exploit the possibilities

Recent Files

Files RSS Feed
Realtek SDK Information Disclosure / Code Execution
Posted Jan 24, 2020
Authored by Blazej Adamczyk

Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.

tags | exploit, vulnerability, code execution, info disclosure
Ricoh Printer Driver Local Privilege Escalation
Posted Jan 24, 2020
Authored by Alexander Pudwill, Pentagrid AG | Site pentagrid.ch

Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.

tags | exploit, local
systems | windows
TestSSL 3.0
Posted Jan 24, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Full support of TLS 1.3 added. ROBOT check added. Better TLS extension support and extended protocol downgrade checks added. Many other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
Debian Security Advisory 4609-1
Posted Jan 24, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

tags | advisory, python
systems | linux, debian
OLK Web Store 2020 Cross Site Request Forgery
Posted Jan 24, 2020
Authored by Joel Aviad Ossi

OLK Web Store 2020 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
WebKitGTK+ / WPE WebKit Code Execution
Posted Jan 24, 2020
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory handling vulnerabilities that can result in arbitrary code execution. Versions affected include WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3.

tags | advisory, arbitrary, vulnerability, code execution
Webtareas 2.0 SQL Injection
Posted Jan 24, 2020
Authored by Greg Priest

Webtareas version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot
Posted Jan 24, 2020
Authored by PCEumel

TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.

tags | exploit, remote
Genexis Platinum-4410 2.1 Authentication Bypass
Posted Jan 24, 2020
Authored by Husinul Sanub

Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
Lulzbuster 1.0.0
Posted Jan 24, 2020
Authored by noptrix | Site noptrix.net

Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.

tags | tool, web, scanner
systems | unix
Red Hat Security Advisory 2020-0222-01
Posted Jan 24, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0222-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
Ubuntu Security Notice USN-4230-2
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4230-2 - USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
Ubuntu Security Notice USN-4233-2
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4233-2 - USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
Red Hat Security Advisory 2020-0215-01
Posted Jan 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0215-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
Red Hat Security Advisory 2020-0218-01
Posted Jan 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0218-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
Red Hat Security Advisory 2020-0216-01
Posted Jan 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0216-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
Red Hat Security Advisory 2020-0217-01
Posted Jan 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0217-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
Ubuntu Security Notice USN-4247-3
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python
systems | linux, ubuntu
Falco 0.19.0
Posted Jan 23, 2020
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Instead of crashing, now falco will report the error when an internal error occurs while handling an event to be inspected. Integration tests now can run on different distributions via docker containers. Various other updates and bug fixes.
tags | tool, intrusion detection
systems | unix
qdPM 9.1 Remote Code Execution
Posted Jan 23, 2020
Authored by Rishal Dwivedi

qdPM version 9.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
Umbraco CMS 8.2.2 Cross Site Request Forgery
Posted Jan 23, 2020
Authored by A. Melnikova | Site sec-consult.com

Umbraco CMS version 8.2.2 suffers from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
Red Hat Security Advisory 2020-0214-01
Posted Jan 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0214-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.130. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
Ubuntu Security Notice USN-4249-1
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4249-1 - It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
Ubuntu Security Notice USN-4247-2
Posted Jan 23, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, vulnerability, python
systems | linux, ubuntu
Pachev FTP Server 1.0 Path Traversal
Posted Jan 23, 2020
Authored by 1F98D

Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
View Older Files →

Recent News

News RSS Feed
Facebook's Sir Nick Clegg Criticized Over WhatsApp Security
Posted Jan 24, 2020

tags | headline, hacker, privacy, flaw, facebook, cryptography
Mac Users Bombarded By Laughably Unsophisticated Malware
Posted Jan 24, 2020

tags | headline, hacker, malware, cybercrime, fraud, apple
Hackers Target Unpatched Citrix Servers To Deploy Ransomware
Posted Jan 24, 2020

tags | headline, hacker, malware, cybercrime, fraud, flaw, cryptography
Fake SWAT Calls Hit Tech Execs
Posted Jan 24, 2020

tags | headline, government, facebook, terror
Amazon Engineer Leaks Encryption Keys To Public GitHub Repo
Posted Jan 23, 2020

tags | headline, hacker, amazon, data loss, password
Phishing Campaign Leads To UPS Store Data Breach
Posted Jan 23, 2020

tags | headline, hacker, privacy, data loss, phish
Twitter Demands AI Company Stops Collecting Faces
Posted Jan 23, 2020

tags | headline, privacy, spyware, twitter
Suspected Iranian Hackers Target European Energy Companies
Posted Jan 23, 2020

tags | headline, hacker, government, cyberwar, iran, scada
Crown Prince Of Saudi Arabia Accused Of Hacking Jeff Bezos' Phone
Posted Jan 22, 2020

tags | headline, hacker, government, usa, phone, amazon, flaw, cyberwar, facebook, saudi arabia
Brazil Prosecutes Greenwald In Attack On Press Freedom
Posted Jan 22, 2020

tags | headline, government, data loss, brazil
View More News →

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    11 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close