exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2019-01-17

Falco 0.13.1
Posted Jan 17, 2019
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Improved documentation for running Falco within K8s and getting K8s Audit Logging to work with Minikube and Falco as a Daemonset within K8s. Fixed AWS Permissions for Kubernetes Response Engine. Fixed a potential crash that could occur when using the falco engine and rulesets. Various other fixes and updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | 63cc8e38909237503a124bb7c673cd593616eacd940b36e3f219f61d38b7d61b
Microsoft Edge Chakra InlineArrayPush Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.

tags | exploit
advisories | CVE-2018-8617
SHA-256 | 789b214a31a71d7137e78ec7849729dcb9e3b8a75a7308f4a4b8b569c079222e
Mozilla Firefox 64 Information Disclosure
Posted Jan 17, 2019
Authored by Dr. Vladimir Bostanov | Site syss.de

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.

tags | exploit, remote, local
SHA-256 | 651b018976fe31532dca330354105f5246005e3af9a8e5d81ed8d98aa881168a
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13798
SHA-256 | 354a63d78ac4b5ab320b994b6c1ce672f98e673e216b330282677992fd04dbd8
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
Posted Jan 17, 2019
Authored by Mohamed M.Fouad

Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-2413
SHA-256 | ba804e4cc9cea9b389fae54d6d4bf24781894082bb8cda4c46ca00a94372f85f
Linux/x86 TCP/4444 Bindshell Shellcode
Posted Jan 17, 2019
Authored by Joao Batista

100 bytes small Linux/x86 TCP/4444 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | 9ed4e6381113430ba42f2fbe3d6a316427517b430e541a89043704485ce4cfc3
Ubuntu Security Notice USN-3862-1
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-5882
SHA-256 | 714a7ba7dc95a8aff985448a5a201fa973b090864e856f742a4a209318d1a53d
Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 624e2aa64393201647ae1ea75556b294f62a6a7183e66b36fff793f579efde03
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 52ff7d9e0075284630b14659a451e435c7f3a96f39e7ec2903d059a0ad80851b
Microsoft Edge Chakra JIT Use-After-Free / Flag Issue
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.

tags | exploit, javascript
advisories | CVE-2019-0568
SHA-256 | 14479c28aa5ae1e0dc9a32a161983c6f54edccede8ffc1cffcdd19ac29ae8022
Microsoft Edge Chakra JIT InitClass Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a type confusion vulnerability in InitClass.

tags | advisory
advisories | CVE-2019-0539
SHA-256 | 367c15a86b6530dbd43aa9b2697e9a86c38d5e598f2ee86f71e076458456cbc2
Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.

tags | exploit
advisories | CVE-2019-0567
SHA-256 | 834d31cccca1204e88d3a244cd1080b2a05229d26e439537775eea80ec254732
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
Posted Jan 17, 2019
Authored by Chris Anastasio

Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 017c4375875f7ecb9494589e5292d5ebf3aec94dc014849bbc8f8c3255eff12b
Red Hat Security Advisory 2019-0095-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0095-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | e13f15c6023191667b121a72f77863a87c8e98db621e7987bddf0cf84a905f5f
Debian Security Advisory 4367-2
Posted Jan 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.

tags | advisory, memory leak
systems | linux, debian
SHA-256 | 5a618d4b5e972af4a334460811f809fb2e0080d36c65dae4e9d90697f2db11c8
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
SHA-256 | e9f157afd7f59180b86e0627f3b9de79d4da7a9d147657e0cbddcbeeed0173eb
ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution
Posted Jan 17, 2019
Authored by twosevenzero

ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-5782
SHA-256 | 87ae92c32eaba681a5a6d67e41e75964eaa0e457d2a28f8d7e2dddbe33ce22a1
doorGets CMS 7.0 File Download
Posted Jan 17, 2019
Authored by Ihsan Sencan

doorGets CMS version 7.0 suffers from a file download vulnerability.

tags | exploit, info disclosure
SHA-256 | aaaea3667468c7e0ba4519e10c8ea7e0580668b38bf946a6a9317b0bbfa0c52b
Windows Debugging 101
Posted Jan 17, 2019
Authored by Ialle Teixeira

Whitepaper called Windows Debugging 101. Written in Portuguese.

tags | paper
systems | windows
SHA-256 | 2324fbb15d00a66a50a187dd908b110e80d01432f9149bb9fb0d8b8d82c4868e
Ubuntu Security Notice USN-3861-2
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-19788
SHA-256 | 7bce7059444c2f41710ef023a65160038dfdc426e06bd8b1626464be80942c89
Red Hat Security Advisory 2019-0085-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-1000807, CVE-2018-1000808
SHA-256 | 91641b5fb25e7abbac9e4446fed551ad7f23f78b51824bf4ad24f00327749515
Red Hat Security Advisory 2019-0081-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0081-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.

tags | advisory, remote, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
SHA-256 | f75b0d16e83426e9dfc3323902017e37f639d875944ce19bbc8e7ecaac16033f
Red Hat Security Advisory 2019-0082-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a regular expression issue.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2018-7536
SHA-256 | e249015c935ba6fcc3b5e7c8b75a217603ac6cd4be7ef393145ec3489d08d142
Red Hat Security Advisory 2019-0094-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0094-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11218, CVE-2018-11219, CVE-2018-12326
SHA-256 | 5849f7ff38a43419a0e19ce437f25049927161960bd354155dc3c1e6340ee746
Red Hat Security Advisory 2019-0053-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0053-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.

tags | advisory, remote, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
SHA-256 | 5193edbbd2de71dc0adc69dac65b2b29d569de7e24504569e1e84b574da00c84
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close