what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-03-22

TCPDF 6.2.19 Deserialization / Remote Code Execution
Posted Mar 22, 2019
Authored by polict | Site polict.net

TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2018-17057
MD5 | 3a4148cacb34c39b20a5f45f238606d4
Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 22, 2019
Authored by Ozer Goker

Apache CouchDB version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, csrf
MD5 | c43549d46baa5f2c1232261a06a4ddc5
Ubuntu Security Notice USN-3916-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3916-1 - It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20532
MD5 | 70fe4f30d8440aca23ca45dae788f1c5
DNS Spider Multithreaded Bruteforcer 1.1
Posted Mar 22, 2019
Authored by noptrix | Site noptrix.net

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Added wildcard check. Updated built-in wordlist (23k).
tags | tool, scanner
systems | unix
MD5 | ea9b4999b30bd376df3c9841d4a62b0c
Debian Security Advisory 4413-1
Posted Mar 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4413-1 - A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.

tags | advisory, overflow, local, root
systems | linux, debian
advisories | CVE-2019-9755
MD5 | 87d1656a3dc5ceefc787a3b290b7ab3c
WordPress Themes Open Redirection 2019/03/22
Posted Mar 22, 2019
Authored by KingSkrupellos

Many WordPress themes and a plugin suffer from open redirection vulnerabilities. Age-Verification plugins version 0.5 is affected. Themes affected include Ev version 1.x, Nine-Day version 1.6, Aibbt version 1.0, itiis version 1.x, ifxPro.Cn version 5.0, 2kqq version 5.2, Azzxx version 1.2.1, BigChrome version 5.2, clsn-003 version 1.0, Concise version 2.8, TaozHuji version 5.2, UsaMusic-PC version 1.0, Wngzs version 1.0, 2018110612035976 version 1.7.3, Begin4.6 version 4.6, Begin5.2 version 5.2, Begin44 version 4.4, BeginLTS version 6, Zangai version 1.1.0, Deep version 5.4, and Wopus version 1.0.

tags | exploit, vulnerability
MD5 | d39a98e67c5ef3ee4f6894fce3540d99
Matri4Web Matrimony Web Script SQL Injection
Posted Mar 22, 2019
Authored by Ahmet Umit Bayram

Matri4Web Matrimony Web Script suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | 1cca5914a3399ddc14b6e3c496201f80
Inout Article Base CMS SQL Injection
Posted Mar 22, 2019
Authored by Ahmet Umit Bayram

Inout Article Base CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 01cdbfcee896d11e5a6f011d9bbfca64
I2P 0.9.39
Posted Mar 22, 2019
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Performance improvements. Various other updates.
tags | tool
systems | unix
MD5 | ef43d441c829d1b225771c5379d3fcb8
Ubuntu Security Notice USN-3917-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3917-1 - The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-7303
MD5 | 9673787b73f906be9d48ecf914106030
Ubuntu Security Notice USN-3918-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9788, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9808, CVE-2019-9809
MD5 | 7a027189c82bdc87f59c8d573a89c651
Ubuntu Security Notice USN-3913-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3913-1 - It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to arbitrary code execution.

tags | advisory, code execution
systems | linux, ubuntu
advisories | CVE-2016-2335
MD5 | a222fa1199b772b4af03fd82ced01935
Ubuntu Security Notice USN-3915-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3915-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-3835
MD5 | 51af7b4abfe723103eb813857d63f1b1
Ubuntu Security Notice USN-3914-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-9755
MD5 | 0d6118cd73ef057e584a045b065f72bc
Red Hat Security Advisory 2019-0633-01
Posted Mar 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0633-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Multiple vulnerabilities have been addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-3835, CVE-2019-3838
MD5 | d0f663d65f22a212becfbc13b6c307ce
Meeplace Business Review Script SQL Injection
Posted Mar 22, 2019
Authored by Ahmet Umit Bayram

Meeplace Business Review Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8b0c747252e362b6379dab630b86a878
snap seccomp TIOCSTI Blacklist Circumvention
Posted Mar 22, 2019
Authored by Google Security Research

snap uses a seccomp filter with a blacklist for TIOCSTI can be circumvented.

tags | exploit
advisories | CVE-2019-7303
MD5 | d115b8657c274c5957091d315ab7e604
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close