exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-01-08

Debian Security Advisory 4363-1
Posted Jan 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

tags | advisory, web, spoof, python
systems | linux, debian
advisories | CVE-2019-3498
MD5 | 2b825f3bca76165c30b5aef53b5d1a60
Wireshark Analyzer 2.6.6
Posted Jan 8, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Added a boundary check to get_t61_string. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | b30ba5b9b48ed2ff91c0ce357d33b46b
Mailcleaner Remote Code Execution
Posted Jan 8, 2019
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.

tags | exploit, web, root
advisories | CVE-2018-20323
MD5 | 385bd5fbbfdc9bc89d35cc72bfbbbe12
TOR Virtual Network Tunneling Tool 0.3.5.7
Posted Jan 8, 2019
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 8076f11045b5a94fd4ef0a0114b845f6
Wireshark get_t61_string Heap Out-Of-Bounds Read
Posted Jan 8, 2019
Authored by Google Security Research, mjurczyk

Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.

tags | exploit
MD5 | 43cb4c02b902708d8069391d9e3e6872
Polkit Temporary Authentication Hijacking
Posted Jan 8, 2019
Authored by Jann Horn, Google Security Research

Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.

tags | exploit
MD5 | 57634c3dcea314066b8d2beba7cfe951
Microsoft Windows DSSVC CheckFilePermission Arbitrary File Deletion
Posted Jan 8, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8584
MD5 | bd93c9fa1baa36c07dad7069c043ffd7
ZenPhoto 1.4.14 Cross Site Scripting
Posted Jan 8, 2019
Authored by Zekvan Arslan | Site netsparker.com

ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-20140
MD5 | abde0deaa13c16d26b92c9d85316b439
Red Hat Security Advisory 2019-0036-01
Posted Jan 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0036-01 - Source-to-Image is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
MD5 | 498b14cd5d813a2eb7d5046958ec9dc6
Mantis 2.11.1 Cross Site Scripting
Posted Jan 8, 2019
Authored by Omer Citak | Site netsparker.com

Mantis version 2.11.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13055
MD5 | defc12f2f0906c666e8ca541f78de9c5
Dolibarr ERP-CRM 8.0.4 SQL Injection
Posted Jan 8, 2019
Authored by Mehmet Onder Key

Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 25441cb1a332de47c4db6edae81fe6aa
WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery
Posted Jan 8, 2019
Authored by Rob Skilling

WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 09bcf070666570f124bc10d01fea03bd
CF Image Hosting Script 1.6.5 Privilege Escalation
Posted Jan 8, 2019
Authored by David Tavarez

CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 73a177897c7c4a4cd09013c89fb30886
UFONet 1.2
Posted Jan 8, 2019
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: New release called Armageddon. Various updates.
tags | tool, web, denial of service, spoof
systems | unix
MD5 | c1ec221727b9cd2ac06a67b4c61830d0
Aspose.ZIP For .NET Path Traversal
Posted Jan 8, 2019
Authored by Jaroslav Lobacevski

Aspose.ZIP for .NET was vulnerable to path traversal that allowed an attacker overwriting arbitrary file in a context of running application. The issue was fixed in version 19.1.0.

tags | advisory, arbitrary, file inclusion
MD5 | 4515bab0f7cf63e9aeee37bcaf9a9e9d
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close