what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2019-04-24

Chrome NewFixedDoubleArray Integer Overflow
Posted Apr 24, 2019
Authored by Google Security Research, Glazvunov

Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray.

tags | exploit, overflow
MD5 | b26427448c9bb392f1787ea07e216e0a
Red Hat Security Advisory 2019-0877-01
Posted Apr 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1000180, CVE-2018-1067, CVE-2018-10862, CVE-2018-10894, CVE-2018-10912, CVE-2018-1114, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362
MD5 | 2146a915fad9f5dc826a08a4e01ddd87
Ubuntu Security Notice USN-3954-1
Posted Apr 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3954-1 - It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-11234
MD5 | 1c16841f6c4856bff5463dcb3f305899
Linux/x86 Rabbit Shellcode Crypter
Posted Apr 24, 2019
Authored by Petr Javorik

200 bytes small Linux/x86 rabbit shellcode crypter.

tags | x86, shellcode
systems | linux
MD5 | 35dcc4387006d2416fa6774debd2a9a3
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
Posted Apr 24, 2019
Authored by Imran Dawoodjee, Nadav Grossman | Site metasploit.com

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.

tags | exploit, shell
advisories | CVE-2018-20250
MD5 | e92db51f5e14f0fddb4670c8372f4da6
VirtualBox COM RPC Interface Code Injection / Privilege Escalation
Posted Apr 24, 2019
Authored by James Forshaw, Google Security Research

The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-10204
MD5 | d89a703071dfda548e916560bbdf3ffe
Confluence Server / Data Center Path Traversal
Posted Apr 24, 2019
Authored by Atlassian

Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.

tags | advisory, file inclusion
advisories | CVE-2019-3398
MD5 | ecb6b12f605a3e2392294e768ae4f8be
Ubuntu Security Notice USN-3936-2
Posted Apr 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9210
MD5 | e81b6adc98d79569f699eba1d080e44a
Red Hat Security Advisory 2019-0868-01
Posted Apr 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0868-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-3868
MD5 | b7ddd3fef1fdce7763035c437d673524
Sony Smart TV Information Disclosure / File Read
Posted Apr 24, 2019
Authored by xen1thLabs

Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
advisories | CVE-2019-10886, CVE-2019-11336
MD5 | 3b42bd8fb1eb2d499baf7ea58fa34007
TestSSL 2.9.5-8
Posted Apr 24, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains bug fixes.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 893aaf6c6d1d30693ff9388a2331f394
Page 1 of 1

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By