exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-03-06

Ubuntu Security Notice USN-3903-2
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-2 - USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 5e5d9cbb5878ed83496a64b72a97df4f
ClearOS 7 Community Edition Cross Site Scripting
Posted Mar 6, 2019
Authored by Ozer Goker

ClearOS 7 Community Edition suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 32b6322d24448d2348621b162c00e749
Red Hat Security Advisory 2019-0469-01
Posted Mar 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0469-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Issues addressed include a buffer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2018-11212, CVE-2018-12547, CVE-2018-12549, CVE-2019-2422, CVE-2019-2449
MD5 | 8a1a523f8b6db02dc440e7b152023cdb
Ubuntu Security Notice USN-3903-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 1bae64cc96939b5670016270682ddee8
Ubuntu Security Notice USN-3902-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-1 - It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024
MD5 | 9715d43e4e828f788c824aa665b39b95
Imperva SecureSphere 13.x PWS Command Injection
Posted Mar 6, 2019
Authored by rsp3ar | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode. This module was successfully tested on Imperva SecureSphere 13.0/13.1/13.2 in pre-ftl mode and unsealed gateway mode.

tags | exploit, cgi, python
MD5 | e604d6ec0f3e74e3aaaaa80c5c18a797
Drupal RESTful Web Services unserialize() Remote Code Execution
Posted Mar 6, 2019
Authored by wvu, Charles FOL, Jasper Mattsson, Rotem Reiss | Site metasploit.com

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

tags | exploit, web, php
advisories | CVE-2019-6340
MD5 | 5c6af19bb75128b9a4e43d8fb069214c
Linux Virtual Address 0 Mappable Via Privilege write()
Posted Mar 6, 2019
Authored by Jann Horn, Google Security Research

It was discovered that virtual address 0 is mappable via privileged write() to /proc/*/mem on Linux.

tags | exploit
systems | linux
advisories | CVE-2019-9213
MD5 | e66eec069282b7aa4ec9437eb8308ef8
Android getpidcon() ACL Bypass
Posted Mar 6, 2019
Authored by Jann Horn, Google Security Research

getpidcon() usage in hardware binder servicemanager on Android permits ACL bypass.

tags | exploit
advisories | CVE-2019-2023
MD5 | 4a5995063ac40d52861f758041827b02
Android Binder Use-After-Free
Posted Mar 6, 2019
Authored by Jann Horn, Google Security Research

Android suffer from a binder use-after-free via a racy initialization of ->allow_user_free.

tags | exploit
advisories | CVE-2019-2025
MD5 | 05c41c04dbf0a020804a8db2fdf4eca1
Debian Security Advisory 4402-1
Posted Mar 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4402-1 - It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2018-20743
MD5 | f1fce2881c6f151f5471305cc4dae616
Ubuntu Security Notice USN-3901-2
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3901-2 - USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
MD5 | b16c27e4df4131e0ce265e946b97e632
Ubuntu Security Notice USN-3901-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
MD5 | 6ab9958194be37f509bff70f83a95612
Red Hat Security Advisory 2019-0464-01
Posted Mar 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0464-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2422
MD5 | d399b26fd685eecc4868f1621fc11085
Red Hat Security Advisory 2019-0462-01
Posted Mar 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0462-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a memory disclosure vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2422
MD5 | fec83b0c536ad7f7f172f0fed24545d5
RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow
Posted Mar 6, 2019
Authored by Matteo Malvica, Hodorsec, Alejandra Sanchez

RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability. Modifications to the original proof of concept include the fact that it uses a larger payload size for shellcode due to different jump offsets and filters the bad character 0x3a as this is the character for port which causes an error ":".

tags | exploit, overflow, shellcode, proof of concept
MD5 | 9b31bdb38b680b223198f700a17dcfa6
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close