exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2019-02-12

Android Binder VMA Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability in VMA via a race between reclaim and munmap.

tags | exploit
advisories | CVE-2019-1999
SHA-256 | 30e7b19cade88138c58960f0d7e5f5b18ba1d4a346ffb29b3faf11ceb745b600
Android Binder fdget() Optimization Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability via fdget() optimization.

tags | exploit
advisories | CVE-2019-2000
SHA-256 | e1809748df02c9d09d6f4feddfb033fdc2a0eee3d38b0c8d9099f338a04d4eed
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79
Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
SHA-256 | 108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063a
Red Hat Security Advisory 2019-0324-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-18397
SHA-256 | eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0c
Red Hat Security Advisory 2019-0315-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
SHA-256 | dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918
Debian Security Advisory 4377-2
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
SHA-256 | 04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75
CentOS Web Panel 0.9.8.763 Cross Site Scripting
Posted Feb 12, 2019
Authored by DKM

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
advisories | CVE-2019-7646
SHA-256 | 363a981e5d0b6820f7dbde5f83a8e9b84e0cc2a0208e369d24a824efdd7dd5ee
LayerBB 1.1.2 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

LayerBB version 1.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 702c64ef6a0d830cae9f5467564cef670bd29d35be3a0a60bcd6a840fb550c9f
BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution
Posted Feb 12, 2019
Authored by Dustin Cobb

BlogEngine.NET version 3.3.6 suffers from code execution and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, file inclusion
advisories | CVE-2019-6714
SHA-256 | e49280b62c0fab022834f64d848d66c34f0be69807c773aa5c6000bf8eead37e
Joomla ZCalendar Zap Calendar 4.4.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ZCalendar Zap Calendar version 4.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0fd178b31648f3260452ba672ccfd7a94ebc42604baf12da7d46688879a39c6b
Joomla WordPress Blog 4.8.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f23d0cf4071ad835fc57ff9482cc094ed174de476687030b773d1f1d64132f26
Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 49477a24bf923b15d7a1fa08ddc92a230dc8d16473c7b84812942e3253b3e04e
Joomla PhocaGuestBook 3.0.8 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | ff3ed0f4f6b454abdcb15666e6a1492409e1946ba2cf91ede9b57a8366956184
Joomla Mosets Hot Property 1.0.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7e0f599e2a5ac00ba05dcfd0954c7ad84f620009dbd2dc1879f788236ebf35e1
Joomla JoomGallery 3.2.2 / PonyGallery 2.5.1 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 67a774b08d7de877c935eac6bfa362b3adaa01b872550253e50478960fa34e27
Joomla ExtCalendar 2.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f1ddc09174aefaf7e7e70d98ddd545b17e5a8103c4059ebb61ae539c02af0ebc
Joomla BookLibrary 4.0.31 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 666573b06f3b684ec2602cb6e3a8267107b0d14b8d72d5580802d755724fd52a
Joomla Agora 4.10 Bypass / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 5ee466b9276f596647b1cb303df250caa5a3b0c0b515c80a0250a2e313c4457f
Joomla ABook Alexandria Book Library 3.1.4 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e87de497e1bf652b6ade3c24668df4261df02eb3e949f4b1f9f1eb1d4eb165e6
Debian Security Advisory 4389-1
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.

tags | advisory, overflow, arbitrary, protocol
systems | linux, debian
advisories | CVE-2018-20340
SHA-256 | e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8
Jenkins 2.150.2 Remote Command Execution Via Node JS
Posted Feb 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.

tags | exploit, root
SHA-256 | 8ea53be5af0483c2c3d30fcac65026e3a286197d419ceee4de6b5bf2f1cabbcc
Microsoft Excel .SLK Payload Delivery
Posted Feb 12, 2019
Authored by Stan Hegt, Carter Brainerd, Pieter Ceelen | Site metasploit.com

This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.

tags | exploit, web
SHA-256 | 7a0ea0738d43606ec6870e46a4249dfcb5578f826120fe39781d750879c33d98
Webiness Inventory 2.3 SQL Injection
Posted Feb 12, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7938902c9f301faa0f8de8e0dcb408f4f33880e0a27f737835c8243f972462d6
MyBB Bans List 1.0 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 95a8b1f2cfa7e437a276bbabdb00d7498620ef5483e38eeeb1eeecad3491dba5
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close