exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-07-26

Zurmo 3.2.6 Persistent Cross Site Scripting
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 78dd4cf9cac1ce59afb343a7d09687c57a8237d03c13a57ddf725f905d8fdbfe
Zurmo 3.2.6 Iframe Injection
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an iframe injection vulnerability.

tags | exploit
SHA-256 | be149ee47f765fcce8f2b2994d34e9eaee177b91190c25d3cb463249050e9ac7
Zurmo 3.2.6 Open Redirection
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 8b719a489c483b76d9ccc18497e929ce77707eb873424068907ff05ba6b03807
Zurmo 3.2.6 Out Of Band Code Evaluation
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an out-of-band code evaluation vulnerability.

tags | exploit
SHA-256 | 7c3e153c94a1ce42cab8549f0468f88ce426261b7a57e8d156c769fa02e84043
Ubuntu Security Notice USN-4054-2
Posted Jul 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, xss, csrf
systems | linux, ubuntu
advisories | CVE-2019-11711, CVE-2019-11715, CVE-2019-11719, CVE-2019-11724, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
SHA-256 | 9573711ae77b9f804c17bb7d87e64c1ac94e7240fc30836a442eedef386d1b66
Ahsay Backup 7.x / 8.x XML Injection
Posted Jul 26, 2019
Authored by Wietse Boonstra

Ahsay Backup versions 7.x through 8.1.1.50 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-10266
SHA-256 | dd8c01c9f85afcf5145302b1adfc9557936417386490d477aa5caa61b6d6728b
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra | Site metasploit.com

This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!

tags | exploit, remote, shell, code execution, file upload
systems | linux, windows
advisories | CVE-2019-10267
SHA-256 | 83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra

Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file upload
advisories | CVE-2019-10267
SHA-256 | 8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421
Ubuntu Security Notice USN-4075-1
Posted Jul 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4075-1 - Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2019-13917
SHA-256 | af9a5c43a6ba001d6f9f739c96c14a1101ba928e6aaf880efbaa5758c3abbddc
Red Hat Security Advisory 2019-1860-01
Posted Jul 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1860-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-11218, CVE-2018-11219, CVE-2018-12326, CVE-2019-10192
SHA-256 | 92cb9170061d200be1f9a585a697be5ef625c327ae3d702c2440eeabc521f848
pdfresurrect 0.15 Buffer Overflow
Posted Jul 26, 2019
Authored by j0lama

pdfresurrect version 0.15 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-14267
SHA-256 | 6573e21a72fbf0b36261b1749b306359e3b8af17322ae8b0324340888de8e1f4
Moodle Filepicker 3.5.2 Server-Side Request Forgery
Posted Jul 26, 2019
Authored by Nick Theisinger, Fabian Mosch

Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2018-1042
SHA-256 | 9e99304545fd9a554cb40ac8cb40e946e4c7484cbdb93f93a8b78d93ab0d1bce
Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation
Posted Jul 26, 2019
Authored by ShivamTrivedi

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

tags | exploit, x86, local
systems | windows
advisories | CVE-2019-1132
SHA-256 | 48d06e50b882f363ce29fb915222dd7ed84f617e38b68912b67b47eacf8f0564
iMessage DigitalTouch Out-Of-Bounds Read
Posted Jul 26, 2019
Authored by Google Security Research, natashenka

iMessage suffers from an out-of-bounds read vulnerability in DigitalTouch tap message processing.

tags | exploit
advisories | CVE-2019-8624
SHA-256 | 43c0de1b0e61b238665de50f7e836ad89cf87bcb0d36b06a11a92a974125f5c3
WebKit Synchronous Page Load Universal Cross Site Scripting
Posted Jul 26, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from a universal cross site scripting vulnerability due to synchronous page loads.

tags | exploit, xss
advisories | CVE-2019-8649
SHA-256 | 96f6f97eb65f02184266b09e95ea13a191470ecb65a4f697ed07cd10157d7b04
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close