what you don't know can hurt you
Showing 1 - 25 of 426 RSS Feed

Files Date: 2019-08-01 to 2019-08-31

Ping Identity Agentless Integration Kit Cross Site Scripting
Posted Aug 30, 2019
Authored by Thomas Konrad | Site sba-research.org

Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-13564
MD5 | 90202023fa36c339da0206d4fe19c467
SSLsplit 0.5.5
Posted Aug 30, 2019
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Added -A option for specifying a default leaf certificate instead of generating it on the fly. Increased the default RSA leaf key size to 2048 bits and force an OpenSSL security level of 0 in order to maximize interoperability in the default configuration. Various other bug fixes and updates.
tags | tool, encryption
MD5 | c9628996a930bd18ce8e635dbedf0362
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.

tags | exploit, spoof
MD5 | 0939a6e730c410be2d31a0edca0b654c
Zyxel NWA/NAP/WAC Hardcoded Credentials
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

tags | exploit
MD5 | 732ba97c2b92f9c52f82438a5b2e62cb
DomainMod 4.13 Cross Site Scripting
Posted Aug 30, 2019
Authored by Damian Ebelties

DomainMod versions 4.13 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15811
MD5 | abdd89fa42b1d5294293585a994a23d3
Sentrifugo 3.2 Cross Site Scripting
Posted Aug 30, 2019
Authored by creosote

Sentrifugo version 3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15814
MD5 | 203f0c12e7ce8ea1526b805548d1d366
Sentrifugo 3.2 File Upload Restriction Bypass
Posted Aug 30, 2019
Authored by creosote

Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2019-15813
MD5 | 655fed3acb14010214d2abf09b493d71
Canon PRINT 2.5.5 URI Injection
Posted Aug 30, 2019
Authored by 0x48piraj

Canon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability.

tags | exploit
advisories | CVE-2019-14339
MD5 | 12c45ab214d78e4716fdb4da980abe18
VX Search Enterprise 10.4.16 Denial Of Service
Posted Aug 30, 2019
Authored by James Chamberlain

VX Search Enterprise version 10.4.16 suffers from a User-Agent denial of service vulnerability.

tags | exploit, denial of service
MD5 | 70db1550245dfdf594fae85bd5db5166
WordPress WooCommerce Product Feed 2.2.18 Cross Site Scripting
Posted Aug 30, 2019
Authored by Damian Ebelties

WordPress WooCommerce Product Feed plugin versions 2.2.18 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-1010124
MD5 | d285a91dd10aac06903b90b2aede7ce1
YouPHPTube 7.4 Remote Code Execution
Posted Aug 30, 2019
Authored by Damian Ebelties

YouPHPTube version 7.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 6741f9dc5203d6377ef0616a76b6be15
Easy MP3 Downloader 4.7.8.8 Denial Of Service
Posted Aug 30, 2019
Authored by Mohan Ravichandran, Snazzy Sanoj

Easy MP3 Downloader version 4.7.8.8 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | b383979ed72321cd99f77daa5061fcc5
SQL Server Password Changer 1.90 Denial Of Service
Posted Aug 30, 2019
Authored by Velayutham Selvaraj, Praveen Thiyagarayam

SQL Server Password Changer version 1.90 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 8bfa84099cfc8812f6a672ddb08f7cf5
Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation
Posted Aug 30, 2019
Authored by Athanasios Tserpelis

Asus Precision TouchPad version 11.0.0.25 suffers from denial of service and privilege escalation via pool overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
advisories | CVE-2019-10709
MD5 | 7c6e0afea20f92a97d7e821769e9a53e
Sony PlayStation Vita (PS Vita) - How To Find Savedata Exploits
Posted Aug 30, 2019
Authored by TheFloW

This is a brief whitepaper on how to find savedata exploits on Sony PlayStation Vita (PS Vita).

tags | paper
MD5 | 5d95461465519fb5f8b887494aae187a
Ubuntu Security Notice USN-4113-1
Posted Aug 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4113-1 - Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-0197, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517
MD5 | 599a920f74022391b3784ad5e42c2f5b
GGPowerShell / Windows PowerShell Remote Command Execution
Posted Aug 30, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.

tags | exploit, python
systems | windows
MD5 | 9592257d1332e2c7094af04e4b98bda7
WebKitGTK+ / WPE WebKit Code Execution / XSS
Posted Aug 30, 2019
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from code execution, universal cross site scripting, and memory corruption vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690
MD5 | 6a2dc454c23ad438ad79876d3a2b48db
QEMU Denial Of Service
Posted Aug 30, 2019
Authored by vishnudevtj

QEMU suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-14378
MD5 | 78b5e64a07ffde1637ff6ddc052faf6f
Red Hat Security Advisory 2019-2582-01
Posted Aug 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2582-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2019-1010238
MD5 | e15fb77543f162bb1afbc16aab891bd1
Ubuntu Security Notice USN-4112-1
Posted Aug 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4112-1 - Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-10222
MD5 | a95d71c39c3dd3de4228074ce79f499e
Ubuntu Security Notice USN-4111-1
Posted Aug 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4111-1 - Hiroki Matsukuma discovered that the PDF interpreter in Ghostscript did not properly restrict privileged calls when -dSAFER restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14811
MD5 | fab5733c74298a67673ccaf109578971
PilusCart 1.4.1 Local File Disclosure
Posted Aug 29, 2019
Authored by Damian Ebelties

PilusCart versions 1.4.1 and below suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 4bae8ce50378d0371e0c7e3bff94acfa
Jobberbase 2.0 subscribe SQL Injection
Posted Aug 29, 2019
Authored by Damian Ebelties

Jobberbase version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0f6c67a7a6213fcb3e36670a66308a99
Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access
Posted Aug 29, 2019
Authored by Google Security Research, lokihardt

Webkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform.

tags | exploit
advisories | CVE-2019-8689
MD5 | 83802804222d263c0865b1beea73d343
Page 1 of 18
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close