exploit the possibilities

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-4032-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.

tags | advisory, web, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-4031-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
Apple Security Advisory 2019-6-20-1
Posted Jun 24, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | apple
Ubuntu Security Notice USN-4030-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
Lynis Auditing Tool 2.7.5
Posted Jun 24, 2019
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added Danish translation, Slackware end-of-life information, detection for BSD-style (rc.d) init in Linux systems, and detection of Bro and Suricata (IDS). Various other changes as well.
tags | tool, scanner
systems | unix
Flawfinder 2.0.10
Posted Jun 24, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Uses binary mode when reading a diffhitlist.
tags | tool
systems | unix
Microsoft Windows Font Cache Service Insecure Sections
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.

tags | exploit
systems | windows
Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.

tags | exploit, arbitrary
systems | windows
ABB IDAL HTTP Server Uncontrolled Format String
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.

tags | exploit, web
ABB IDAL HTTP Server Stack-Based Buffer Overflow
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.

tags | exploit, web, overflow
Debian Security Advisory 4467-2
Posted Jun 24, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4467-2 - The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue.

tags | advisory
systems | linux, debian
FortiCam FCM-MB40 Code Execution / Privilege Escalation
Posted Jun 24, 2019
Authored by XORcat

Fortinet's FortiCam FCM-MB40 product suffers from root code execution, privilege escalation, hardcoded key, and various other vulnerabilities.

tags | exploit, root, vulnerability, code execution
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
Slackware Security Advisory - mozilla-firefox Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
SeedDMS out.GroupMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.

tags | exploit, php, xss
SeedDMS Remote Command Execution
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SeedDMS out.UsrMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.

tags | exploit, php, xss
dotProject 2.1.9 SQL Injection
Posted Jun 24, 2019
Authored by Metin Yunus Kandemir

dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
GrandNode 4.40 Path Traversal / File Download
Posted Jun 24, 2019
Authored by Corey Robinson

GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
GSearch 1.0.1.0 Denial Of Service
Posted Jun 24, 2019
Authored by 0xB9

GSearch version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
AZADMIN CMS Of HIDEA 1.0 SQL Injection
Posted Jun 24, 2019
Authored by Felipe Andrian Peixoto

AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Linux/x86_64 Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Posted Jun 24, 2019
Authored by Aron Mihaljevic

70 bytes small Linux/x86_64 reverse TCP shell over port 4444 shellcode.

tags | shell, tcp, shellcode
systems | linux
Quarking Password Manager 3.1.84 Clickjacking
Posted Jun 24, 2019
Authored by Gionathan Reale

Quarking Password Manager version 3.1.84 suffers from a clickjacking vulnerability.

tags | advisory
Debian Security Advisory 4470-1
Posted Jun 23, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4470-1 - Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.

tags | advisory, denial of service, vulnerability
systems | linux, debian
Debian Security Advisory 4469-1
Posted Jun 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4469-1 - Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
View Older Files →

Recent News

News RSS Feed
Facebook Usage Has Collapsed Since Scandals
Posted Jun 20, 2019

tags | headline, privacy, data loss, fraud, facebook, social
Nation-Sponsored Hackers Likely Carried Out Hostile Takeover Of Rival Group's Servers
Posted Jun 20, 2019

tags | headline, hacker, government, russia, cyberwar, iran
78,0000 Prescriptions Left In Database With No Password
Posted Jun 20, 2019

tags | headline, privacy, data loss
Firefox Zero Day Was Used In Attack Against Coinbase Employees
Posted Jun 20, 2019

tags | headline, hacker, flaw, mozilla, firefox, cryptography
NASA's JPL Seems To Be Having A Hard Time With Security
Posted Jun 19, 2019

tags | headline, government, usa, space, flaw, nasa
Iran Claims To Have Thwarted A US Cyber Espionage Operation
Posted Jun 19, 2019

tags | headline, government, usa, cyberwar, spyware, iran
Oracle Patches Another Actively Exploited WebLogic 0-Day
Posted Jun 19, 2019

tags | headline, hacker, flaw, oracle
John Deere's Promotional USB Drive Hijacks Your Keyboard
Posted Jun 19, 2019

tags | headline, malware
Venmo Transaction Scraped In Privacy Warning To Consumers
Posted Jun 18, 2019

tags | headline, privacy, bank, cybercrime, data loss, fraud, flaw, paypal
Facebook Launches Cryptocurrency To Shake Up Global Finance
Posted Jun 18, 2019

tags | headline, bank, facebook, cryptography
View More News →

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close