exploit the possibilities
Showing 1 - 24 of 24 RSS Feed

Files Date: 2019-02-06

Ubuntu Security Notice USN-3883-1
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10119, CVE-2018-10583, CVE-2018-16858
MD5 | 3a1aa43861dde35ad0fb4173c374375b
Ubuntu Security Notice USN-3882-1
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
MD5 | 0f925b1c5398dda61353888f8f8f00b0
Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting
Posted Feb 6, 2019
Authored by Ozer Goker

Smoothwall Express version 3.1-SP4-polar-x86_64-update9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 466668486d6fe9caea806da6d15dc89d
FreeBSD Security Advisory - FreeBSD-SA-19:02.fd
Posted Feb 6, 2019
Authored by Peter Holm | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, kernel, local, root
systems | freebsd
advisories | CVE-2019-5596
MD5 | d2a5625f6a6acebfab7130396aaad041
FreeBSD Security Advisory - FreeBSD-SA-19:01.syscall
Posted Feb 6, 2019
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5595
MD5 | 4fa532c6e04c2f256ea9ead2ce8d94a8
Debian Security Advisory 4385-1
Posted Feb 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.

tags | advisory, bypass
systems | linux, debian
advisories | CVE-2019-3814
MD5 | 59f2eb21224b4ade9f55a314275c3509
River Past Audio Converter 7.7.16 Buffer Overflow
Posted Feb 6, 2019
Authored by Matteo Malvica

River Past Audio Converter version 7.7.16 buffer overflow SEH exploit.

tags | exploit, overflow
MD5 | 956a7fd47b7777cb9406178fef991fc5
osCommerce 2.3.4.1 SQL Injection
Posted Feb 6, 2019
Authored by Mehmet Emiroglu

osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 8fea5cf7d607b45bbf0739919ed24e08
WordPress YOP Poll 6.0.2 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress YOP Poll plugin version 6.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f49372ac89935efd99a329703c3b2ac3
Ubuntu Security Notice USN-3881-2
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
MD5 | 9d23ce1274d573e9d037153a6f17b56b
WordPress WP Live Chat 8.0.18 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5328e43dbd0cb5e43a34ad7681697113
WordPress wpGoogleMaps 7.10.41 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress wpGoogleMaps plugin version 7.10.41 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 356e04d4a085a90d5fb5f56c87053aa5
Skia Buffer Overflow
Posted Feb 6, 2019
Authored by Ivan Fratric, Google Security Research

Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | db5ddb42f112cdaac1ac2d70bcdebc9a
WordPress Social Networks Auto-Poster 4.2.7 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Social Networks Auto-Poster plugin version 4.2.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bbffb806178e46c12654e876c046fab8
OpenMRS Platform Insecure Object Deserialization
Posted Feb 6, 2019
Authored by Bishop Fox

OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.

tags | exploit
advisories | CVE-2018-19276
MD5 | 9337bc5297d0fd2e7407cddfae73ab12
WordPress KingComposer 2.7.6 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1e38372f668c067d98205a34c1f25cbb
WordPress Give 2.3.0 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 76609cd5b42353b9a525a9c2ed1f15e1
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
Posted Feb 6, 2019
Authored by Yusuf Furkan

Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-7391
MD5 | d03489f72f2fda1507d259824d00692e
WordPress Font Organizer 2.1.1 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Font Organizer plugin version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | eacb9f0eaa97c1934254f1039bd2acd2
River Past Audio Converter 7.7.16 Denial Of Service
Posted Feb 6, 2019
Authored by Achilles

River Past Audio Converter version 7.7.16 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 02b6fb485b21ee34945ef72cb05ca9e1
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-9646
MD5 | a45930f318c3daf72f829b4afa303a37
Device Monitoring Studio 8.10.00.8925 Denial Of Service
Posted Feb 6, 2019
Authored by Victor Mondragon

Device Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 8e87f007e01aa3082e704d734b2d9e09
WordPress Blog2Social 5.0.2 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9576
MD5 | 361d66ce2b9e0256cf6e637e381159d9
Linux/x86 Random Insertion Encoder / Decoder Shellcode Generator
Posted Feb 6, 2019
Authored by Aditya Chaudhary

Linux/x86 random insertion encoder and decoder shellcode generator.

tags | x86, shellcode
systems | linux
MD5 | 427e3657cccf1dbed731545609284bc7
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    1 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close