exploit the possibilities

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-3936-2
Posted Apr 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2019-0868-01
Posted Apr 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0868-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
Sony Smart TV Information Disclosure / File Read
Posted Apr 24, 2019
Authored by xen1thLabs

Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
TestSSL 2.9.5-8
Posted Apr 24, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains bug fixes.
tags | tool, scanner, protocol, bash
systems | unix
Linux Siemens R3964 Line Discipline Missing Lock
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.

tags | exploit, kernel
systems | linux, ubuntu
74CMS 5.0.1 Cross Site Request Forgery
Posted Apr 23, 2019
Authored by ax8

74CMS version 5.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
Red Hat Security Advisory 2019-0857-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0857-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
Linux Overflow Via FUSE
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

tags | exploit, overflow
systems | linux
ManageEngine Applications Manager 14.0 SQL Injection / Command Injection
Posted Apr 23, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.

tags | exploit, sql injection
Red Hat Security Advisory 2019-0856-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0856-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
Ross Video DashBoard 8.5.1 Insecure Permissions
Posted Apr 23, 2019
Authored by LiquidWorm | Site zeroscience.mk

Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

tags | exploit
Red Hat Security Advisory 2019-0809-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0809-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
Ubuntu Security Notice USN-3922-2
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
Red Hat Security Advisory 2019-0818-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2019-0831-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0831-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include bypass, denial of service, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
Ubuntu Security Notice USN-3952-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
Ubuntu Security Notice USN-3953-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
Ubuntu Security Notice USN-3951-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3951-1 - It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
Red Hat Security Advisory 2019-0833-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2019-0832-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2019-0806-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0806-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
Red Hat Security Advisory 2019-0796-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0796-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include database disclosure, denial of service, and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
UliCMS 2019.2 / 2019.1 Cross Site Scripting
Posted Apr 23, 2019
Authored by Kagan Eglence

UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systemd Seat Verification Active Session Spoofing
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit.

tags | exploit, spoof
Msvod 10 Cross Site Request Forgery
Posted Apr 23, 2019
Authored by ax8

Msvod version 10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
View Older Files →

Recent News

News RSS Feed
Intelsat-29e Declared A Total Loss
Posted Apr 23, 2019

tags | headline, government, data loss, cyberwar, spyware
Court Rules Chelsea Manning Must Stay In Jail
Posted Apr 22, 2019

tags | headline, government, usa, data loss, military
Facebook Urged To Tackle Spread Of Fake Profiles Used By US Police
Posted Apr 22, 2019

tags | headline, government, privacy, usa, fraud, cyberwar, facebook
jQuery Impacted By Prototype Pollution Flaw
Posted Apr 22, 2019

tags | headline, flaw, java
EU Votes To Create Gigantic Biometrics Database
Posted Apr 22, 2019

tags | headline, government, privacy, data loss, password
Noisebridge May Be Pushed Out Of The Mission District
Posted Apr 21, 2019

tags | headline, hacker
Hacker Dumps Thousands Of Sensitive Mexican Embassy Documents Online
Posted Apr 21, 2019

tags | headline, hacker, government, privacy, data loss, mexico
Millions Using 123456 As Password, Security Study Finds
Posted Apr 21, 2019

tags | headline, password
Twitter Bot Activity Spiked After The Release Of The Mueller Report
Posted Apr 21, 2019

tags | headline, government, usa, russia, fraud, cyberwar, twitter, fbi
U.S. Intelligence Says Huawei Funded By Chinese State Security
Posted Apr 20, 2019

tags | headline, government, usa, china, cyberwar, spyware, backdoor
View More News →

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    4 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close