exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-07-25

Zurmo 3.2.6 Code Evaluation
Posted Jul 25, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from a code evaluation vulnerability.

tags | exploit
MD5 | 825313b44d48c62e9ca69eb1bc52d147
Ubuntu Security Notice USN-4072-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-7481, CVE-2018-10855, CVE-2018-10874, CVE-2018-10875, CVE-2018-16837, CVE-2018-16876, CVE-2019-10156, CVE-2019-3828
MD5 | 7a9cfe8749c9081a9cb43d26360a411c
Ubuntu Security Notice USN-4074-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4074-1 - It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19857, CVE-2019-12874, CVE-2019-13602, CVE-2019-5439
MD5 | 98d063a4a90905f35923e7e5c06fdf41
Red Hat Security Advisory 2019-1851-01
Posted Jul 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1851-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-1002100, CVE-2019-10337, CVE-2019-3876
MD5 | 0a490a62cd644c7eabbd35c6dded57bc
Zurmo 3.2.6 Reflected Cross Site Scripting
Posted Jul 25, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 839020b869775fcef206dc40e15f1655
Yahei-PHP Prober 0.4.7 HTML Injection
Posted Jul 25, 2019
Authored by LiquidWorm | Site zeroscience.mk

Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.

tags | exploit, remote, php
MD5 | eb98108b01a92b8fac447bf19361759a
FreeBSD Security Advisory - FreeBSD-SA-19:17.fd
Posted Jul 25, 2019
Authored by Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, local, root
systems | unix, freebsd, bsd
advisories | CVE-2019-5607
MD5 | 1a3189674b2fd461c7cc9af0c29d8185
Red Hat Security Advisory 2019-1852-01
Posted Jul 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1852-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An incomplete fix for CVE-2019-1002101 was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-1002101, CVE-2019-11246
MD5 | 4ace2fa6705186dd4aeb8673c341460c
Ubuntu Security Notice USN-4073-1
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4073-1 - It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-13615
MD5 | 5007b5b8ba8339596b2050f0e89f7381
FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
Posted Jul 25, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2019-5604
MD5 | 71bf823754b425dc351c08e498f7d8ae
FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefs
Posted Jul 25, 2019
Authored by Mateusz Guzik | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
MD5 | 17ac53321b9a37616cc3344652d76b23
Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass
Posted Jul 25, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.

tags | exploit, bypass
MD5 | edccc27accadec979aa2288aff49d66c
Ubuntu Security Notice USN-4071-2
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
MD5 | d854ed586ced9b20e684ddfb1f595dbd
FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32
Posted Jul 25, 2019
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5605
MD5 | 5736cbc3b6e4753872fa443e695addc6
FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
Posted Jul 25, 2019
Authored by syzkaller | Site security.freebsd.org

FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

tags | advisory, kernel, root
systems | freebsd, bsd, osx
advisories | CVE-2019-5606
MD5 | bb73159089c28abc1e386b3526667139
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close