exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2019-04-16

Ubuntu Security Notice USN-3949-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3949-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2019-2422
MD5 | 36bcdd8c843fd3dd9cec430a2882c958
Ubuntu Security Notice USN-3948-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-11070, CVE-2019-8518, CVE-2019-8536, CVE-2019-8559
MD5 | afdf0e0cecca2a8868662e6759e344de
Red Hat Security Advisory 2019-0766-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3877, CVE-2019-3878
MD5 | d6979d608903f62f31aa42621e0f5b8e
Microsoft Windows LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver has a race condition in the LuafvPostReadWrite callback if delay virtualization has occurred during a read leading to the SECTION_OBJECT_POINTERS value being reset to the underlying file resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0836
MD5 | 6d02ec8a84f62a9cf2ee150b26a8f78a
Microsoft Windows LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver can confuse the cache and memory manager to replace the contents of privileged file leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0805
MD5 | 77b361493b8c0d502d033818bd814a0b
Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0732
MD5 | c842665e8c982e999825c50d9c78df7a
Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0796
MD5 | dd49da95f51474f4c5e19bc2d1015952
Microsoft Windows LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver doesn't take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0731
MD5 | a1fec4a7c7f902a8a18eb1e16515b938
Microsoft Windows LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver reuses the file's create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0730
MD5 | 3cb71794adeb390f66e06400fdb22445
Microsoft Windows CSRSS SxSSrv Cached Manifest Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a system binary leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0735
MD5 | 9f3bf345b40d34f07347582eafa1a2c3
MailCarrier 2.51 RETR Buffer Overflow
Posted Apr 16, 2019
Authored by Dino Covotsos

MailCarrier version 2.51 POP3 RETR command remote SEH buffer overflow exploit.

tags | exploit, remote, overflow
advisories | CVE-2019-11395
MD5 | 62118c345ddaf1021e9fd1488325157b
Red Hat Security Advisory 2019-0765-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0765-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-9636
MD5 | b7c1bdbae76614e3f3c554b26b0ff106
Gentoo Linux Security Advisory 201904-15
Posted Apr 16, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-15 - A vulnerability in libTIFF could lead to a Denial of Service condition. Versions less than 4.0.10 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2018-18557
MD5 | 1d39d697b1cd7298f90c10f0e8627b48
Ubuntu Security Notice USN-3947-2
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3947-2 - USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-11068
MD5 | 311bf8d0d91554b73cb47b96d7dcee56
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
Posted Apr 16, 2019
Authored by Haboob Team

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-10945
MD5 | 8cd07fef6144f3579e25aa9810aebe07
Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation
Posted Apr 16, 2019
Authored by Digital Interruption

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-19374
MD5 | a5987088213495081a0fe45610b5f782
Zyxel ZyWall Cross Site Scripting
Posted Apr 16, 2019
Authored by Aaron Bishop

ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9955
MD5 | 6a488936efef77d973078a35e0209519
PCHelpWare 2 1.0.0.5 Group Denial Of Service
Posted Apr 16, 2019
Authored by Alejandra Sanchez

PCHelpWare 2 version 1.0.0.5 Group denial of service exploit.

tags | exploit, denial of service
MD5 | 6505ba9bb5a677f32c8ad98d1bab48d8
AdminExpress 1.2.5 Denial Of Service
Posted Apr 16, 2019
Authored by Mucahit Ismail Aktas

AdminExpress version 1.2.5 suffers from a Folder Path denial of service vulnerability.

tags | exploit, denial of service
MD5 | 61dccebfeb1d59a33ab2d2e064816db4
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close