what you don't know can hurt you

Recent Files

Files RSS Feed
Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload
Posted Feb 20, 2019
Authored by Pedro Ribeiro | Site metasploit.com

The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server. This vulnerability is exploitable in CMS versions up to and including 2.4.

tags | exploit
HotelDruid 2.3 Cross Site Scripting
Posted Feb 20, 2019
Authored by Mehmet Emiroglu

HotelDruid version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Apple macOS 10.13.5 Local Privilege Escalation
Posted Feb 20, 2019
Authored by Synacktiv

Apple macOS version 10.13.5 local privilege escalation exploit.

tags | exploit, local
systems | apple
Tech News 4.3.4 Cross Site Scripting
Posted Feb 20, 2019
Authored by Mr Winst0n

Tech News version 4.3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
Ubuntu Security Notice USN-3892-1
Posted Feb 20, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3892-1 - Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user.

tags | advisory
systems | linux, ubuntu
Debian Security Advisory 4396-1
Posted Feb 20, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.

tags | advisory, vulnerability
systems | linux, debian
FTPShell Sever 6.83 Denial Of Service
Posted Feb 20, 2019
Authored by Victor Mondragon

FTPShell Server version 6.83 suffers from a denial of service vulnerability.

tags | exploit, denial of service
TestSSL 3.0rc4
Posted Feb 19, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fourth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
Belkin Wemo UPnP Remote Code Execution
Posted Feb 19, 2019
Authored by wvu, phikshun | Site metasploit.com

This Metasploit module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT (49153).

tags | exploit
FaceTime Texture Processing Memory Corruption
Posted Feb 19, 2019
Authored by Google Security Research, natashenka

FaceTime suffers from a memory corruption vulnerability in texture processing.

tags | exploit
Microsoft Edge Insecure click2play Whitelist
Posted Feb 19, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Edge has an issue where the default flash click2play whitelist is insecure.

tags | advisory
Android seccomp Filter Ptrace Hole
Posted Feb 19, 2019
Authored by Jann Horn, Google Security Research

On Android, a ptrace hold makes the seccomp filter useless on devices with a kernel with a version lower than 4.8.

tags | exploit, kernel
Red Hat Security Advisory 2019-0373-01
Posted Feb 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0373-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2019-0380-01
Posted Feb 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0380-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.6 serves as a replacement for Red Hat Single Sign-On 7.2.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 Privilege Escalation
Posted Feb 19, 2019
Authored by Mike Siegel

MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.

tags | exploit
Typo3 CMS Shop System tt_products 2.9.4 SQL Injection
Posted Feb 19, 2019
Authored by KingSkrupellos

Typo3 CMS Shop System tt_products version 2.9.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Jenkins Remote Code Execution
Posted Feb 19, 2019
Authored by Orange

This write up contains details on how to perform remote code execution within Jenkins.

tags | exploit, remote, code execution
Webiness Inventory 2.3 Arbitrary File Upload
Posted Feb 19, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
Typo3 CMS T3 EasyEvent tx_easyevent_pi1 0.37.3 SQL Injection
Posted Feb 19, 2019
Authored by KingSkrupellos

Typo3 CMS T3 EasyEvent tx_easyevent_pi1 version 0.37.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing
Posted Feb 19, 2019
Authored by GeekHack

WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, bypass
Typo3 CMS Realty Manager tx_realty_pi1 2.0.0 Database Disclosure / SQL Injection
Posted Feb 19, 2019
Authored by KingSkrupellos

Typo3 CMS Realty Manager tx_realty_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Posted Feb 19, 2019
Authored by Dao Duy Hung

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
Typo3 CMS Commerce DAM connector tx_commerce_pi1 0.1.0 SQL Injection
Posted Feb 19, 2019
Authored by KingSkrupellos

Typo3 CMS Commerce DAM connector tx_commerce_pi1 version 0.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Traversal / XSS
Posted Feb 19, 2019
Authored by Rafael Pedrero

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities.

tags | exploit, vulnerability, xss
XAMPP 5.6.8 Cross Site Scripting / SQL Injection
Posted Feb 19, 2019
Authored by Rafael Pedrero

XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
View Older Files →

Recent News

News RSS Feed
Google Admits Error Over Hidden Microphone
Posted Feb 20, 2019

tags | headline, privacy, google, spyware
This Malware Turns ATM Hijacking Into A Slot Machine Game
Posted Feb 19, 2019

tags | headline, hacker, malware, bank, cybercrime, fraud
Millions Of Medical Calls Exposed Online
Posted Feb 19, 2019

tags | headline, privacy
Splunk Pulls Out Of Russia With Mysterious Statement
Posted Feb 19, 2019

tags | headline, russia
A Deep Dive On The Recent Widespread DNS Hijacking Attacks
Posted Feb 19, 2019

tags | headline, hacker, privacy, dns, cyberwar, phish
UK Lawmakers Say Facebook Broke Rules, Should Be Regulated
Posted Feb 18, 2019

tags | headline, government, privacy, britain, data loss, facebook, social
Australian Political Parties Hit By State Actor Hack
Posted Feb 18, 2019

tags | headline, hacker, government, australia, cyberwar
Special Counsel Robert Mueller Questioned Ex-Cambridge Analytica Director
Posted Feb 18, 2019

tags | headline, government, usa, russia, fraud, facebook, fbi
Google Earth Accidentally Reveals Secret Military Sites
Posted Feb 18, 2019

tags | headline, government, data loss, cyberwar, google, spyware, taiwan, military
GAO Gives Congress Go-Ahead For A GDPR-Like Legislation
Posted Feb 16, 2019

tags | headline, government, privacy, usa
View More News →

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    7 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close