what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2019-03-04

Ubuntu Security Notice USN-3885-2
Posted Mar 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3885-2 - USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Various other issues were also addressed.

tags | advisory, remote, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-6111
SHA-256 | 5400ce629e7b76b1cd286ddd76665cc5261eb4947ec09c7df32e8af543782b46
Red Hat Security Advisory 2019-0451-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0451-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8034
SHA-256 | a0743aaceb1bfe811fd38cd204959142dda0628558b456390ad7b77106d17fe3
Red Hat Security Advisory 2019-0450-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0450-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8034
SHA-256 | 720fda82e42ad81dc5e7cb888102ddb3b1cd4b7be53ee640c8f1671af0a4db95
Red Hat Security Advisory 2019-0447-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0447-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.4 will be retired as of August 31, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.4 EUS after August 31, 2019.

tags | advisory
systems | linux, redhat
SHA-256 | 2abe16aea030f8db9651eeb8c0259da8b1a191405f83a804d682d5939cdca84a
Red Hat Security Advisory 2019-0442-01
Posted Mar 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0442-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.4 AMC after February 28, 2019.

tags | advisory
systems | linux, redhat
SHA-256 | 76742177e81df263c0635d4ce8e7b5cd52aa503d6ce16792572e54c5e2e5717a
Slackware Security Advisory - python Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2013-1752, CVE-2018-14647, CVE-2019-5010
SHA-256 | 52a84adbeec2cbda8ee02c5ecf9133aa6619003fed96dbfff3243a9698dc18ab
Debian Security Advisory 4387-2
Posted Mar 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4387-2 - It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

tags | advisory, arbitrary, protocol
systems | linux, debian
advisories | CVE-2019-6111
SHA-256 | 854f90e3cf9593b95c38215f44e76cc70383ccc8c8e7b1e4dc3f3da3b5467a8d
SAP J2EE Engine/7.01/Fiori Protocol Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.

tags | exploit, protocol, xss
advisories | CVE-2018-17865
SHA-256 | 1d05bdca84ed3c650d5b053226d2155bcf3b27763c77935387db28b97ff99a78
SAP J2EE Engine/7.01/Fiori test2 Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /TestJDBC_Web/test2.

tags | exploit, xss
advisories | CVE-2018-17862
SHA-256 | fe7f243b4372e8572081147b63d87b81a04e3ba1c827af2aeab458f2859ffd51
SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting
Posted Mar 4, 2019
Authored by Ece Orsel

SAP J2EE Engine/7.01/Portal/EPP suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.

tags | exploit, protocol, xss
advisories | CVE-2018-17861
SHA-256 | 27152e61f1a781c5bfd28a783fe1547fc32601d76e3fa421792636b1f0948b00
Craft CMS 3.1.12 Pro Cross Site Scripting
Posted Mar 4, 2019
Authored by Ismail Tasdelen

Craft CMS version 3.1.12 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9554
SHA-256 | 1cc20435a609bba50e6a47ce96dd700f61bfd8576d0420513b0275535a30f2ce
Bold CMS 3.6.4 Cross Site Scripting
Posted Mar 4, 2019
Authored by Ismail Tasdelen

Bold CMS version 3.6.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9553
SHA-256 | 5c2aba3b458d11d6b77c9b09a4425127749345f1d9840b88adacd6875e918c9d
Slackware Security Advisory - infozip Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384
SHA-256 | 2d88d00368cf8928d96abd2e9bbc2443f1a829890ef6abcd2773ac66b75c08a3
Ability Mail Server 4.2.6 Cross Site Scripting
Posted Mar 4, 2019
Authored by Aloyce J. Makalanga

Ability Mail Server version 4.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9557
SHA-256 | f9c904b78b4d15cef7354ad84ac7bc47c31b5f6708653e1dc569dc47b5af1619
Mailtraq WebMail 2.17.7.3550 Cross Site Scripting
Posted Mar 4, 2019
Authored by Aloyce J. Makalanga

Mailtraq WebMail version 2.17.7.3550 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9558
SHA-256 | 7eca4c1e4156efd59362e3ba61cb23597e46a840f3b4dc51f9f5b4a4e8a2074a
Microsoft Edge Chakra 1.11.4 Type Confusion
Posted Mar 4, 2019
Authored by Fahad Aid Alharbi

Microsoft Edge Chakra version 1.11.4 read permission via type confusion proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2019-0539
SHA-256 | 02a1f7246d6620617cee5dc2e6410aa80ea33cb275e22c442aacfbefb52a15df
zzzphp CMS 1.6.1 Cross Site Request Forgery
Posted Mar 4, 2019
Authored by Yang Chenglong

zzzphp CMS version 1.6.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-9082
SHA-256 | 3305948ea10cafcf561b9aa0131e5da0eae0c8bcbf0b6ebc91a1f629473723df
Linux/x64 Kill All Processes Shellcode
Posted Mar 4, 2019
Authored by Aron Mihaljevic

11 bytes small Linux/x64 kill all processes shellcode.

tags | shellcode
systems | linux
SHA-256 | 9801cf888534ad049b4f7341c8810313e2b0ffe4d3026f884c118f998e8b6ac5
Linux/x86 iptables -F Shellcode
Posted Mar 4, 2019
Authored by Cameron Brown

43 bytes small Linux/x86 iptables -F shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | b63cdfacaa4dd93070543eb2e434fbf0b294c583eff6d71274b9031a60785919
WordPress WP-DreamworkGallery 2.3 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

WordPress WP-DreamworkGallery plugin version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | 702542ea248bdfdf8746edbc895778da470f12bd22948c921a43ce9350eb8991
1C-Bitrix Site Management Russia 2.0 Open Redirection
Posted Mar 4, 2019
Authored by KingSkrupellos

1C-Bitrix Site Management Russia version 2.0 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 9147971f99ded2a1f37756ba04f96db5e045125551146831550340a83889a000
Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

Joomla ModPPCSimpleSpotLight module versions 1.2 and 3.0 suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | a120d6b423105cbf282127dc944de3e33bc3b7152aad89ca9ac2ae04e5837071
NOT Encoder / Decoder Shellcode
Posted Mar 4, 2019
Authored by Daniele Votta

44 bytes small Linux/x86 execve() /bin/sh NOT encoder and decoder shellcode. This technique is useful for bypassing some AV systems.

tags | x86, shellcode
systems | linux
SHA-256 | 6654db7674b9291540e7929faf928cae28e1c8115d25095d7d7e17e3f869355d
Kache Cross Protocol Request Forgery
Posted Mar 4, 2019
Authored by Codex Lynx

Kache as of commit de2c39491625c3f087027be961a17191e85f6d30 suffers from a cross protocol request forgery vulnerability.

tags | exploit, protocol
SHA-256 | 3b8862a7564c2beedeae089e3379b55e9c9fa5c9b66d806b768207a65c8bba9c
Xoops 1.0.2 PD-Links 1.0 Database Disclosure
Posted Mar 4, 2019
Authored by KingSkrupellos

Xoops version 1.0.2 with PD-Links module version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | fed6ff77fb8338762962a2eca25e64473f7fc496f42211753d7a1f3866118d10
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close