what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2019-03-04

Ubuntu Security Notice USN-3885-2
Posted Mar 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3885-2 - USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Various other issues were also addressed.

tags | advisory, remote, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-6111
MD5 | f34497e7fb170dcf3d9ac60a51149cd4
Red Hat Security Advisory 2019-0451-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0451-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8034
MD5 | d92725286cd7975d7b49cbecff111071
Red Hat Security Advisory 2019-0450-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0450-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8034
MD5 | b703248ad98a068406de09ea919ce402
Red Hat Security Advisory 2019-0447-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0447-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.4 will be retired as of August 31, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.4 EUS after August 31, 2019.

tags | advisory
systems | linux, redhat
MD5 | 2c0ee3fb04d4ab597b93ca1ff4dbb247
Red Hat Security Advisory 2019-0442-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0442-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.4 AMC after February 28, 2019.

tags | advisory
systems | linux, redhat
MD5 | 312243d6890240e79b259489fcd53b60
Slackware Security Advisory - python Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2013-1752, CVE-2018-14647, CVE-2019-5010
MD5 | 3eb99ececd59f5902ac4f6a8a791a1f8
Debian Security Advisory 4387-2
Posted Mar 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4387-2 - It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

tags | advisory, arbitrary, protocol
systems | linux, debian
advisories | CVE-2019-6111
MD5 | 88cea46d231b8279eecaac5b7333b593
SAP J2EE Engine/7.01/Fiori Protocol Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.

tags | exploit, protocol, xss
advisories | CVE-2018-17865
MD5 | 87608a04c90efd9ec4d99ebd0702524f
SAP J2EE Engine/7.01/Fiori test2 Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /TestJDBC_Web/test2.

tags | exploit, xss
advisories | CVE-2018-17862
MD5 | aac5f3f887418ac8ba5fc0ede3fe985b
SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Portal/EPP suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.

tags | exploit, protocol, xss
advisories | CVE-2018-17861
MD5 | 4841a0b7bbc93e83ab2b1cc881e5a424
Craft CMS 3.1.12 Pro Cross Site Scripting
Posted Mar 4, 2019
Authored by Ismail Tasdelen

Craft CMS version 3.1.12 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9554
MD5 | 20ba08688f6cd675d50188aaf7fb65f5
Bold CMS 3.6.4 Cross Site Scripting
Posted Mar 4, 2019
Authored by Ismail Tasdelen

Bold CMS version 3.6.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9553
MD5 | 09cb17876808407c7b7a86f04c6993b6
Slackware Security Advisory - infozip Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384
MD5 | 8f809ffda4bef4c8b546a9321848782d
Ability Mail Server 4.2.6 Cross Site Scripting
Posted Mar 4, 2019
Authored by Aloyce J. Makalanga

Ability Mail Server version 4.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9557
MD5 | 1f34b34d146716425042aed6b81b8e02
Mailtraq WebMail 2.17.7.3550 Cross Site Scripting
Posted Mar 4, 2019
Authored by Aloyce J. Makalanga

Mailtraq WebMail version 2.17.7.3550 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9558
MD5 | 174591c0b08c18f2b26d96fb249e1750
Microsoft Edge Chakra 1.11.4 Type Confusion
Posted Mar 4, 2019
Authored by Fahad Aid Alharbi

Microsoft Edge Chakra version 1.11.4 read permission via type confusion proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2019-0539
MD5 | fdfbeed046784671787a8891b3bcd7f8
zzzphp CMS 1.6.1 Cross Site Request Forgery
Posted Mar 4, 2019
Authored by Yang Chenglong

zzzphp CMS version 1.6.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-9082
MD5 | 556138e85eec0ed23a212b2f2169618e
Linux/x64 Kill All Processes Shellcode
Posted Mar 4, 2019
Authored by Aron Mihaljevic

11 bytes small Linux/x64 kill all processes shellcode.

tags | shellcode
systems | linux
MD5 | 51eb3c1c02e1c93c00e6062adbf418c9
Linux/x86 iptables -F Shellcode
Posted Mar 4, 2019
Authored by Cameron Brown

43 bytes small Linux/x86 iptables -F shellcode.

tags | x86, shellcode
systems | linux
MD5 | 4dbeca963f8aae1416e64c4b94111820
WordPress WP-DreamworkGallery 2.3 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

WordPress WP-DreamworkGallery plugin version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | ebb77b46f615eb3e479a22add194666d
1C-Bitrix Site Management Russia 2.0 Open Redirection
Posted Mar 4, 2019
Authored by KingSkrupellos

1C-Bitrix Site Management Russia version 2.0 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 446fc377da8089a2ed086541873688a3
Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

Joomla ModPPCSimpleSpotLight module versions 1.2 and 3.0 suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | deefd967b89d7090b674d60afaae3978
NOT Encoder / Decoder Shellcode
Posted Mar 4, 2019
Authored by Daniele Votta

44 bytes small Linux/x86 execve() /bin/sh NOT encoder and decoder shellcode. This technique is useful for bypassing some AV systems.

tags | x86, shellcode
systems | linux
MD5 | de82ed37ecb7f593351ba4ec02eff1df
Kache Cross Protocol Request Forgery
Posted Mar 4, 2019
Authored by Codex Lynx

Kache as of commit de2c39491625c3f087027be961a17191e85f6d30 suffers from a cross protocol request forgery vulnerability.

tags | exploit, protocol
MD5 | 94810b65a0abff4e8aa4dbe67a50216b
Xoops 1.0.2 PD-Links 1.0 Database Disclosure
Posted Mar 4, 2019
Authored by KingSkrupellos

Xoops version 1.0.2 with PD-Links module version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | b463e4e8984ef37e5cca3a0c6989cc5c
Page 1 of 1
Back1Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    1 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close