what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 426 RSS Feed

Files Date: 2019-08-01 to 2019-08-31

Ping Identity Agentless Integration Kit Cross Site Scripting
Posted Aug 30, 2019
Authored by Thomas Konrad | Site sba-research.org

Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-13564
SHA-256 | 9c150c77a9bce6accc3723843ec65700cdd8208915df10e20c19c5f97162c324
SSLsplit 0.5.5
Posted Aug 30, 2019
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Added -A option for specifying a default leaf certificate instead of generating it on the fly. Increased the default RSA leaf key size to 2048 bits and force an OpenSSL security level of 0 in order to maximize interoperability in the default configuration. Various other bug fixes and updates.
tags | tool, encryption
SHA-256 | ba0473fd01428439e0cf22fae80fdd26d08a0bcf85e17c82177cb0810b700faf
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.

tags | exploit, spoof
SHA-256 | d1f54ec01ba5b00cfa34a2d4469ebf60d85f134038071b4ccda0eb845965f314
Zyxel NWA/NAP/WAC Hardcoded Credentials
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

tags | exploit
SHA-256 | d8f9966f1cf6cfdad043939000c11dc5d57af44b55eeecde1c7d7957838c81b4
DomainMod 4.13 Cross Site Scripting
Posted Aug 30, 2019
Authored by Damian Ebelties

DomainMod versions 4.13 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15811
SHA-256 | 9a77f200dfd9284cde8bc12162d2ecae0bf890cf467a7745345eb70d55467bb6
Sentrifugo 3.2 Cross Site Scripting
Posted Aug 30, 2019
Authored by creosote

Sentrifugo version 3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15814
SHA-256 | 8dea7b371326fb8468052218e1872aad7430951da5e6046ca8028361288c698b
Sentrifugo 3.2 File Upload Restriction Bypass
Posted Aug 30, 2019
Authored by creosote

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2019-15813
SHA-256 | b2ddc21cc34e199f03eedef6284b088fa2d72d49ab537de7e5b2543954cdb82f
Canon PRINT 2.5.5 URI Injection
Posted Aug 30, 2019
Authored by 0x48piraj

Canon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability.

tags | exploit
advisories | CVE-2019-14339
SHA-256 | dcee22bdc054fa25db75dc967498a61dd74c7c4e8473502f78c6cd765b702afe
VX Search Enterprise 10.4.16 Denial Of Service
Posted Aug 30, 2019
Authored by James Chamberlain

VX Search Enterprise version 10.4.16 suffers from a User-Agent denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 60b99a7d14ce76ff859d716709231c8d1f25d64cb75f0399d5946a59cedde6f0
WordPress WooCommerce Product Feed 2.2.18 Cross Site Scripting
Posted Aug 30, 2019
Authored by Damian Ebelties

WordPress WooCommerce Product Feed plugin versions 2.2.18 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-1010124
SHA-256 | 7ee650f72feb594831ea81668b440c5432a38be763e03140bfab5492b60b0070
YouPHPTube 7.4 Remote Code Execution
Posted Aug 30, 2019
Authored by Damian Ebelties

YouPHPTube version 7.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | c852da415cdb99461bf905a3cb99585852af22f48fff8fe570f06294bdb68d86
Easy MP3 Downloader 4.7.8.8 Denial Of Service
Posted Aug 30, 2019
Authored by Mohan Ravichandran, Snazzy Sanoj

Easy MP3 Downloader version 4.7.8.8 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 671ab08abaabae5d4f64ce0841a94831e10eaa969212276ba7a2338810f61664
SQL Server Password Changer 1.90 Denial Of Service
Posted Aug 30, 2019
Authored by Velayutham Selvaraj, Praveen Thiyagarayam

SQL Server Password Changer version 1.90 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | bbc27cbf7d71b466a23989a55d074b52453f4374b992b76b635867bdad570c3c
Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation
Posted Aug 30, 2019
Authored by Athanasios Tserpelis

Asus Precision TouchPad version 11.0.0.25 suffers from denial of service and privilege escalation via pool overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
advisories | CVE-2019-10709
SHA-256 | 781fa5fb4c090fbf82b363a4a66c005d97b1e04a7867c3bca917aeebee30c6fa
Sony PlayStation Vita (PS Vita) - How To Find Savedata Exploits
Posted Aug 30, 2019
Authored by TheFloW

This is a brief whitepaper on how to find savedata exploits on Sony PlayStation Vita (PS Vita).

tags | paper
SHA-256 | 188612d0c7a2539a8f339aa1aea144f2e79cae8e31e8f935cf054251a5ed4586
Ubuntu Security Notice USN-4113-1
Posted Aug 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4113-1 - Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-0197, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517
SHA-256 | fc01073e29fa98b6982a2c858a17b8ca2bb20084a922393ce6c10b57d28d56cf
GGPowerShell / Windows PowerShell Remote Command Execution
Posted Aug 30, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.

tags | exploit, python
systems | windows
SHA-256 | c030abc642a4fc06451a399c9721d06640d3154f8771ff2127c3bd516db33192
WebKitGTK+ / WPE WebKit Code Execution / XSS
Posted Aug 30, 2019
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from code execution, universal cross site scripting, and memory corruption vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690
SHA-256 | 717a870dd2bc0256ddcda1abe745089002e9d297d7a372d49f1407bce3834e9d
QEMU Denial Of Service
Posted Aug 30, 2019
Authored by vishnudevtj

QEMU suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-14378
SHA-256 | a7ace3948d40801e615564c65a1588dd104cf00c12897845832d6f387b26efdf
Red Hat Security Advisory 2019-2582-01
Posted Aug 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2582-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2019-1010238
SHA-256 | 33c998429349460bae19a84051c87330740bd0e090eb14a23238b5ffc6016149
Ubuntu Security Notice USN-4112-1
Posted Aug 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4112-1 - Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-10222
SHA-256 | 6bdf721ecf66ba3944cc831f4f5afda69ab1538183c30580680e689e202d623a
Ubuntu Security Notice USN-4111-1
Posted Aug 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4111-1 - Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when -dSAFER restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14811
SHA-256 | 1d8927fb5ab42e83bac5c9d5b553f9406fcbe964befd3851ce63f6117f2e091d
PilusCart 1.4.1 Local File Disclosure
Posted Aug 29, 2019
Authored by Damian Ebelties

PilusCart versions 1.4.1 and below suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | f8908a36266e411cbdc113acc916de9d269db31ab793db6595c6e0bbb98e674b
Jobberbase 2.0 subscribe SQL Injection
Posted Aug 29, 2019
Authored by Damian Ebelties

Jobberbase version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2b83d68859013bc6ed71c264b4a1f6e1105169783e4a3c067eb12b60f7b8572a
Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access
Posted Aug 29, 2019
Authored by Google Security Research, lokihardt

Webkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform.

tags | exploit
advisories | CVE-2019-8689
SHA-256 | 13d8e2202cdebf7ff53e2e5906bdd6ba343e47a89003e53597579db4cb95bcdc
Page 1 of 18
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close