Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
491a7ed475f73b7cb958fd34d9c11a860a0158979d89768b93c42308a5c44892This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.
bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
39c2544e771695c57667b95cc34d51ec3cbf6ec1288fc8ea1981234f05246b65FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.
f9d0f06954df7127c1f7da2c6973086ec5ed205332e214311fa7ec075f8918d2Manage Engine ServiceDesk Plus version 9.3 suffers from a privilege escalation vulnerability.
87787f1fb2a7439a9948e5731a3c9ebc899dcd1c11621afaedcab653880b4eb7AIDA64 Extreme version 5.99.5900 logging SEH buffer overflow exploit.
33bc00d3a310700b1a4cda4084c05d980e79a74d09218d74cc5a0b509bb40abfWordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.
1c7a3b27afbbedd8d750455aa126e9363090a0ccf6ca80bf062df80fbc2c60f1Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities.
9c581dc92641e4428dbdc52160abc9e17d59118fbbf7c51f88f013367312c44bUbuntu Security Notice 3936-1 - It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.
51ecf0037b21fb41d85c22d8b5ee3799c061e4d5cd9ab4d764ebeb54d48207b2Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
c17a43ba53d0845a663b1213936884d7465b45def0d79156050131ef37d78a6dGentoo Linux Security Advisory 201904-9 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.10.3-r2 are affected.
20d19efdbab2418f08c453b6a6915acf70d4e56601ffb6928ffadad10d6dab92Debian Linux Security Advisory 4423-1 - Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.
1e45ae1dc23caffe87602e1bbed82996f2591e5fb6ede15f65f06bb64b3a52adMagic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.
2880b8593afdcef3dec022df92a56b326a8b141d28605ea46320f2026a225e0fChrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.
ed2806699f2887002b690cf52cf4d2bf2e737c931f2b6c9116bddc399099bed4Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bdAIDA64 Engineer version 5.99.4900 Load from file field SEH buffer overflow exploit.
d2886dbe120be9c41a01a90ae64f8844b646245816ebbe6afd377dea5cd5ec1a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed