exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-03-25

ABUS Secvest Remote Control Denial Of Service
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote
advisories | CVE-2019-9860
SHA-256 | 1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806a
ABUS Secvest Remote Control Eavesdropping Issue
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote, protocol
advisories | CVE-2019-9862
SHA-256 | 4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41
Ubuntu Security Notice USN-3919-1
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2019-9810
SHA-256 | ecb14fcd081b173399f246fce8890179bcb0a41de018aa2cecf0b53f8006c215
Ubuntu Security Notice USN-3918-2
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-2 - USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9788, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9797, CVE-2019-9799, CVE-2019-9803, CVE-2019-9805, CVE-2019-9808, CVE-2019-9809
SHA-256 | baa25a5f9ae8648296e1f99c1966e7547781f61b5bdbdab8d20e439a175726f1
VMware Host VMX Process COM Class Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2019-5512
SHA-256 | 032bc0791aa032c4cf3fd94b8d7db2846f5bc0d3465f7a023e94a81286eb18ff
VMware Host VMX Process Impersonation Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2.

tags | exploit
systems | windows
advisories | CVE-2018-5511
SHA-256 | 770beade272f39c1d6868fdb30316cb00f9c1a560eb4acdbffe3b9df7efe3b3b
ABUS Secvest 3.01.01 Insecure Algorithm
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.

tags | advisory, remote, protocol
advisories | CVE-2019-9863
SHA-256 | 92648a845f9e728c6b9724e16f7b0148e4f4b7d7c8d97744a46937db2cabc861
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
advisories | CVE-2019-3395, CVE-2019-3396
SHA-256 | 6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74
Debian Security Advisory 4416-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4416-1 - It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-5716, CVE-2019-5717, CVE-2019-5718, CVE-2019-5719, CVE-2019-9208, CVE-2019-9209, CVE-2019-9214
SHA-256 | 4923164315ffe830992b78c8a35bfbda2fe22b2efad866ef9a249b31f9b8e128
Debian Security Advisory 4417-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2019-9810, CVE-2019-9813
SHA-256 | 5e827118d4314ce38b8836b0d62ca89321473ccc11177fb9d6e74b7283c8566a
Debian Security Advisory 4415-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

tags | advisory, web, arbitrary, local
systems | linux, debian
advisories | CVE-2017-16355
SHA-256 | 9f057adda00e1dddddac99f3a6b2a364e00a4afe17f66947a1eafacbfce8d8c0
Debian Security Advisory 4414-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6
Slackware Security Advisory - mozilla-firefox Updates
Posted Mar 25, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-9813
SHA-256 | 66af6d11ff1524600d3da7dd5b27b137b12a933dc70ed079ecfcc9f2d8333f71
Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 1dfdeff119f98894c17accc58259ed5c0d8c02c12603a27539fe482966363424
Jettweb PHP Hazir Haber Sitesi Scripti 2 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | d4ae00cf975e0bb60af51931f734a9a39e31fd1da9db18fefe3d40526da060da
WordPress Plugins Open Redirection 2019/03/25
Posted Mar 25, 2019
Authored by KingSkrupellos

Five WordPress plugins suffer from open redirection vulnerabilities. Affected includes The-CL-Amazon-Thingy plugin version 1.0, Google Document Embedder version 2.5.8, VJ-Slider version 1.0, WPUSW plugin version 1.0, and Angsumans Translator Gold version 2.3.

tags | exploit, vulnerability
SHA-256 | 36f1dd7eb09f0f5c42db2cb00886c36e29532e70f4ddb3ea55f9160ea164bca4
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close