
Authored by Frederic Bourla

This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.

tags | paper
systems | windows
Debian Security Advisory 4408-1
Posted Mar 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.

tags | advisory, denial of service, arbitrary
systems | linux, debian
Red Hat Security Advisory 2019-0593-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.

tags | advisory
systems | linux, redhat
Ubuntu Security Notice USN-3911-1
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2019-0580-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2019-0590-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
libseccomp Incorrect Compilation Of Arithmetic Comparisons
Posted Mar 18, 2019
Authored by Jann Horn, Google Security Research

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.

tags | exploit
Gitea 1.7.3 HTML Injection
Posted Mar 18, 2019
Authored by Anti Rais

Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.

tags | exploit
TheCarProject 2 SQL Injection
Posted Mar 18, 2019
Authored by Mehmet Emiroglu

TheCarProject version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service
Posted Mar 18, 2019
Authored by Achilles

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.

tags | exploit, denial of service, local
WinMPG Video Convert 9.3.5 Denial Of Service
Posted Mar 18, 2019
Authored by Achilles

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.

tags | exploit, denial of service, local
WordPress FormCraft 2.0 CSRF / Shell Upload
Posted Mar 18, 2019
Authored by KingSkrupellos

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.

tags | exploit, shell, csrf
CSZ CMS 1.2.1 Arbitrary File Upload
Posted Mar 17, 2019
Authored by Mehmet Emiroglu

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
Ubuntu Security Notice USN-3910-1
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
View Older Files →

Recent News

News RSS Feed
Hacker Returns And Puts 26Mil User Records For Sale On The Dark Web
Posted Mar 18, 2019

tags | headline, hacker, privacy, data loss, fraud, identity theft
Lenovo Patches Intel Firmware Flaws In Multiple Product Lines
Posted Mar 18, 2019

tags | headline, flaw, patch, intel
How Hackers Pulled Off A $20 Million Bank Heist
Posted Mar 18, 2019

tags | headline, hacker, bank, cybercrime, korea, mexico
Facial Recognition 101: Your Face Is Your New Fingerprint
Posted Mar 18, 2019

tags | headline, password, science
Beto O'Rourke's Secret Membership In The cDc
Posted Mar 16, 2019

tags | headline, hacker, government, usa
Beto O'Rourke Has Serious Hacker Credentials
Posted Mar 16, 2019

tags | headline, hacker, government, usa
You're Now In A Timeline In Which A US Presidential Hopeful Was In A Legendary Hacker Group
Posted Mar 16, 2019

tags | headline, hacker, government, usa
WordPress Releases 14 Fixes In Latest Security Updates
Posted Mar 16, 2019

tags | headline, flaw, patch, wordpress
Google May Face Investigation Over Antitrust, Privacy Issues
Posted Mar 16, 2019

tags | headline, government, privacy, google
Singapore Public Sector Reports Yet Another Security Lapse
Posted Mar 16, 2019

tags | headline, government, privacy, data loss, singapore
View More News →

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    8 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close