what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-04-25

systemd DynamicUser SetUID Binary Creation
Posted Apr 25, 2019
Authored by Jann Horn, Google Security Research

This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact.

tags | exploit
advisories | CVE-2019-3844
MD5 | cb138590286ec36c3796f89c3e18cff6
Lavavo CD Ripper 4.20 Buffer Overflow
Posted Apr 25, 2019
Authored by Achilles

Lavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | fe97a19192eb8a87e366a5fcc6874c6c
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Posted Apr 25, 2019
Authored by Ozkan Mustafa Akkus

osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | c6bdf1690086d5f3d63da393f7da49fb
Ubuntu Security Notice USN-3956-1
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3956-1 - It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service, tcp
systems | linux, ubuntu
advisories | CVE-2018-5743
MD5 | 644d4f2cd8e09bd97445ba39cdb2b135
Ubuntu Security Notice USN-3955-1
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3955-1 - It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-14938
MD5 | f0df503125e9dd4694063bfdeeaf11ab
Ubuntu Security Notice USN-3922-3
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
MD5 | 288b02d0ec8e43a0bfc27999ca3920b8
Red Hat Security Advisory 2019-0886-01
Posted Apr 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0886-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6 and 7.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-0223
MD5 | 1cd51586d3efba2dda1a9254fb692963
Gentoo Linux Security Advisory 201904-25
Posted Apr 25, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-25 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.0-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-20815, CVE-2019-9824
MD5 | 3dd30530cf4d126a0a9f86b220f66126
Gentoo Linux Security Advisory 201904-24
Posted Apr 25, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-24 - Multiple vulnerabilities have been found in Ming, the worst of which could result in a Denial of Service condition. Versions less than 0.20181112 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-9988, CVE-2017-9989, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6358, CVE-2018-6359
MD5 | 711b25233031035c04e21dedbd3fc137
JioFi 4G M2S 1.0.2 Denial Of Service
Posted Apr 25, 2019
Authored by Vikas Chaudhary

JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-7439
MD5 | 1b3aeae88a60005a86e64b80164da76e
JioFi 4G M2S 1.0.2 Cross Site Scripting
Posted Apr 25, 2019
Authored by Vikas Chaudhary

JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-7438
MD5 | b1e27e73e94aac9f52d2d8890f21c42e
Backup Key Recovery 2.2.4 Denial Of Service
Posted Apr 25, 2019
Authored by Victor Mondragon

Backup Key Recovery version 2.2.4 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | d30ddca37c336b539d3f52c8d8bd0835
HeidiSQL Portable 10.1.0.5464 Denial Of Service
Posted Apr 25, 2019
Authored by Victor Mondragon

HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | b5ed5fc39c1be5e89d54ffa184e57d29
AnMing MP3 CD Burner 2.0 Denial Of Service
Posted Apr 25, 2019
Authored by Achilles

AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 024d0566053378f92fe0dda13a47472a
TestSSL 3.0rc5
Posted Apr 25, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 will not be supported anymore once 3.0 has been released.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 1058df6866cad62c6de8e7b64fc64fb2
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close