exploit the possibilities

Recent Files

Files RSS Feed
Microsoft Edge Flash click2play Bypass
Posted Mar 19, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.

tags | exploit
VBScript VbsErase Memory Corruption
Posted Mar 19, 2019
Authored by Ivan Fratric, Google Security Research

There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.

tags | exploit
GNU Privacy Guard 2.2.14
Posted Mar 19, 2019
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple code updates and an updated Russian translation.
tags | tool, encryption
JFrog Artifactory Pro 6.5.9 Signature Validation
Posted Mar 19, 2019
Authored by Timo Juhani Lindfors

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.

tags | exploit
Slackware Security Advisory - libssh2 Updates
Posted Mar 19, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
Debian Security Advisory 4409-1
Posted Mar 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.

tags | advisory, denial of service
systems | linux, debian
Red Hat Security Advisory 2019-0600-01
Posted Mar 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.

tags | advisory, web, ruby
systems | linux, redhat
Gentoo Linux Security Advisory 201903-15
Posted Mar 19, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
Chrome StoragePartitionService Double-Destruction Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.

tags | exploit, root
Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML
Posted Mar 19, 2019
Authored by James Forshaw, Google Security Research

MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn't check other VBScript CLSIDs which allow a web page to bypass the security zone policy.

tags | exploit, web
Chrome MidiManagerWin Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.

tags | exploit
Chrome FileSystemOperationRunner Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.

tags | exploit
Advanced Host Monitor 11.92 Beta Local Buffer Overflow
Posted Mar 19, 2019
Authored by Peyman Forouzan

Advanced Host Monitor version 11.92 Beta suffers from a buffer overflow vulnerability.

tags | exploit, overflow
Chrome ExtensionsGuestViewMessageFilter Data Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.

tags | exploit
Abine Blur 7.8.24x Authentication Bypass
Posted Mar 19, 2019
Authored by RS Tyler Schroder

The Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.

tags | advisory, bypass
eNdonesia Portal 8.7 Iframe Injection / SQL Injection
Posted Mar 19, 2019
Authored by Mehmet Emiroglu

eNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
Netartmedia PHP Mall 4.1 SQL Injection
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
Gila CMS 1.9.1 Cross Site Scripting
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Gila CMS version 1.9.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Netartmedia Event Portal 2.0 SQL Injection
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Netartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Netartmedia Real Estate Portal 5.0 SQL Injection
Posted Mar 19, 2019
Authored by Ahmet Umit Bayram

Netartmedia Real Estate Portal version 5.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MyBB Upcoming Events 1.32 Cross Site Scripting
Posted Mar 19, 2019
Authored by 0xB9

MyBB Upcoming Events plugin version 1.32 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
Posted Mar 19, 2019
Authored by Orange Tsai, wvu | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.

tags | exploit
Ubuntu Security Notice USN-3906-2
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2019-0597-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.

tags | advisory
systems | linux, redhat
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted Mar 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
View Older Files →

Recent News

News RSS Feed
Hacker Returns And Puts 26Mil User Records For Sale On The Dark Web
Posted Mar 18, 2019

tags | headline, hacker, privacy, data loss, fraud, identity theft
Lenovo Patches Intel Firmware Flaws In Multiple Product Lines
Posted Mar 18, 2019

tags | headline, flaw, patch, intel
How Hackers Pulled Off A $20 Million Bank Heist
Posted Mar 18, 2019

tags | headline, hacker, bank, cybercrime, korea, mexico
Facial Recognition 101: Your Face Is Your New Fingerprint
Posted Mar 18, 2019

tags | headline, password, science
Beto O'Rourke's Secret Membership In The cDc
Posted Mar 16, 2019

tags | headline, hacker, government, usa
Beto O'Rourke Has Serious Hacker Credentials
Posted Mar 16, 2019

tags | headline, hacker, government, usa
You're Now In A Timeline In Which A US Presidential Hopeful Was In A Legendary Hacker Group
Posted Mar 16, 2019

tags | headline, hacker, government, usa
WordPress Releases 14 Fixes In Latest Security Updates
Posted Mar 16, 2019

tags | headline, flaw, patch, wordpress
Google May Face Investigation Over Antitrust, Privacy Issues
Posted Mar 16, 2019

tags | headline, government, privacy, google
Singapore Public Sector Reports Yet Another Security Lapse
Posted Mar 16, 2019

tags | headline, government, privacy, data loss, singapore
View More News →

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close