what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2019-03-27

CMS Made Simple (CMSMS) Showtime2 File Upload Remote Command Execution
Posted Mar 27, 2019
Authored by Daniele Scanu, Fabio Cogno | Site metasploit.com

This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.

tags | exploit, remote, php, file upload
advisories | CVE-2019-9692
SHA-256 | 1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965a
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Mar 27, 2019
Authored by Steve Breen, Aaron Soto, Andres Rodriguez | Site metasploit.com

This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2015-4852
SHA-256 | e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6
SpiderMonkey IonMonkey Type Confusion
Posted Mar 27, 2019
Authored by saelo, Google Security Research

A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement (OSR) allows the compilation of JITed functions that cause type confusions between arbitrary objects.

tags | exploit, arbitrary
advisories | CVE-2019-9791
SHA-256 | 69137aa1448d0433945fde8e7e4340601a30cc89d0f1611dc9c4960de77a3759
GnuTLS verify_crt() Use-After-Free
Posted Mar 27, 2019
Authored by Tavis Ormandy, Google Security Research

This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.

tags | exploit
SHA-256 | 533f01efe3a32a400eae85ee0cf901c9f9719f4ada7f40836cc2938e024c4866
Clam AntiVirus Toolkit 0.101.2
Posted Mar 27, 2019
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.101.2 is a patch release to address a handful of security related bugs.
tags | tool, virus
systems | unix
advisories | CVE-2019-1785, CVE-2019-1786, CVE-2019-1787, CVE-2019-1788, CVE-2019-1789, CVE-2019-1798
SHA-256 | 0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634
Fat Free CRM 0.19.0 HTML Injection
Posted Mar 27, 2019
Authored by Ismail Tasdelen

Fat Free CRM version 0.19.0 suffers from an html injection vulnerability.

tags | exploit
advisories | CVE-2019-10226
SHA-256 | df06e72549fffc50f5424d1db04c2b934ef5ad16747d4a3c950bb915e38af30f
Cisco RV320 Command Injection
Posted Mar 27, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1652
SHA-256 | fa1fddffe139a0d576a787664aa6b3b1d1207ed373110904ad3b88fa8d1e4370
Cisco RV320 Unauthenticated Diagnostic Data Retrieval
Posted Mar 27, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
SHA-256 | 2b7e66ad19b6068e6af38b37416a2c3c4c1dbb9a1a959f50323d828c81b0520e
Cisco RV320 Unauthenticated Configuration Export
Posted Mar 27, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
SHA-256 | aa2ffadd37f8b53f7521b5331aff0f56f21b08999e7e3839a9709f9b42d32d19
Ubuntu Security Notice USN-3923-1
Posted Mar 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3923-1 - Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2018-16867, CVE-2018-16872, CVE-2018-19489, CVE-2018-20124, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216, CVE-2019-3812, CVE-2019-6778
SHA-256 | bd50cf4e3724dde4eca89acd01b984093f41b59050ef6cddd19b55a916c3b163
Red Hat Security Advisory 2019-0672-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0672-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-9810, CVE-2019-9813
SHA-256 | a66e07d0056a772de65564f6604eb67706b5f09c2226b7789a271c9c481ea630
Red Hat Security Advisory 2019-0671-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0671-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-9810, CVE-2019-9813
SHA-256 | 5384e9fcb533149326a741c9c1a106aee3dd186a89e17054dc29950e438e6d53
Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload
Posted Mar 27, 2019
Authored by KingSkrupellos

Joomla ARI Image Slider component version 2.2.0 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | d51451d6dc114e1ed2871c58739b811223f60d0185fd6c98d0b0d5bd3b628d0d
Razer Laptop CVE-2018-4251 Repeat
Posted Mar 27, 2019
Authored by Bailey Fox

Razer laptops ship with SPI flash set to full read/write and the Intel CPU is left in ME Manufacturing Mode.

tags | advisory
SHA-256 | 7d678619ab5a9fdf0463c198c9e4b917336b325215c49776175af01fad3b75d0
Jettweb Hazir Rent A Car Scripti 4 SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

Jettweb Hazir Rent A Car Scripti version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | adc7b5fa2b9c4760ac4c93a250486dd1bd25e9c5a72bd91235f2818e66c9f4b2
Firefox Array.prototype.slice Buffer Overflow
Posted Mar 27, 2019
Authored by Xuechiyaobai

Firefox versions prior to 66.0.1 suffer from an Array.prototype.slice buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-9810
SHA-256 | 851f7c03bad5c91e3b04bd52dc421d3831d299b9eb32ac1821c4fb8780f1404e
XooDigital SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

XooDigital suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 64062bede02f5a9cf8b1d9312ef26ef1a3ddcde17f7df1d21b6ae4b239ab36de
XooGallery SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

XooGallery suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | a0f2806fd8b2ff66dc6b0fc8e2eafb471291f0a842fa1aa2028272af8679ceaf
Rukovoditel ERP And CRM 2.4.1 Cross Site Scripting
Posted Mar 27, 2019
Authored by Javier Olmedo

Rukovoditel ERP and CRM version 2.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-7400
SHA-256 | 12f62dc9fcfbd0ced37ff58e790b178d0c1a515acb1d918c4ae0168f2cc9a699
Jettweb Php Hazir ilan Sitesi Scripti 2 SQL Injection
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

Jettweb Php Hazir ilan Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 9095c78790c060129f55e6d705ff1c7525761f246f0f58ee5150a8448fa926ff
SJS Simple Job Script SQL Injection / Cross Site Scripting
Posted Mar 27, 2019
Authored by Ahmet Umit Bayram

SJS Simple Job Script suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a81502b4b25ab5fa593f97d8d3881ed98e9cc4a421140caaedf7ee41eb599c3e
WordPress WP-Forum 1.7.8 Database Disclosure
Posted Mar 27, 2019
Authored by KingSkrupellos

WordPress WP-Forum plugin version 1.7.8 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 85ccea7cd4179794c832f4544bfc8ab29e98107c224207638a672ff1ed604f78
Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation
Posted Mar 27, 2019
Authored by ze0r

Microsoft Windows Win32k local privilege escalation proof of concept exploit.

tags | exploit, local, proof of concept
systems | windows
advisories | CVE-2019-0808
SHA-256 | 6774a9c3a588e5f20f4f14249b0356b8a13d70a8848eed507eb39dba135af5d3
WordPress AND-AntiBounce 1.0.3 Open Redirection
Posted Mar 27, 2019
Authored by KingSkrupellos

WordPress AND-AntiBounce plugin version 1.0.3 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 67a2fa1deeacf0192b0e55d8b263b84d8a4a0f4dbef2c422272651b76f200c25
EMC Networker Remote Code Execution
Posted Mar 27, 2019
Site emc.com

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. Affected includes EMC NetWorker versions 8.2.x, versions 9.0.x, versions prior to 9.1.1.5, and versions prior to 9.2.1.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2017-8023
SHA-256 | 66870bbfcda2e853c60f884ceb3c02b01afe04b67bf39ddb8d2eae51ae0edfb0
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    12 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close