exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2019-07-27

Schneider Electric Pelco Endura NET55XX Encoder
Posted Jul 27, 2019
Authored by Lucas Dinucci, Vitor Esperanca | Site metasploit.com

This Metasploit module exploits inadequate access controls within the Schneider Electric Pelco Endura NET55XX webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.

tags | exploit, root
advisories | CVE-2019-6814
SHA-256 | 9f1a1fca209500f23a5d828a6c170bd77e26b7a3c4b045f75fc08a8419a6a484
ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition
Posted Jul 27, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.

tags | advisory, remote
advisories | CVE-2019-14261
SHA-256 | e98fe47d41ddf0ca24e6f78dac777943006f689fe3cefe75519fcbab7d77131d
Red Hat Security Advisory 2019-1862-01
Posted Jul 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1862-01 - As part of the maintenance phase, qualified security patches of Critical or Important impact, as well as select mission-critical bug-fix patches, were released for Red Hat OpenShift Enterprise 3.6 and 3.7. After July 31st, 2019, customers will not receive those updates.

tags | advisory
systems | linux, redhat
SHA-256 | 84de603b8b2616f22abb4cf93b0029a2760bb8fb071c4a489c3a2b16b1f2938c
Ubuntu Security Notice USN-4076-1
Posted Jul 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4076-1 - It was discovered that a race condition existed in the Serial Attached SCSI implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-20836, CVE-2019-10142, CVE-2019-11833, CVE-2019-11884, CVE-2019-2054, CVE-2019-9503
SHA-256 | b13795081982c85c2eb246df67545853716b79439ee19e7a1344e8637acedcee
WordPress Database Backup Remote Command Execution
Posted Jul 27, 2019
Authored by Shelby Pace, Mikey Veenstra | Site metasploit.com

There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page. The names of the excluded tables are included in the mysqldump command unsanitized. Arbitrary commands injected through the wp_db_exclude_table parameter are executed each time the functionality for creating a new database backup are run. Authentication is required to successfully exploit this vulnerability.

tags | exploit, arbitrary
SHA-256 | 401ad527c7daa315ba1bf0e69bfa9cc8df0e398c4a05459107a808ada7823a8d
Logwatch 7.5.2
Posted Jul 27, 2019
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 5d9c1a6eaf082b880c61895914824e347c6d63ad2a31cfc150f384a3e68ce5fb
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close