exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-01-08

Debian Security Advisory 4363-1
Posted Jan 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

tags | advisory, web, spoof, python
systems | linux, debian
advisories | CVE-2019-3498
MD5 | 2b825f3bca76165c30b5aef53b5d1a60
Wireshark Analyzer 2.6.6
Posted Jan 8, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Added a boundary check to get_t61_string. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | b30ba5b9b48ed2ff91c0ce357d33b46b
Mailcleaner Remote Code Execution
Posted Jan 8, 2019
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.

tags | exploit, web, root
advisories | CVE-2018-20323
MD5 | 385bd5fbbfdc9bc89d35cc72bfbbbe12
TOR Virtual Network Tunneling Tool
Posted Jan 8, 2019
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 8076f11045b5a94fd4ef0a0114b845f6
Wireshark get_t61_string Heap Out-Of-Bounds Read
Posted Jan 8, 2019
Authored by Google Security Research, mjurczyk

Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.

tags | exploit
MD5 | 43cb4c02b902708d8069391d9e3e6872
Polkit Temporary Authentication Hijacking
Posted Jan 8, 2019
Authored by Jann Horn, Google Security Research

Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.

tags | exploit
MD5 | 57634c3dcea314066b8d2beba7cfe951
Microsoft Windows DSSVC CheckFilePermission Arbitrary File Deletion
Posted Jan 8, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8584
MD5 | bd93c9fa1baa36c07dad7069c043ffd7
ZenPhoto 1.4.14 Cross Site Scripting
Posted Jan 8, 2019
Authored by Zekvan Arslan | Site netsparker.com

ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-20140
MD5 | abde0deaa13c16d26b92c9d85316b439
Red Hat Security Advisory 2019-0036-01
Posted Jan 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0036-01 - Source-to-Image is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
MD5 | 498b14cd5d813a2eb7d5046958ec9dc6
Mantis 2.11.1 Cross Site Scripting
Posted Jan 8, 2019
Authored by Omer Citak | Site netsparker.com

Mantis version 2.11.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13055
MD5 | defc12f2f0906c666e8ca541f78de9c5
Dolibarr ERP-CRM 8.0.4 SQL Injection
Posted Jan 8, 2019
Authored by Mehmet Onder Key

Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 25441cb1a332de47c4db6edae81fe6aa
WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery
Posted Jan 8, 2019
Authored by Rob Skilling

WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 09bcf070666570f124bc10d01fea03bd
CF Image Hosting Script 1.6.5 Privilege Escalation
Posted Jan 8, 2019
Authored by David Tavarez

CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 73a177897c7c4a4cd09013c89fb30886
UFONet 1.2
Posted Jan 8, 2019
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: New release called Armageddon. Various updates.
tags | tool, web, denial of service, spoof
systems | unix
MD5 | c1ec221727b9cd2ac06a67b4c61830d0
Aspose.ZIP For .NET Path Traversal
Posted Jan 8, 2019
Authored by Jaroslav Lobacevski

Aspose.ZIP for .NET was vulnerable to path traversal that allowed an attacker overwriting arbitrary file in a context of running application. The issue was fixed in version 19.1.0.

tags | advisory, arbitrary, file inclusion
MD5 | 4515bab0f7cf63e9aeee37bcaf9a9e9d
Page 1 of 1

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By