exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2019-06-24

Ubuntu Security Notice USN-4032-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4032-1 - It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11708
SHA-256 | cd8ca7fe3ccaf00cdf3dfc9530b3270fc8e08916ef3075cbfc3c15f9bdf7a79f
Ubuntu Security Notice USN-4031-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4031-1 - It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-12817
SHA-256 | c29a8b0fea956d911595a73c3f67d6fdbc5407536f94826edbbc54f9d5c4a7da
Apple Security Advisory 2019-6-20-1
Posted Jun 24, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-6-20-1 - AirPort Base Station Firmware Update 7.8.1 is now available and addresses denial of service and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | apple
advisories | CVE-2019-7291, CVE-2019-8572, CVE-2019-8573, CVE-2019-8575, CVE-2019-8578, CVE-2019-8580, CVE-2019-8581, CVE-2019-8588
SHA-256 | 2950ca97cab531b3e2e2e4562a29b089f3150156b9d3f50c8474c0dfa28ab883
Ubuntu Security Notice USN-4030-1
Posted Jun 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4030-1 - It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10321, CVE-2016-3952, CVE-2016-3957
SHA-256 | a99087702bd4f64f9a186902fa43b09a473e58c2c4153bcd31bfc5a32d36a29e
Lynis Auditing Tool 2.7.5
Posted Jun 24, 2019
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added Danish translation, Slackware end-of-life information, detection for BSD-style (rc.d) init in Linux systems, and detection of Bro and Suricata (IDS). Various other changes as well.
tags | tool, scanner
systems | unix
SHA-256 | 3d27ade73a5c1248925ad9c060024940ce5d2029f40aaa901f43314888fe324d
Flawfinder 2.0.10
Posted Jun 24, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Uses binary mode when reading a diffhitlist.
tags | tool
systems | unix
SHA-256 | f1dcb1ec3e35685e46a8512137b8062daa1d0327900177998a405feab608adeb
Microsoft Windows Font Cache Service Insecure Sections
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0755
SHA-256 | dcd4603b5df7584c96b28ba89a54652b0a598775dce738ad4fce99ceb40bfde3
Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0755
SHA-256 | e9fe2f31e8d857a922afac6a9b0dc08c238b42596dd0c0b56fd16a1c45e94752
ABB IDAL HTTP Server Uncontrolled Format String
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.

tags | exploit, web
advisories | CVE-2019-7228
SHA-256 | 2710131973cb651b312b3b4490bb6638b5ec8ddf6b94183de3c0860cb2228091
ABB IDAL HTTP Server Stack-Based Buffer Overflow
Posted Jun 24, 2019
Authored by Eldar Marcussen

The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.

tags | exploit, web, overflow
advisories | CVE-2019-7232
SHA-256 | 2421624e7ad840181ca84c4621cdcea0f08c090f97ea23834ea7b42bf7a3e813
Debian Security Advisory 4467-2
Posted Jun 24, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4467-2 - The update for vim released as DSA 4467-1 introduced a regression which broke syntax highlighting in some circumstances. Updated vim packages are now available to correct this issue.

tags | advisory
systems | linux, debian
advisories | CVE-2019-12735
SHA-256 | 7ffecaca630e2663a76860238eae9cac1f5902a80bef104d2e2fbb7bf4e233f8
FortiCam FCM-MB40 Code Execution / Privilege Escalation
Posted Jun 24, 2019
Authored by XORcat

Fortinet's FortiCam FCM-MB40 product suffers from root code execution, privilege escalation, hardcoded key, and various other vulnerabilities.

tags | exploit, root, vulnerability, code execution
SHA-256 | 9f2f94c84dfd3b5547608074fb33e50712d22787afc74eccddf998d33fd24309
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11707
SHA-256 | b47d7df6556725e46113ce7a9f4050b612e0a4f0d34456f40e8a05665685954a
Slackware Security Advisory - mozilla-firefox Updates
Posted Jun 24, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11708
SHA-256 | add5ad3d3c6c79a4ce2b1532f6867b86792f90cc9a71d0b6e4f832b2af955b62
SeedDMS out.GroupMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12801
SHA-256 | 858fb99e5e36779263c2e779c1c6c5b5f9c3310453df4715374cf21fdf6c2304
SeedDMS Remote Command Execution
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2019-12744
SHA-256 | 2e81d288604fec50132b6f4b1900c03daee7000f172b691749bfbdf578667cb3
SeedDMS out.UsrMgr.php Cross Site Scripting
Posted Jun 24, 2019
Authored by Nimit Jain

SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.

tags | exploit, php, xss
advisories | CVE-2019-12745
SHA-256 | 0dfb58e7e058dac851138d94079c3d5de11edd4c0ecb6b3903aceff14a62a710
dotProject 2.1.9 SQL Injection
Posted Jun 24, 2019
Authored by Metin Yunus Kandemir

dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2019-11354
SHA-256 | f83b0b9ab7cc250cf20670b3e253269469b0e1ce69a954e03cdb40a582c1b178
GrandNode 4.40 Path Traversal / File Download
Posted Jun 24, 2019
Authored by Corey Robinson

GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-12276
SHA-256 | fbed7b2956e1a8e6360f3649b0194bda9e49b43a49f48719668efd1f58947e81
GSearch 1.0.1.0 Denial Of Service
Posted Jun 24, 2019
Authored by 0xB9

GSearch version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | ba62efce43b899ce2cd387f6ba56249452fc4b878e070d13e8b20b66a24d43f7
AZADMIN CMS Of HIDEA 1.0 SQL Injection
Posted Jun 24, 2019
Authored by Felipe Andrian Peixoto

AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 125cc8406d43e293e53e175f89f229c1ac8e6557e4f6807c930dd94df5799f90
Linux/x86_64 Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
Posted Jun 24, 2019
Authored by Aron Mihaljevic

70 bytes small Linux/x86_64 reverse TCP shell over port 4444 shellcode.

tags | shell, tcp, shellcode
systems | linux
SHA-256 | 5b2cd8d9d58e04666560f366e8f66fd5cb9b9fdfdbab656bc1860b161d6d68ec
Quarking Password Manager 3.1.84 Clickjacking
Posted Jun 24, 2019
Authored by Gionathan Reale

Quarking Password Manager version 3.1.84 suffers from a clickjacking vulnerability.

tags | advisory
advisories | CVE-2019-12880
SHA-256 | 2eb040e7b84001af8f775088b15f1c372884013e577cbf592a2d990759f1d7aa
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close