what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-09-06

LibreNMS Collectd Command Injection
Posted Sep 6, 2019
Authored by Eldar Marcussen, Shelby Pace | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

tags | exploit, shell, code execution
advisories | CVE-2019-10669
SHA-256 | e40f291b536ddb530c9c679f17c98644fcd1bd9ef0a75a355c8b3a8fc1d135c0
October CMS Upload Protection Bypass Code Execution
Posted Sep 6, 2019
Authored by Anti Rais, Touhid M.Shaikh, SecureLayer7.net | Site metasploit.com

This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.

tags | exploit, php
systems | linux, ubuntu
advisories | CVE-2017-1000119
SHA-256 | 018cfd6c1eb8529baff5fa0a0a5365e86412dcf24e53e0a9dac7f7b274f80338
Gentoo Linux Security Advisory 201909-05
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-5 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.24.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11070, CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672
SHA-256 | e81d3bba983859b90c9aaf0195b51c5952f6e48a02c26660ff1f3fc6889526e9
Gentoo Linux Security Advisory 201909-04
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-4 - Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition. Versions less than 2.4.41 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517
SHA-256 | 946fd77a8589b7abace8328500ac0cbb9733cba80c9adbeca01e2508f1b62ea0
Gentoo Linux Security Advisory 201909-03
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-3 - A buffer overflow in Pango might allow an attacker to execute arbitrary code. Versions less than 1.42.4-r2 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-1010238
SHA-256 | 7c1940fc30503650593e22655f582b0c7543b6481f2817d42681f9abe568f699
Gentoo Linux Security Advisory 201909-02
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-2 - Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code. Versions less than 3.0.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970
SHA-256 | 7bb9692d022c6948ea032af32ab718517cb186aba35c662e2fe07fc40e8169e0
Gentoo Linux Security Advisory 201909-01
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
SHA-256 | b9a00e1e7aadf66dc3afffae944c15940289010215cad6e8e25e0089b75effb4
Microsoft Windows 10 UAC Protection Bypass Via Windows Store
Posted Sep 6, 2019
Authored by timwr, sailay1996, ACTIVELabs | Site metasploit.com

This Metasploit module exploits a flaw in the WSReset.exe Windows Store Reset Tool. The tool is run with the "autoElevate" property set to true, however it can be moved to a new Windows directory containing a space (C:\Windows \System32\) where, upon execution, it will load our payload dll (propsys.dll).

tags | exploit
systems | windows
SHA-256 | 5772d80c89ffdf34ee4b98d8439e444a0c17923e2cae393bbe2593bcae61ffd4
Ubuntu Security Notice USN-4124-1
Posted Sep 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4124-1 - It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-15846
SHA-256 | 6492ae1d2957a586b96a98dece302e3f62bf57c5792fc38481f336ff9ba98a3b
Debian Security Advisory 4517-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4517-1 - "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2019-15846
SHA-256 | 48c9e7e3415df4075f9fcb477fc3b8cd54fa5aa909f175f1c2839f3653a83d56
WordPress 5.2.3 Remote Cross Site Host Modification
Posted Sep 6, 2019
Authored by Todor Donev

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.

tags | exploit, remote, proof of concept
SHA-256 | 1a67567c849803b819562bd468397e980bdac341a6d0c34e47b37bef8c293f41
Facebook Messenger Denial Of Service
Posted Sep 6, 2019
Authored by Social Engineering Neo

Facebook Messenger suffered from an application crash denial of service vulnerability when sent a single hyphen.

tags | exploit, denial of service
SHA-256 | b7528b2f2311c865c1cc203f37ffd1afa7e7fa6fa6578ece6d8d405ca9fbe40b
Microsoft Windows NTFS Privileged File Access Enumeration
Posted Sep 6, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.

tags | exploit
systems | windows
SHA-256 | 5e05030a16a75dc42812b10db9f0a4214eabae8a286c1c59d881691722d51c29
Debian Security Advisory 4516-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4516-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.

tags | advisory, web, denial of service, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
SHA-256 | fdf02e607914d7c6918476e9a49d8519122450a5482135a234e0fcc44c9b6bc1
FusionPBX 4.4.8 Remote Code Execution
Posted Sep 6, 2019
Authored by Askar

FusionPBX version 4.4.8 remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 3f9ccb9b6a54502ec081f485fb044474a5a2fa76fa573edbcbb6734679ef0eb3
Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution
Posted Sep 6, 2019
Authored by Alyssa Herrera, Justin Wagner

Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2019-11539
SHA-256 | 428ddb0b67961d1a87be1c6c6acc41e678e23d1cbb23562598e8a6d6caf8b149
Deep Dive Into .NET Malwares
Posted Sep 6, 2019
Authored by Sudeep Singh

This whitepaper provides an in-depth deep dive analysis into .NET malware.

tags | paper
SHA-256 | 4bf2a76e6ce65ee5d3885552452725dbcd30099c84069e4aa2d4e7d6bff0e016
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close