what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2019-01-23

AddressSanitizer (ASan) SUID Executable Privilege Escalation
Posted Jan 23, 2019
Authored by Brendan Coles, infodox, Szabolcs Nagy | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.

tags | exploit, arbitrary, shell, root
systems | linux
SHA-256 | 0e6f740ce9bc200d846f84b085e1b15b388b872a85100b6499f36331dcd60d30
I2P 0.9.38
Posted Jan 23, 2019
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Added source param to javadoc target. Updated translations. Various other updates.
tags | tool
systems | unix
SHA-256 | 65fe327fdd11272a764c9e1c6ae1f38b151cea9003216b861c7ff2b281ca2970
Ghostscript Pseudo-Operator Remote Code Execution
Posted Jan 23, 2019
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.

tags | exploit, remote, code execution
advisories | CVE-2019-6116
SHA-256 | 6f82dc2c71113403be2f8d208d1801454419d4178873a71ecf3e7231bb75fa9f
Coppermine 1.5.46 Cross Site Scripting
Posted Jan 23, 2019
Authored by Zekvan Arslan | Site netsparker.com

Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-14478
SHA-256 | 38b80db2c56e17ffeddbb0f779d6162b367b3d055203dc2936b95d756b85c455
Abantecart 1.2.12 Cross Site Scripting
Posted Jan 23, 2019
Authored by Omer Citak | Site netsparker.com

Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20141
SHA-256 | 9049506bf8cac7203cc836634a13bb52cc4e386f1736d2424ed25fee79a9ef91
DNN 9.1 XML Related Cross Site Scripting
Posted Jan 23, 2019
Authored by Mustafa Yalcin | Site netsparker.com

DNN version 9.1 suffers from a cross site scripting issue that can be achieved via an XML vulnerability.

tags | exploit, xss
advisories | CVE-2018-14486
SHA-256 | 524165c60ed031fcefc4fdd7b52e564af0f4bd3450ce057e38a1662da131284e
Microsoft Windows Contact File HTML Link Injection Remote Code Execution
Posted Jan 23, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.

tags | exploit, code execution
systems | windows
SHA-256 | e16184bb657aebad54ac521372498653ef4ce63d19c5b150334e57414d202fdc
Joomla! Easy Shop 1.2.3 Local File Inclusion
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! Easy Shop component version 1.2.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 7ebc46eaa01b10e34e0867ed6c6f2432b67a99b6479b0eb3c8bff76a57807364
Joomla! J-BusinessDirectory 4.9.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-BusinessDirectory component version 4.9.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ece141f3f2e32a705932b56df62b4b0234b266a7330fc8e04d9aff44e0ea9060
Joomla! VMap 1.9.6 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! VMap component version 1.9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c525825038f94674d36b285c9d73c5f076fbda61bb214bcf20d362fb12c6de74
Joomla! vBizz 1.0.7 Code Execution
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vBizz component version 1.0.7 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 1b2b50d42b3ac2ded00024104a0b54e504c75ed6aabdcb25b5578d9a93412572
Joomla! vBizz 1.0.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vBizz component version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1f669e3aafb97e30887d32f750562f31c9d5a8b7b760d244dc9e0a2b43f45f71
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
Posted Jan 23, 2019
Authored by Chris Lyne

Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
SHA-256 | 24108dbb8c9c59ae34ce542303af31e1e4a7a64d3f72d47d85b85c06711c4a54
Joomla! J-ClassifiedsManager 3.0.5 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-ClassifiedsManager component version 3.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 02081fc738336962e9db2c49eab0a648edbfbc8b34944da49d441167fd6e9489
Joomla! J-MultipleHotelReservation 6.0.7 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! J-MultipleHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2fbae3a71241e85cb204b6ed16189ab45ad1868a7b4ceb564029b35979e38bbb
Joomla! vReview 1.9.11 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vReview component version 1.9.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 62197c373e13a2ae6e10adc85159763a86cd18c52f703c309cc22e5d1e59d642
Joomla! vAccount 2.0.2 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vAccount component version 2.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 293a9418a9c1d355b3bc1cbfe464731a37ba3f6c93c0d71d2e9323413cf8aa68
Joomla! vWishlist 1.0.1 SQL Injection
Posted Jan 23, 2019
Authored by Ihsan Sencan

Joomla! vWishlist component version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 855e78f7977dd5af02a00f316f65ab4ee0d843e713ed2c74e50436578065c385
Ubuntu Security Notice USN-3866-1
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3866-1 - Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-6116
SHA-256 | 39c2317129a0f2797b184193f238e6b3905f879dd65b2bd8f0ca13cd1b69f6c6
Ubuntu Security Notice USN-3867-1
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3867-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-2420, CVE-2019-2482, CVE-2019-2510, CVE-2019-2532
SHA-256 | e34b43d0d03263ddfe392cfad50db5716adf819a0950971ca80c57c77b8e7f20
Red Hat Security Advisory 2019-0148-01
Posted Jan 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0148-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | cf6f99e1d878aeca36d32384df37ac2dc42e37a931da9993dc7f86d945451493
Ubuntu Security Notice USN-3707-2
Posted Jan 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3707-2 - USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7426, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183, CVE-2018-7185
SHA-256 | 491d58f999c7eea8810601c09831b240d9aedad6123ec22fdeec53a32edec41b
Slackware Security Advisory - httpd Updates
Posted Jan 23, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0190
SHA-256 | 38a254b8bd2b84ac3da8078e193ce32a2e57e602cb9e073ebb4f6bbab8a36bbd
Apple Security Advisory 2019-1-22-3
Posted Jan 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-1-22-3 - watchOS 5.1.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-6202, CVE-2019-6209, CVE-2019-6210, CVE-2019-6213, CVE-2019-6214, CVE-2019-6216, CVE-2019-6217, CVE-2019-6219, CVE-2019-6224, CVE-2019-6226, CVE-2019-6227, CVE-2019-6230, CVE-2019-6231, CVE-2019-6235
SHA-256 | f6b7c427628bb1eda79658a3347640a2c92fc5920ea88de3534d613cb984a5ad
Apple Security Advisory 2019-1-22-2
Posted Jan 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-1-22-2 - macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2018-4452, CVE-2018-4467, CVE-2019-6200, CVE-2019-6202, CVE-2019-6205, CVE-2019-6208, CVE-2019-6209, CVE-2019-6210, CVE-2019-6211, CVE-2019-6213, CVE-2019-6214, CVE-2019-6218, CVE-2019-6219, CVE-2019-6220, CVE-2019-6221, CVE-2019-6224, CVE-2019-6225, CVE-2019-6230, CVE-2019-6231, CVE-2019-6235
SHA-256 | 07dfb353b9339db985c408e32871a075cb57f6f7bfc5edd7f63917f471a9b513
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close