exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-12-21

Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.

tags | exploit, xss
advisories | CVE-2018-20339
SHA-256 | 86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
Posted Dec 21, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.

tags | exploit, remote, sql injection
advisories | CVE-2018-20338
SHA-256 | df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
GIGABYTE Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.

tags | exploit, local, vulnerability
advisories | CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323
SHA-256 | 48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36
ASUS Driver Privilege Escalation
Posted Dec 21, 2018
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.

tags | exploit, local, vulnerability
advisories | CVE-2018-18535, CVE-2018-18536, CVE-2018-18537
SHA-256 | 255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6a
Exiftool 8.3.2.0 DLL Hijacking
Posted Dec 21, 2018
Authored by Rafael Pedrero

Exiftool version 8.3.2.0 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-20211
SHA-256 | 9125ebd05baf3cba08b78407ca03eb09d7ec9f270114ad2d4353f2644f25aa65
LibTIFF 4.0.8 Memory Leak
Posted Dec 21, 2018
Authored by Jiawang Zhang

LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.

tags | advisory, vulnerability, memory leak, info disclosure
advisories | CVE-2017-16232
SHA-256 | 99b39c7e3e305f25232c535712f3fc0ca2051fdcf102d69777eda04623c5b380
Netatalk Authentication Bypass
Posted Dec 21, 2018
Authored by Jacob Baines

Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-1160
SHA-256 | 51cc419b02f4835a42ebe3c7b66a61c51ecb13389b696f0f310e6231976a1021
PCRE 8.41 Buffer Overflow
Posted Dec 21, 2018
Authored by Jiawang Zhang

PCRE version 8.41 suffers from a buffer overflow in the match() function.

tags | exploit, overflow
advisories | CVE-2017-16231
SHA-256 | 3f1207d02f6c9c3867b95b89f18c07e29db058dcc1a59efdfff8b4e9cda80af0
GRR 3.2.4.6
Posted Dec 21, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with some fixes for bugs introduced in the previous one.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 700437ed6661ab9c7c3b03c3817839bda5dd3b2001180f4f2f725eab779578a4
Microsoft Windows Arbitrary File Read
Posted Dec 21, 2018
Authored by evil_polar_bear

Proof of concept zero day exploit that demonstrates being able to read any file on Microsoft Windows.

tags | exploit, proof of concept
systems | windows
SHA-256 | 0d21dea6b52ca43506fffddb7e706515d706e0ea959580f677916db5f3af774c
Ubuntu Security Notice USN-3849-1
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3849-1 - It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-2647, CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18386, CVE-2018-18690, CVE-2018-18710
SHA-256 | 8af550c56d88e940bd49fc37b8e96986f53f118dc0a33f1ef43ae042d260ae9f
Ubuntu Security Notice USN-3849-2
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3849-2 - USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-2647, CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18386, CVE-2018-18690, CVE-2018-18710
SHA-256 | bdd2087e5d8c2e6ea3ea9fbd008a48c85005b8014c5200920d37f2ee93426078
Ubuntu Security Notice USN-3847-3
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3847-3 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10902, CVE-2018-12896, CVE-2018-14734, CVE-2018-16276, CVE-2018-18445, CVE-2018-18690, CVE-2018-18710
SHA-256 | 88ddcb277ba792306a56a051e1a6ea3b2df9a11ba6f4d4f0bb790bd6664c4b64
Ubuntu Security Notice USN-3848-2
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3848-2 - USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18174, CVE-2018-12896, CVE-2018-18690, CVE-2018-18710
SHA-256 | 0e01790258c142284e2a185f6b24d6e1b1322200ec802bdf3976255b1f7553f0
Ubuntu Security Notice USN-3848-1
Posted Dec 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, osx, ubuntu
advisories | CVE-2017-18174, CVE-2018-12896, CVE-2018-18690, CVE-2018-18710
SHA-256 | ef32f46b101a860f44706fee0448815aa83426a298a340332abb7bab4d753836
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close