what you don't know can hurt you
Showing 1 - 25 of 50 RSS Feed

Files Date: 2019-02-05

WordPress Quiz And Survey Master 6.0.4 Cross Site Scripting
Posted Feb 5, 2019
Authored by Tim Coen

WordPress Quiz and Survey Master plugin version 6.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9575
MD5 | 8cf4389c6ef5c1e1ef7673958e671ef0
Dell EMC VNX2 Family OS Command Injection
Posted Feb 5, 2019
Authored by Dell Product Security Incident Response Team | Site dellemc.com

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudoers, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

tags | advisory, arbitrary, local, root
advisories | CVE-2019-3704
MD5 | 8b2011fd3b0539d810ad80823308b682
WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection
Posted Feb 5, 2019
Authored by Tim Coen

WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2019-9567, CVE-2019-9568
MD5 | 2afe6529f7b9766f6122210d9142937e
Ubuntu Security Notice USN-3881-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
MD5 | a7b034214697ad1cd15b379ec5191896
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
Posted Feb 5, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

OSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | 7d8dfcb6bbea4a458be7237a76e44121
Red Hat Security Advisory 2019-0275-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0275-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a crash condition.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-20615
MD5 | b1f23ecb1e474d5a9bce8d47f5d0672a
Debian Security Advisory 4384-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-6977, CVE-2019-6978
MD5 | 2d023cb3c984583f2c891fe07f43d4ac
Ubuntu Security Notice USN-3880-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
MD5 | 487a306925c7e670db035236bdf205f4
Cisco ISE 2.4.0 XSS / Remote Code Execution
Posted Feb 5, 2019
Authored by Pedro Ribeiro, Dominik Czarnota | Site agileinfosec.co.uk

Cisco Identity Services Engine (ISE) version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided.

tags | exploit, java, remote, code execution, xss
systems | cisco
advisories | CVE-2017-5641, CVE-2018-15440
MD5 | fa717428076a044b9b2d005670cbabd5
WordPress WP User Manager 2.0.8 Shell Upload
Posted Feb 5, 2019
Authored by Mr Winst0n

WordPress WP User Manager plugin version 2.0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 3fca06ac6e8e03541e64f3fb8360717c
SQLMAP - Automatic SQL Injection Tool 1.3.2
Posted Feb 5, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates. Implemented support for automatic decoding of page content through detected charset. Added new tampering scripts avoiding popular WAF/IPS mechanisms. May other additions and fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | b9e8559cf071037f2344a0160a237897
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Posted Feb 5, 2019
Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.

MD5 | 180edc8c969ba13aff69b78acb0a5626
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, arbitrary, root, vulnerability, code execution
MD5 | f23f6c76299553ece645020b9e371c87
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.

tags | exploit, arbitrary
MD5 | 180edc8c969ba13aff69b78acb0a5626
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 2eed9bbda22111e9816aab55c98c6681
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera M2.1.6 suffers from an unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
MD5 | 3817ffc920ddabf03769e39fa1c05d7f
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.

tags | exploit, remote, arbitrary, cgi, root, code execution
MD5 | d0d9a695ba647ee2e5787de552d0538e
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | e852b2c1f1bcfd701b84be2ef2d46252
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN Cockpit version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 587ae547538ac1fa25a508f14deedb6a
Qkr! With MasterPass Man-In-The-Middle
Posted Feb 5, 2019
Authored by David Coomber

Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.

tags | advisory
advisories | CVE-2019-6702
MD5 | 84888b6ce78bde23ac55322ff81ac951
Ubuntu Security Notice USN-3880-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-1 - It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
MD5 | 2df3c39651f380c1654b491a60d6c979
Ubuntu Security Notice USN-3871-3
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3871-3 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10883, CVE-2018-14625, CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407, CVE-2018-9516
MD5 | a61ce6346050754f5ddbc713c1f79084
Ubuntu Security Notice USN-3879-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3879-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, CVE-2018-19824, CVE-2018-20169
MD5 | de715ed77a7448afa809105bbb07f753
Ubuntu Security Notice USN-3878-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3878-1 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-19854
MD5 | 9e099e4ba51ada496ad8b339ee89b49c
Ubuntu Security Notice USN-3879-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, CVE-2018-19824, CVE-2018-20169
MD5 | 7d67540e48e386ac0d76ffd1bd9f7fbe
Page 1 of 2
Back12Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close