Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-09-06

Ghostscript Failed Restore Command Execution
Posted Sep 6, 2018
Authored by Tavis Ormandy, wvu | Site metasploit.com

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript.

tags | exploit, arbitrary
advisories | CVE-2018-16509
MD5 | e1336336af62bb506d362910f0cca41f
Ubuntu Security Notice USN-3760-1
Posted Sep 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3760-1 - It was discovered that transfig incorrectly handled certain FIG files. An attacker could possibly use this to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16140
MD5 | ca09dbf76febd01d066aa0419d9842bf
DokuWiki 2018-04-22a Greebo Arbitrary Code Execution
Posted Sep 6, 2018
Authored by Jean-Benjamin Rousseau | Site sec-consult.com

DokuWiki version 2018-04-22a Greebo suffers from a CSV formula injection vulnerability that allows for arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2018-15474
MD5 | da11d55a03deb277ad0e944efc15402f
IDOR On ProConf Peer-Review And Conference Management 6.0 File Disclosure
Posted Sep 6, 2018
Authored by S. M. Zia Ur Rashid

IDOR on ProConf Peer-Review and Conference Management versions 6.0 and below suffer from an insecure direct object reference vulnerability that allows for file disclosure.

tags | exploit, info disclosure
advisories | CVE-2018-16606
MD5 | f66129ba7ed047a3ce03c2e238f694e8
Cisco Umbrella Roaming Client 2.0.168 Privilege Escalation
Posted Sep 6, 2018
Authored by ParagonSec

Cisco Umbrella Roaming Client version 2.0.168 suffers from a privilege escalation vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2018-0437, CVE-2018-0438
MD5 | 077c7382cf0843a8338f4cafa0c01262
KONE KGC 4.6.4 DoS / Code Execution / LFI / Bypass
Posted Sep 6, 2018
Authored by Sebastian Neuner

KONE KGC versions 4.6.4 and below suffer from unauthenticated remote code execution, denial of service, local file inclusion, and missing FTP access control vulnerabilities.

tags | exploit, remote, denial of service, local, vulnerability, code execution, file inclusion
advisories | CVE-2018-15483, CVE-2018-15484, CVE-2018-15485, CVE-2018-15486
MD5 | 1ea70d967952d609d0b2793be81f9417
Slackware Security Advisory - Slackware 14.2 mozilla-thunderbird Updates
Posted Sep 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 7733b13304bcd909867dab224156225f
Slackware Security Advisory - mozilla-firefox Updates
Posted Sep 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 7d2edfac6d049702b18e853dec37ba53
Slackware Security Advisory - curl Updates
Posted Sep 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-14618
MD5 | 767b52f604d65b366f9813f69d5d648f
Slackware Security Advisory - ghostscript Updates
Posted Sep 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ghostscript packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | d57b551b5a2cda4c30d617bc65aab792
Debian Security Advisory 4286-1
Posted Sep 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4286-1 - Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2018-14618
MD5 | 1c2a320358f153133062444a0f5d9c7f
Debian Security Advisory 4285-1
Posted Sep 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4285-1 - Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list.conf prohibits it.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-1000550
MD5 | 481d44583b29fd54725773edff3d4d40
D-Link Dir-600M N150 Cross Site Scripting
Posted Sep 6, 2018
Authored by PUNIT DARJI

D-Link Dir-600M N150 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fe2dec3461b19b00eec8b1eee19db6f5
WirelessHART Fieldgate SWG70 3.0 Directory Traversal
Posted Sep 6, 2018
Authored by Hamit CIBO

WirelessHART Fieldgate SWG70 version 3.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | af33723ac7c7484f32d7397e7b8a6f0a
Jorani Leave Management System 0.6.5 SQL Injection
Posted Sep 6, 2018
Authored by Javier Olmedo

Jorani Leave Management System version 0.6.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-15918
MD5 | b9d073e0f52274c2d881d797ea56b2e5
Jorani Leave Management System 0.6.5 Cross Site Scripting
Posted Sep 6, 2018
Authored by Javier Olmedo

Jorani Leave Management System version 0.6.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-15917
MD5 | 00d1fccad448e98ffb3e0c596c499f87
Apache Roller 5.0.3 XML Injection / File Disclosure
Posted Sep 6, 2018
Authored by Marko Jokic

Apache Roller version 5.0.3 suffers from an XML external entity injection vulnerability that allows for file disclosure.

tags | exploit
advisories | CVE-2014-0030
MD5 | 5ecc2d93bac8e8e0cbdf1d4a2fb76779
NetworkManager Daemon Command Execution
Posted Sep 6, 2018
Authored by Felix Wilhelm, Sameer Goyal

This is a small tutorial write up that provides a DynoRoot exploit proof of concept.

tags | exploit, proof of concept
advisories | CVE-2018-1111
MD5 | 34564033c2577542c76d3de9c82d2615
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close