exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2019-05-21

XNU Stale Pointer Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.

tags | exploit
advisories | CVE-2019-8605
SHA-256 | bef8d392354ac6f32aad2cc335619acb48b545689c0c72e1a05e0b745d672e69
Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, natashenka

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

tags | exploit, imap
systems | apple, iphone
advisories | CVE-2019-8613
SHA-256 | 9c8b27fd5dc694419a2e1fe2acaec09a3a3748cecd6c755d74306abf2fa147f4
JSC DFG Incorrect Decision On Behavior
Posted May 21, 2019
Authored by saelo, Google Security Research

JSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.

tags | advisory
advisories | CVE-2019-8622
SHA-256 | 14a279bae66e49056c0e4b2a9091c3240e0fe8851027046cca926102cea4471b
Revive Adserver Weak PRNG Cryptography
Posted May 21, 2019
Authored by Matteo Beccati

Revive Adserver versions prior to 4.2.1 make use of a cryptographically weak pseudo-random number generator.

tags | advisory
SHA-256 | feabf4f5898a355332369c41662b3e060d381adec2eedf985f89fc2676ad6cbd
Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery
Posted May 21, 2019
Authored by Gerwout Van der Veen

Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration.

tags | exploit, vulnerability, csrf
advisories | CVE-2019-9596, CVE-2019-9597
SHA-256 | 9244da60cca6bb20e28c6e48071ebae23a77caa73e171e154cefdeb20273d3b2
WebKitGTK+ / WPE WebKit Code Execution
Posted May 21, 2019
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623
SHA-256 | fc77f6adb81f44a3ceb47bcf986c7857a13278c42b77786d3bf874042831015c
Ubuntu Security Notice USN-3991-1
Posted May 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, xss
systems | linux, ubuntu
advisories | CVE-2019-11691, CVE-2019-11695, CVE-2019-11696, CVE-2019-11697, CVE-2019-11698, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9816, CVE-2019-9820, CVE-2019-9821
SHA-256 | 28909dfaec423e05f4608eb048743996392be70b8be76c266a132e15a974d78b
Red Hat Security Advisory 2019-1258-01
Posted May 21, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1258-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-15365, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2759, CVE-2018-2761, CVE-2018-2766, CVE-2018-2771, CVE-2018-2777, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819, CVE-2018-3058, CVE-2018-3060, CVE-2018-3063, CVE-2018-3064
SHA-256 | d734ef64d7114739cff19f38271902146dcd30ed2009404fec5ebeeed3280b4c
Ubuntu Security Notice USN-3989-1
Posted May 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3989-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-20337, CVE-2018-5817
SHA-256 | f48db585c7142fafe34c9d53c8235891a172ee735429b190c47490cd53eb7fbc
Ubuntu Security Notice USN-3990-1
Posted May 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | e9666cdd7eef3aca2bd5ffd29ff63c88a8467a370952dab56c248b7ca926192c
XNU stf_ioctl Bad Cast
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.

tags | exploit
advisories | CVE-2019-8591
SHA-256 | 470329e1920caa904f96f74e15916983bba7d0ee716d7e801ef03849690a1b83
Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Posted May 21, 2019
Authored by James Forshaw, Google Security Research

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2019-0881
SHA-256 | 36e4c1600341712dd48481dde14154b5ae9680dbb41cdfae332f3ee20e766b99
JavaScriptCore LICM Uninitialized Stack Variable
Posted May 21, 2019
Authored by saelo, Google Security Research

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.

tags | exploit
advisories | CVE-2019-8623
SHA-256 | 27425be0903bc29c98b9ac1f8d97a7534299a0640fd9a7853018e50fa5fb5df7
JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register
Posted May 21, 2019
Authored by saelo, Google Security Research

JavaScriptCore AIR optimization incorrectly removes assignment to register.

tags | advisory
advisories | CVE-2019-8611
SHA-256 | a8dd00ac9f2bcbdc2b915ee79af5769a43a82c3045a988444400a182ce34eb0c
PHP PHP_INI_SYSTEM Ineffective Controls
Posted May 21, 2019
Authored by Imre Rad

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.

tags | exploit, php, proof of concept
systems | linux
SHA-256 | a746a7f8973556b23ebea90b00627034fee20f44dce632fd39f31dcfa7483ceb
TP-LINK TL-WR840N Cross Site Scripting
Posted May 21, 2019
Authored by purnendu ghosh

TP-LINK TL-WR840N version 5 00000005 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12195
SHA-256 | a11b501e0ca68dec43b81d1cbd9152aec8a3c7436b00004f6fe250babf55e01d
Slims CMS Akasia 8.3.1 SQL Injection
Posted May 21, 2019
Authored by KingSkrupellos

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 4214105bec24dd8de4da917230c4a1eb81bb27639dfc0b3c239fc9801fd2cf9d
Oracle CTI Web Service XML Injection
Posted May 21, 2019
Authored by omurugur

Oracle CTI Web Service suffers from an EBS_ASSET_HISTORY_OPERATIONS XML external entity injection vulnerability.

tags | exploit, web
SHA-256 | cda98533fdac9fe852556086612072f1c122e32dea247ebc2f590443ae0555c1
Deluge 1.3.15 Webseeds / URL Denial Of Service
Posted May 21, 2019
Authored by Victor Mondragon

Deluge version 1.3.15 Webseeds and URL proof of concept denial of service exploits.

tags | exploit, denial of service, proof of concept
SHA-256 | b5af7f8f26e18961391bc3b4880efbdc7eb0942385c5db2600b78c2a2264d529
Moodle Jmol Filter 6.1 Cross Site Scripting / Directory Traversal
Posted May 21, 2019
Authored by Dionach Ltd

Moodle Jmol Filter version 6.1 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 61f9bd2a7db5f843341800c1aa432ed81b532f7d01f6079f603fc9eba4fca0bc
WordPress WPGraphQL 0.2.3 Authentication Bypass / Information Disclosure
Posted May 21, 2019
Authored by Simone Quatrini | Site pentestpartners.com

WordPress WPGraphQL plugin version 0.2.3 suffers from authentication bypass and information disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2019-9879, CVE-2019-9880, CVE-2019-9881
SHA-256 | 2b49e0c2c98c7c506e6cabed55704b5bd7076662885a13895160d71dc5717cf7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close