what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-07-25

Zurmo 3.2.6 Code Evaluation
Posted Jul 25, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from a code evaluation vulnerability.

tags | exploit
SHA-256 | 82a1d8cc756528ee8137b7b08e6d5d9e92d3e0c49c41e9b1d641e0595c9b90d8
Ubuntu Security Notice USN-4072-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828
SHA-256 | 067d7fa1810947a5a71e4e63c60c2cf15d329e2fb5336677d77831ac4b96d497
Ubuntu Security Notice USN-4074-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4074-1 - It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19857, CVE-2019-12874, CVE-2019-13602, CVE-2019-5439
SHA-256 | 93e928953531bb8b7bf488a1acef6c0184de960d3f44e339736aff9fbfce79e5
Red Hat Security Advisory 2019-1851-01
Posted Jul 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1851-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-1002100, CVE-2019-10337, CVE-2019-3876
SHA-256 | 00cb28c3b08208132229ebe8054a9b8c4d8f618c66fe74f2f57958cdfda7f4fd
Zurmo 3.2.6 Reflected Cross Site Scripting
Posted Jul 25, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 272981387eb4c7d4e4980aa8c49a60c1bd14b31aa8ee2ab333760b0df2eacec1
Yahei-PHP Prober 0.4.7 HTML Injection
Posted Jul 25, 2019
Authored by LiquidWorm | Site zeroscience.mk

Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.

tags | exploit, remote, php
SHA-256 | 8b1bffb824058dcb7a5c1639547cb117aa34809316b2f941a0b2c3fc01014440
FreeBSD Security Advisory - FreeBSD-SA-19:17.fd
Posted Jul 25, 2019
Authored by Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, local, root
systems | unix, freebsd, bsd
advisories | CVE-2019-5607
SHA-256 | ed0e020ba12b1dc01aa8d83590ac696a40d1fccad60067e1fb8300dfbb889466
Red Hat Security Advisory 2019-1852-01
Posted Jul 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1852-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An incomplete fix for CVE-2019-1002101 was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-1002101, CVE-2019-11246
SHA-256 | c2b47e34d49807392fd550c9925a7fcd990d35fc8f3a2292d2097009020812e4
Ubuntu Security Notice USN-4073-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4073-1 - It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-13615
SHA-256 | 01ea518490e9ca54bcdc4a67a0d42b41cdd557600790f8bdd7f0c9b3fd2c5984
FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
Posted Jul 25, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2019-5604
SHA-256 | 22ddae49f77be04a48b0ef2c715801539b562f34653337c23b52f4f5dfa1668b
FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefs
Posted Jul 25, 2019
Authored by Mateusz Guzik | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
SHA-256 | 489c8ae54e5e9d5645a9286ff4c958fe29ebf8eb10cfad1509a4f8ce2b45cf9e
Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass
Posted Jul 25, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.

tags | exploit, bypass
SHA-256 | ec40e8e4c37ffcdffc52766b407c3f23886bf51afda9cc17f1e5746fa1ddd54b
Ubuntu Security Notice USN-4071-2
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 0b7c4a198db51cde30cce47cc6a0ae95e2c18bd207868b3dc0dab1fbed99adb0
FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32
Posted Jul 25, 2019
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5605
SHA-256 | 0e0df08026cdde81c94f8a176b172a71c19e15379445944e64ecdd04b7315690
FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
Posted Jul 25, 2019
Authored by syzkaller | Site security.freebsd.org

FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

tags | advisory, kernel, root
systems | freebsd, bsd, osx
advisories | CVE-2019-5606
SHA-256 | c20e2ba9892c896b4cdba0602e7caccb54edd10e2ab74a179baf8dc75414522d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close