what you don't know can hurt you

Recent Files

Files RSS Feed
Debian Security Advisory 4370-1
Posted Jan 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4370-1 - Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, debian
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass
Posted Jan 18, 2019
Authored by Micha Borrmann

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.

tags | exploit, web, bypass
Joomla! 3.9.1 Cross Site Scripting
Posted Jan 18, 2019
Authored by Praveen Sutar

Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.

tags | exploit, xss
phpTransformer 2016.9 Directory Traversal
Posted Jan 18, 2019
Authored by Ihsan Sencan

phpTransformer version 2016.9 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
phpTransformer 2016.9 SQL Injection
Posted Jan 18, 2019
Authored by Ihsan Sencan

phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SeoToaster Ecommerce 3.0.0 Local File Inclusion
Posted Jan 18, 2019
Authored by Ihsan Sencan

SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
DotNetNuke Events Calendar 1.x File Download
Posted Jan 18, 2019
Authored by KingSkrupellos

DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.

tags | exploit, info disclosure
Webmin 1.900 Remote Command Execution
Posted Jan 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

tags | exploit, java, arbitrary, cgi, root
systems | linux, debian
SSHtranger Things SCP Client File Issue
Posted Jan 18, 2019
Authored by Mark E. Haase

SCP clients have an issue where additional files can be copied over without your knowledge.

tags | exploit
FastTube 1.0.1.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

FastTube version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
Eco Search 1.0.2.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
One Search 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

One Search version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
VPN Browser+ 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
7 Tik 1.0.1.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

7 Tik version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
Watchr 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

Watchr version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
Falco 0.13.1
Posted Jan 17, 2019
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Improved documentation for running Falco within K8s and getting K8s Audit Logging to work with Minikube and Falco as a Daemonset within K8s. Fixed AWS Permissions for Kubernetes Response Engine. Fixed a potential crash that could occur when using the falco engine and rulesets. Various other fixes and updates.
tags | tool, intrusion detection
systems | unix
Microsoft Edge Chakra InlineArrayPush Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.

tags | exploit
Mozilla Firefox 64 Information Disclosure
Posted Jan 17, 2019
Authored by Dr. Vladimir Bostanov

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.

tags | exploit, remote, local
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
Posted Jan 17, 2019
Authored by Mohamed M.Fouad

Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Linux/x86 TCP/4444 Bindshell Shellcode
Posted Jan 17, 2019
Authored by Joao Batista

100 bytes small Linux/x86 TCP/4444 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
Ubuntu Security Notice USN-3862-1
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
Microsoft Edge Chakra JIT Use-After-Free / Flag Issue
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.

tags | exploit, javascript
View Older Files →

Recent News

News RSS Feed
Microsoft Blue Biz Bug Bounty Bonanza Beckons
Posted Jan 18, 2019

tags | headline, hacker, microsoft, flaw, patch
Cook Calls For Laws To Tackle Shadow Economy Of Data Firms
Posted Jan 17, 2019

tags | headline, government, privacy, data loss, fraud, apple, facebook
Monster 773 Million-Record Password Breach List Contains Plaintext Passwords
Posted Jan 17, 2019

tags | headline, hacker, privacy, data loss, password, identity theft
South Korea Had Advanced Weapons Servers Hacked
Posted Jan 17, 2019

tags | headline, government, cyberwar, korea
Oklahoma Gov Data Leak Exposes FBI Investigation Records
Posted Jan 17, 2019

tags | headline, government, privacy, usa, data loss, fbi
Facebook Tackles Russians Making Fake News Stories
Posted Jan 17, 2019

tags | headline, government, usa, russia, fraud, cyberwar, facebook
Shareholders Demand Amazon End Facial Recognition Sales To Government
Posted Jan 17, 2019

tags | headline, government, privacy, usa, amazon
Two Ukrainians Charged With 2016 Hack Of SEC
Posted Jan 16, 2019

tags | headline, hacker, government, usa, cybercrime, data loss, fraud
NanoCore Trojan Is Protected In Memory From Being Killed Off
Posted Jan 16, 2019

tags | headline, malware, trojan
Fortnite Security Issue Would Have Granted Hackers Access To Accounts
Posted Jan 16, 2019

tags | headline, hacker, privacy, flaw, password
View More News →

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close