exploit the possibilities
Showing 1 - 25 of 30 RSS Feed

Files Date: 2019-01-23

AddressSanitizer (ASan) SUID Executable Privilege Escalation
Posted Jan 23, 2019
Authored by Brendan Coles, infodox, Szabolcs Nagy | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.

tags | exploit, arbitrary, shell, root
systems | linux
MD5 | 768b7239ece537e4a3e22a2f3279b203
I2P 0.9.38
Posted Jan 23, 2019
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Added source param to javadoc target. Updated translations. Various other updates.
tags | tool
systems | unix
MD5 | 9119e84f17f954cd08bb4351c5c4ed5b
Ghostscript Pseudo-Operator Remote Code Execution
Posted Jan 23, 2019
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.

tags | exploit, remote, code execution
advisories | CVE-2019-6116
MD5 | e54b142d6e973b2eeff15f79436c06e9
Coppermine 1.5.46 Cross Site Scripting
Posted Jan 23, 2019
Authored by Zekvan Arslan | Site netsparker.com

Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-14478
MD5 | d37f4a5ba2e5df45b19a516b5b451cff
Abantecart 1.2.12 Cross Site Scripting
Posted Jan 23, 2019
Authored by Omer Citak | Site netsparker.com

Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20141
MD5 | 0edc0824914bad114401c6285e552c46
DNN 9.1 XML Related Cross Site Scripting
Posted Jan 23, 2019
Authored by Mustafa Yalcin | Site netsparker.com

DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability.

tags | exploit, xss
advisories | CVE-2018-14486
MD5 | 600a989ae129a314d8e503c03627307b
Microsoft Windows Contact File HTML Link Injection Remote Code Execution
Posted Jan 23, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.

tags | exploit, code execution
systems | windows
MD5 | 8da8aed6efa36cf9b75b407094e89ecd
Joomla! Easy Shop 1.2.3 Local File Inclusion
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! Easy Shop component version 1.2.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 3509bcf57a850b72f093872afe9be95f
Joomla! J-BusinessDirectory 4.9.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-BusinessDirectory component version 4.9.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f783cf7eeca5852d489622cb0930616
Joomla! VMap 1.9.6 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! VMap component version 1.9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e683c8881dc1eeb8e10bc5df8991b1a9
Joomla! vBizz 1.0.7 Code Execution
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vBizz component version 1.0.7 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 3a3821bdae7ddf54707fd45921f98076
Joomla! vBizz 1.0.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vBizz component version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 78bba9c7c3f1203134ac5d9016aaca19
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
Posted Jan 23, 2019
Authored by Chris Lyne

Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
MD5 | 9db3bf9447a6e05a531207e50c4eafd9
Joomla! J-ClassifiedsManager 3.0.5 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-ClassifiedsManager component version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4444e066d853c9ec3a9aa7599bec7bc4
Joomla! J-MultipleHotelReservation 6.0.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-MultipleHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 78d9e82842e71daa797e32ace34d037c
Joomla! vReview 1.9.11 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vReview component version 1.9.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 063e3b0a8b2b8d820fefc21ba9d567a7
Joomla! vAccount 2.0.2 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vAccount component version 2.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c13f5a887c708865f816f1b3db0b1bfe
Joomla! vWishlist 1.0.1 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vWishlist component version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 39bce7b4af90dfcf961fcd240e449dd8
Ubuntu Security Notice USN-3866-1
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-6116
MD5 | 2e5dbb4b6ecaaeecf3f96464df517e02
Ubuntu Security Notice USN-3867-1
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-2420, CVE-2019-2482, CVE-2019-2510, CVE-2019-2532
MD5 | 0422364ea08e4894d513b80f6cc6b6b3
Red Hat Security Advisory 2019-0148-01
Posted Jan 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 0fda3561dea8fdd3daf9111ad9608801
Ubuntu Security Notice USN-3707-2
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7426, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183, CVE-2018-7185
MD5 | 2f54f1b535f2b9e7d16c597307f59f6d
Slackware Security Advisory - httpd Updates
Posted Jan 23, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0190
MD5 | c0546cf2a4b81e7d6bd50bc69c8fa452
Apple Security Advisory 2019-1-22-3
Posted Jan 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-1-22-3 - watchOS 5.1.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-6202, CVE-2019-6209, CVE-2019-6210, CVE-2019-6213, CVE-2019-6214, CVE-2019-6216, CVE-2019-6217, CVE-2019-6219, CVE-2019-6224, CVE-2019-6226, CVE-2019-6227, CVE-2019-6230, CVE-2019-6231, CVE-2019-6235
MD5 | 50905e395166c271226117beb88b0067
Apple Security Advisory 2019-1-22-2
Posted Jan 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-4452, CVE-2018-4467, CVE-2019-6200, CVE-2019-6202, CVE-2019-6205, CVE-2019-6208, CVE-2019-6209, CVE-2019-6210, CVE-2019-6211, CVE-2019-6213, CVE-2019-6214, CVE-2019-6218, CVE-2019-6219, CVE-2019-6220, CVE-2019-6221, CVE-2019-6224, CVE-2019-6225, CVE-2019-6230, CVE-2019-6231, CVE-2019-6235
MD5 | cae67bf4c690937155c39a1c52919589
Page 1 of 2
Back12Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close