exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2019-02-12

Android Binder VMA Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability in VMA via a race between reclaim and munmap.

tags | exploit
advisories | CVE-2019-1999
MD5 | b595de41d1f8f84b4916fab4d16567de
Android Binder fdget() Optimization Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability via fdget() optimization.

tags | exploit
advisories | CVE-2019-2000
MD5 | bc3a95911082f54f5d3a2b398792bb8b
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
MD5 | 39ab23a0de4dec4a4905136eb643b467
Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
MD5 | a039dec3039229db20b992fe7a5de40b
Red Hat Security Advisory 2019-0324-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-18397
MD5 | 1a59c85baccb480e7ff45c4e92cbdc7f
Red Hat Security Advisory 2019-0315-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
MD5 | 37af4fadd68586d2c557578b4aa96179
Debian Security Advisory 4377-2
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
MD5 | 1be2024628205aedc3c75bf102820976
CentOS Web Panel 0.9.8.763 Cross Site Scripting
Posted Feb 12, 2019
Authored by DKM

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
advisories | CVE-2019-7646
MD5 | 65d33120e280a9e636a124ec0ff6a60f
LayerBB 1.1.2 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

LayerBB version 1.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f26971b830d0e2428dc63ab97d5dc222
BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution
Posted Feb 12, 2019
Authored by Dustin Cobb

BlogEngine.NET version 3.3.6 suffers from code execution and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, file inclusion
advisories | CVE-2019-6714
MD5 | 5d60a05646610a370fa6e7cddfe9d0f6
Joomla ZCalendar Zap Calendar 4.4.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ZCalendar Zap Calendar version 4.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b816a65b1c30b65413eaf6c912954073
Joomla WordPress Blog 4.8.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9bd492b4e6ffb9d80be756ea3bc885a3
Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 921d3c97bc26f99b07f92951d9878fd3
Joomla PhocaGuestBook 3.0.8 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 72adb5bb821dbc5dee9b8e9b2392675a
Joomla Mosets Hot Property 1.0.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 074cee425c0c9e4b91e91ad71bb72be4
Joomla JoomGallery 3.2.2 / PonyGallery 2.5.1 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | cd763d7db31b2447255d77e1c7188f0c
Joomla ExtCalendar 2.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ce556aefdb9a5943f0f065d3358e33e4
Joomla BookLibrary 4.0.31 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 9fea1facd2b57089fd416142e1c77a60
Joomla Agora 4.10 Bypass / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2be680be9dcf548ab37efedbfdeba3fb
Joomla ABook Alexandria Book Library 3.1.4 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5e1aefb8d275638e01721a5a90f18af0
Debian Security Advisory 4389-1
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.

tags | advisory, overflow, arbitrary, protocol
systems | linux, debian
advisories | CVE-2018-20340
MD5 | 4ee8ca6e4bb55c9264a3428d659dd417
Jenkins 2.150.2 Remote Command Execution Via Node JS
Posted Feb 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.

tags | exploit, root
MD5 | ade3a0ed578a4cb39283ecf427031e3d
Microsoft Excel .SLK Payload Delivery
Posted Feb 12, 2019
Authored by Stan Hegt, Carter Brainerd, Pieter Ceelen | Site metasploit.com

This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.

tags | exploit, web
MD5 | 94d9c996172414156065a8ee4e017837
Webiness Inventory 2.3 SQL Injection
Posted Feb 12, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cc030d96bbdcee9f58b7951906f928d9
MyBB Bans List 1.0 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7adb3d1c47e070d2b5422342f95d6184
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    1 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close