what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2019-06-24

Ubuntu Security Notice USN-4032-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11708
MD5 | dcdd0e68dacab36b081a3c54ada9f523
Ubuntu Security Notice USN-4031-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-12817
MD5 | 05d74247facac291d092a3fd048fdbf3
Apple Security Advisory 2019-6-20-1
Posted Jun 24, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | apple
advisories | CVE-2019-7291, CVE-2019-8572, CVE-2019-8573, CVE-2019-8575, CVE-2019-8578, CVE-2019-8580, CVE-2019-8581, CVE-2019-8588
MD5 | ed9dd8b63cfca9c037f0be029d4b4dd6
Ubuntu Security Notice USN-4030-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10321, CVE-2016-3952, CVE-2016-3957
MD5 | 4eedb47eef3f8b40cb5539144e8f6b26
Lynis Auditing Tool 2.7.5
Posted Jun 24, 2019
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added Danish translation, Slackware end-of-life information, detection for BSD-style (rc.d) init in Linux systems, and detection of Bro and Suricata (IDS). Various other changes as well.
tags | tool, scanner
systems | unix
MD5 | fb527b6976e70a6bcd57036c9cddc242
Flawfinder 2.0.10
Posted Jun 24, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Uses binary mode when reading a diffhitlist.
tags | tool
systems | unix
MD5 | 2ccf5667a49ebd044bb81ae02729e5b6
Microsoft Windows Font Cache Service Insecure Sections
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0755
MD5 | 44c606ddd4aece1d53887c9140628a82
Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0755
MD5 | d2b73dca2b8642efcc867ea985e64304
ABB IDAL HTTP Server Uncontrolled Format String
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.

tags | exploit, web
advisories | CVE-2019-7228
MD5 | c1e2be691a3acf789ade041e7211593f
ABB IDAL HTTP Server Stack-Based Buffer Overflow
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.

tags | exploit, web, overflow
advisories | CVE-2019-7232
MD5 | c4d1eb7e747d309f6eb5cd228fd543c9
Debian Security Advisory 4467-2
Posted Jun 24, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4467-2 - The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue.

tags | advisory
systems | linux, debian
advisories | CVE-2019-12735
MD5 | 41025ce3aa7aa964e514dc517ea80991
FortiCam FCM-MB40 Code Execution / Privilege Escalation
Posted Jun 24, 2019
Authored by XORcat

Fortinet's FortiCam FCM-MB40 product suffers from root code execution, privilege escalation, hardcoded key, and various other vulnerabilities.

tags | exploit, root, vulnerability, code execution
MD5 | 3d5f06f3d68b8366e90aac18928e309b
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11707
MD5 | a78fbead12d5ee9863b7176a88824977
Slackware Security Advisory - mozilla-firefox Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11708
MD5 | 40b3d5979d262e22f7c570a0e5f5cc98
SeedDMS out.GroupMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12801
MD5 | efab9c0a2c9907f8dd00137f56bab316
SeedDMS Remote Command Execution
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2019-12744
MD5 | c2c699fa93396fba26fcb5608d8cb867
SeedDMS out.UsrMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12745
MD5 | c5f95efb508f1b497856340ab872055a
dotProject 2.1.9 SQL Injection
Posted Jun 24, 2019
Authored by Metin Yunus Kandemir

dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2019-11354
MD5 | 5a2091b567087cd399ac27529bcb8e97
GrandNode 4.40 Path Traversal / File Download
Posted Jun 24, 2019
Authored by Corey Robinson

GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-12276
MD5 | 6d0d535f84fca415f6d7ac427f470f56
GSearch 1.0.1.0 Denial Of Service
Posted Jun 24, 2019
Authored by 0xB9

GSearch version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 96d0e6a437388ab5a7b4c4c227b0f292
AZADMIN CMS Of HIDEA 1.0 SQL Injection
Posted Jun 24, 2019
Authored by Felipe Andrian Peixoto

AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6f69a1be162649ddd72862f5fe462234
Linux/x86_64 Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Posted Jun 24, 2019
Authored by Aron Mihaljevic

70 bytes small Linux/x86_64 reverse TCP shell over port 4444 shellcode.

tags | shell, tcp, shellcode
systems | linux
MD5 | 388a22da31d7fb65dd8e031d29b69442
Quarking Password Manager 3.1.84 Clickjacking
Posted Jun 24, 2019
Authored by Gionathan Reale

Quarking Password Manager version 3.1.84 suffers from a clickjacking vulnerability.

tags | advisory
advisories | CVE-2019-12880
MD5 | 35a56d9d75fdaa2e65647e945e7a1658
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close