what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-06-14

OpenSCAP Libraries 1.3.1
Posted Jun 14, 2019
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Many new features include support for SCAP 1.3 Source Datastreams. Additionally, there were many maintenance and bug fix additions in this release.
tags | protocol, library
systems | unix
MD5 | b0af252dfb818ac9a8031e35073ccfa8
Dell EMC Avamar ADMe Web UI 1.0.50 / 1.0.51 Local File Inclusion
Posted Jun 14, 2019
Authored by Dell Product Security Incident Response Team, Ken Pyle | Site dellemc.com

Dell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.

tags | advisory, web, arbitrary, local, file inclusion
advisories | CVE-2019-3737
MD5 | b08560c4e11f44a30c641145b375c2f5
Java Card Proof Of Concepts
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.

tags | exploit, java, vulnerability, code execution, proof of concept
MD5 | 2c80166b698e465440e3bf6ffd7c105e
Gemalto Java Card SE-2019-01 Issue 34
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.

tags | advisory, java, vulnerability
MD5 | d9d4dd88017b5a8c8de37bb6f8efe69a
Gemalto Java Card SE-2019-01 Issues 19 And 33
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.

tags | advisory, java, vulnerability
MD5 | 6889db3914a3b0be2c76961d2f95e557
Oracle Java Card SE-2019-01 Issues 26-32
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.

tags | advisory, java, vulnerability
MD5 | a6ad3d9330327f5a7808f847610eba22
Oracle Java Card SE-2019-01 Issues 20-25
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.

tags | advisory, java, vulnerability
MD5 | 4c3b6b313f3d71091e91a41f644cac99
Oracle Java Card SE-2019-01 Issues 1-18
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.

tags | advisory, java, vulnerability
MD5 | fd85979e79e3b9f2c88dca6478a9c0fd
Thunderbird libical Type Confusion
Posted Jun 14, 2019
Authored by Luis Merino

A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.

tags | exploit, remote, proof of concept
advisories | CVE-2019-11706
MD5 | a33d7e36196d4e9a0a3f169c53c92555
Thunderbird libical Stack Buffer Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11705
MD5 | 49abf1b78a3de04f368979532aefb985
Thunderbird libical icalparser.c Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution
advisories | CVE-2019-11703
MD5 | 049bcd6dae9f2051a35acce125313740
Thunderbird libical Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11704
MD5 | 57730181dc38a3336a3cbd8039969dcf
CentOS 7.6 ptrace_scope Privlege Escalation
Posted Jun 14, 2019
Authored by Marcelo Vazquez

CentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit.

tags | exploit, local
systems | linux, centos
MD5 | 3119c59ec26a7612366c8c03e0353aef
Aida64 6.00.5100 SEH Buffer Overflow
Posted Jun 14, 2019
Authored by Nipun Jaswal

Aida64 version 6.00.5100 Log to CSV File local SEH buffer overflow exploit.

tags | exploit, overflow, local
MD5 | b7d09dcd2ab63b14316e0b11aef8cde5
Active Directory Enumeration With PowerShell
Posted Jun 14, 2019
Authored by Haboob Team

Whitepaper called Active Directory Enumeration with PowerShell.

tags | paper
MD5 | 9749bf4f1c728d560b607f1e3a15b07e
Tzumi Electronics Klic Lock Authentication Bypass
Posted Jun 14, 2019
Authored by Kerry Enfinger

Tzumi Electronics Klic Lock version 1.0.9 allows for attackers to access resources via capture-replay.

tags | exploit
advisories | CVE-2019-11334
MD5 | 90a59931dc009b7842e44be11b45bf5e
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close