exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2019-01-17

Falco 0.13.1
Posted Jan 17, 2019
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Improved documentation for running Falco within K8s and getting K8s Audit Logging to work with Minikube and Falco as a Daemonset within K8s. Fixed AWS Permissions for Kubernetes Response Engine. Fixed a potential crash that could occur when using the falco engine and rulesets. Various other fixes and updates.
tags | tool, intrusion detection
systems | unix
MD5 | 78ce31af76bd1d3dba5742052c7d309b
Microsoft Edge Chakra InlineArrayPush Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.

tags | exploit
advisories | CVE-2018-8617
MD5 | 43954049af42d6f9760693a7a6a692de
Mozilla Firefox 64 Information Disclosure
Posted Jan 17, 2019
Authored by Dr. Vladimir Bostanov

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.

tags | exploit, remote, local
MD5 | fe019fa6ad6c40086ca4f91c26ff77f8
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13798
MD5 | 94b83feccca12141f97e4a4996b14321
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
Posted Jan 17, 2019
Authored by Mohamed M.Fouad

Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-2413
MD5 | 04e442a342d11d6ebcdf78f719bbbf63
Linux/x86 TCP/4444 Bindshell Shellcode
Posted Jan 17, 2019
Authored by Joao Batista

100 bytes small Linux/x86 TCP/4444 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | e1b4afaf5ebf9bfb0ad5bef8869172a1
Ubuntu Security Notice USN-3862-1
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3862-1 - It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-5882
MD5 | 1835fc3a411b15251070ed9e7392758b
Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 1f0d1a5760ad50229ec53fa02c921fef
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | f7725173a86620e012164a7a17e2dfa1
Microsoft Edge Chakra JIT Use-After-Free / Flag Issue
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.

tags | exploit, javascript
advisories | CVE-2019-0568
MD5 | 5c28c1a80c423bfe8ef6de5aa3f1170b
Microsoft Edge Chakra JIT InitClass Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a type confusion vulnerability in InitClass.

tags | advisory
advisories | CVE-2019-0539
MD5 | 11b7cf6d3cee1b1b355fa3be30470188
Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.

tags | exploit
advisories | CVE-2019-0567
MD5 | 46eb78a54630f51f57be7bcdca2fa397
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
Posted Jan 17, 2019
Authored by Chris Anastasio

Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | d5cc68c9e775edbaf57809134a79ebcb
Red Hat Security Advisory 2019-0095-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0095-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 was retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.

tags | advisory
systems | linux, redhat
MD5 | 3158566d85c31f0dfc2d51ead425027d
Debian Security Advisory 4367-2
Posted Jan 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4367-2 - The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.

tags | advisory, memory leak
systems | linux, debian
MD5 | e6c45b7a762974159f1854d96b0e0726
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
MD5 | e2fcb7c12aedd4cbe1a64e468bb035e4
ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution
Posted Jan 17, 2019
Authored by twosevenzero

ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-5782
MD5 | d6775f8fba2dee0067eb79a6bbafd88f
doorGets CMS 7.0 File Download
Posted Jan 17, 2019
Authored by Ihsan Sencan

doorGets CMS version 7.0 suffers from a file download vulnerability.

tags | exploit, info disclosure
MD5 | eac5ba676929f7d6930898db4127be4a
Windows Debugging 101
Posted Jan 17, 2019
Authored by Ialle Teixeira

Whitepaper called Windows Debugging 101. Written in Portuguese.

tags | paper
systems | windows
MD5 | f6aed0ddc09c84c5c00bbef67d3c2fa6
Ubuntu Security Notice USN-3861-2
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-19788
MD5 | 1d929df08d738a1407781094c847f6a4
Red Hat Security Advisory 2019-0085-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0085-01 - The pyOpenSSL packages provide a high-level wrapper around a subset of the OpenSSL library for the Python programming language. Issues addressed include an use-after-free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-1000807, CVE-2018-1000808
MD5 | fc1904589b76d6f60961dff1431eb327
Red Hat Security Advisory 2019-0081-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0081-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.

tags | advisory, remote, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
MD5 | a2ed20828f9bb99429f75d2467b1d25c
Red Hat Security Advisory 2019-0082-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0082-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include a regular expression issue.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2018-7536
MD5 | 9aa0bddb050fd4996d48b05ff173bb32
Red Hat Security Advisory 2019-0094-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0094-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11218, CVE-2018-11219, CVE-2018-12326
MD5 | 0a8a34ac5fe8d795c162ea49204c9741
Red Hat Security Advisory 2019-0053-01
Posted Jan 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0053-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include buffer over-read and assertion failure vulnerabilities.

tags | advisory, remote, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
MD5 | ba9d36b2c4f40fb7198b650a3984ebd7
Page 1 of 2
Back12Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close