exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2019-01-24

CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting
Posted Jan 24, 2019
Authored by Marc Nimmerrichte | Site sec-consult.com

CA Automic Workload Automation Web Interface versions 12.0, 12.1, and 12.2 suffer from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2019-6504
MD5 | 94f61cf33cb702f316eb5e02642c1426
Endian Firewall Community release 3.3.0 Cross Site Scripting
Posted Jan 24, 2019
Authored by Ozer Goker

Endian Firewall Community release version 3.3.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 2ca0bcac48d5d4b2c7a16266973f30fd
CA Automic Workload Automation 12.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ken Williams, Marc Nimmerrichte | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.

tags | advisory, web, xss
advisories | CVE-2019-6504
MD5 | 7a2927d39fb28bb1d5fe04e9edcc54d3
Red Hat Security Advisory 2019-0160-01
Posted Jan 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0160-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
MD5 | 49c00b833d5e8cf655b80ed6818a5106
Ubuntu Security Notice USN-3868-1
Posted Jan 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3868-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12389, CVE-2018-12405, CVE-2018-18494
MD5 | 156bb1a970deaa330fff2d0b171db985
Ubuntu Security Notice USN-3869-1
Posted Jan 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3869-1 - Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-11803
MD5 | f90e3a252894342f01a7b009c6d08279
Red Hat Security Advisory 2019-0159-01
Posted Jan 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0159-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
MD5 | 6a3e2900334fea71f52a89062ddf4b5c
Splunk Enterprise 7.2.3 Command Execution
Posted Jan 24, 2019
Authored by Lee Mazzoleni

Splunk Enterprise version 7.2.3 authenticated remote reverse shell code execution exploit.

tags | exploit, remote, shell, code execution
MD5 | df373c09f1ec13bc91f5b1af385b3c67
MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation
Posted Jan 24, 2019
Authored by D7X

MySQL user-defined (Linux) x32 / x86_64 sys_execfunction local privilege escalation exploit. Can be leveraged against versions 4.x and 5.x.

tags | exploit, local
systems | linux
MD5 | 11297728ea4b88223b36ef198b04aabc
SirsiDynix e-Library 3.5.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ozkan Mustafa Akkus

SirsiDynix e-Library version 3.5.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20503
MD5 | 81cf1587437077c2a0413588d0381b63
Logwatch 7.5.1
Posted Jan 24, 2019
Site logwatch.org

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 3d14fa6e0fb56f890d2b3fd9cbc3162f
Cisco RV320 Command Injection
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1652
MD5 | cafb4ced2f3eab94923ea85bcfb23157
Cisco RV320 Unauthenticated Diagnostic Data Retrieval
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 91a2e5f5865089a09b9294c78db4dd79
Cisco RV320 Unauthenticated Configuration Export
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 26f91421f6edf594c084d8cc00f2287e
RVAsec 2019 Call For Papers
Posted Jan 24, 2019
Site rvasec.com

RVAsec is a Richmond, VA based security convention that brings top industry speakers to the Mid-Atlantic region. In its seventh year, RVAsec 2018 attracted over 650 security professionals from across the country. For 2019, the conference is a two day and three track format, with a mixed focus on technical and management/business presentations. It will take place May 22nd through the 23rd, 2019 in Richmond, VA, USA.

tags | paper, conference
MD5 | 729ff0d02d949fb47e5664b6d7c931d1
ImpressCMS 1.3.11 SQL Injection
Posted Jan 24, 2019
Authored by Mehmet Onder Key

ImpressCMS version 1.3.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c9e757f8983491cd9db0e55f8fda189d
iOS / macOS task_swap_mach_voucher() Use-After-Free
Posted Jan 24, 2019
Authored by Google Security Research, bazad

task_swap_mach_voucher() on iOS and macOS have an issue where task_swap_mach_voucher() does not respect MIG semantics leading to a use-after-free condition.

tags | exploit
systems | ios
advisories | CVE-2019-6225
MD5 | b54e0bcff3347b2276ccbec5eaa71bdc
Joomla! JHotelReservation 6.0.7 SQL Injection
Posted Jan 24, 2019
Authored by Ihsan Sencan

Joomla! JHotelReservation component version 6.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | de9d932cf357aa85575da15cb8e0d282
SimplePress CMS 1.0.7 SQL Injection
Posted Jan 24, 2019
Authored by Ihsan Sencan

SimplePress CMS version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a2aee678df82ab2b0f4ffa99dff047ef
Joomla! J-CruisePortal 6.0.4 SQL Injection
Posted Jan 24, 2019
Authored by Ihsan Sencan

Joomla! J-CruisePortal component version 6.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ee84b416a38eb9ccb7211ec2b0558f9b
Zyxel NBG-418N V2 Cross Site Request Forgery
Posted Jan 24, 2019
Authored by Ali Can Gonullu

Zyxel NBG-418N V2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-6710
MD5 | 850dc5a32f75221930fac48dd5fba6f7
Microsoft Remote Desktop 10.2.4(134) Denial Of Service
Posted Jan 24, 2019
Authored by Saeed Hasanzadeh

Microsoft Remote Desktop version 10.2.4(134) suffers from a denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 1707be2609a234f4a8d09fe7611ab322
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close