exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-01-09

Ubuntu Security Notice USN-3850-1
Posted Jan 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
MD5 | f31e765a83742d73f9519be5d73246a3
systemd-journald Memory Corruption / Information Leak
Posted Jan 9, 2019
Authored by Qualys Security Advisory

This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws.

tags | advisory, vulnerability
advisories | CVE-2018-16864, CVE-2018-16865, CVE-2018-16866
MD5 | 5e1ba71c0b7e7dbafebb77bbd2703730
THC-IPv6 Attack Tool 3.6
Posted Jan 9, 2019
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Added error check for openssl BN_ functions (thanks to lc3412). Added support for global destinations for dump_dhcp6. Added new connect6 tool. Various updates and bug fixes.
tags | tool, protocol
systems | unix
MD5 | 3c376f6a98e3914db0486a03ccdfa35a
ZTE MF65 BD_HDV6MF65V1.0.0B05 Cross Site Scripting
Posted Jan 9, 2019
Authored by Nathu Nandwani

ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7355
MD5 | 58a06d4dbbbb86fe6727c100da9c4d09
Ampache 3.8.6 Cross Site Scripting
Posted Jan 9, 2019
Authored by Zekvan Arslan | Site netsparker.com

Ampache version 3.8.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 69f79c87e008dff3be4d80a1277357c0
BlogEngine 3.3 XML External Entity Injection
Posted Jan 9, 2019
Authored by Mustafa Yalcin | Site netsparker.com

BlogEngine version 3.3 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-14485
MD5 | 158c165dcd25c8de8be755c65883778b
OrangeForum 1.4.0 Open Redirection
Posted Jan 9, 2019
Authored by Omar Kurt | Site netsparker.com

OrangeForum version 1.4.0 suffers from open redirection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-14474
MD5 | 4de8fa1d010b149048243c3de65f00e7
Red Hat Security Advisory 2019-0040-01
Posted Jan 9, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0040-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-0545, CVE-2019-0548, CVE-2019-0564
MD5 | 859cd5a46a0f3ca739c6a9c1e1c87cc8
Debian Security Advisory 4364-1
Posted Jan 9, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2018-16468
MD5 | 1ac92e51a244345f0cc61b7ed70eaece
WordPress User Registration 1.5.3 Cross Site Scripting
Posted Jan 9, 2019
Authored by Mr Winst0n

WordPress User Registration plugin version 1.5.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 54cd525f334901df9a655277b12b554d
Microsoft Windows Error Reporting Local Privilege Escalation
Posted Jan 9, 2019
Authored by SandboxEscaper

Angry Polar Bear is a Microsoft Windows error reporting privilege escalation exploit.

tags | exploit
systems | windows
MD5 | ee7fca66252eae44b2c5ca2e9081020d
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
Posted Jan 9, 2019
Authored by sajjadbnd

Heatmiser Wifi Thermostat version 1.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | bf3a94692d78a3a7c5485a2e1f6cb691
EstudioNeoFilms / Grupo LosGrobo / IdeaSeven SQL Injection
Posted Jan 9, 2019
Authored by KingSkrupellos

Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.

tags | exploit, web, vulnerability, sql injection
MD5 | f924892391cf79940be495a27d89509b
Google Chrome V8 JavaScript Engine 71.0.3578.98 Denial Of Service
Posted Jan 9, 2019
Authored by Bogdan Kurinnoy

Google Chrome V8 JavaScript Engine version 71.0.3578.98 suffers from a denial of service vulnerability.

tags | exploit, denial of service, javascript
MD5 | c3001fc74087cc36390e2cf67a3cdee9
Microsoft Office SharePoint Server 2016 Denial Of Service
Posted Jan 9, 2019
Authored by Gal Zror | Site metasploit.com

A vulnerability in Microsoft SharePoint Server could allow a remote attacker to make the server unavailable. The vulnerability is a result of the dependency SharePoint has in Microsoft.Data.OData library which was vulnerable to remote DOS.

tags | exploit, remote, denial of service
advisories | CVE-2018-8269
MD5 | 5c064a5afe000a923b1cc0813497efe7
Wifi-soft Unibox 2.x Remote Command / Code Injection
Posted Jan 9, 2019
Authored by Sahil Dhar

Wifi-soft Unibox Controllers versions 0.x through 0.2 suffer from code execution and command injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-3495, CVE-2019-3496, CVE-2019-3497
MD5 | 37a9a3ae4b24d98cdbdcb798c75e9851
MDwiki Cross Site Scripting
Posted Jan 9, 2019
Authored by Evi1m0

MDwiki versions prior to 0.6.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 027a43af292c7cdc3d6004b803c18c0a
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    2 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close