what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-09-06

LibreNMS Collectd Command Injection
Posted Sep 6, 2019
Authored by Eldar Marcussen, Shelby Pace | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

tags | exploit, shell, code execution
advisories | CVE-2019-10669
SHA-256 | e40f291b536ddb530c9c679f17c98644fcd1bd9ef0a75a355c8b3a8fc1d135c0
October CMS Upload Protection Bypass Code Execution
Posted Sep 6, 2019
Authored by Anti Rais, Touhid M.Shaikh, SecureLayer7.net | Site metasploit.com

This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.

tags | exploit, php
systems | linux, ubuntu
advisories | CVE-2017-1000119
SHA-256 | 018cfd6c1eb8529baff5fa0a0a5365e86412dcf24e53e0a9dac7f7b274f80338
Gentoo Linux Security Advisory 201909-05
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-5 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.24.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11070, CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672
SHA-256 | e81d3bba983859b90c9aaf0195b51c5952f6e48a02c26660ff1f3fc6889526e9
Gentoo Linux Security Advisory 201909-04
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-4 - Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition. Versions less than 2.4.41 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517
SHA-256 | 946fd77a8589b7abace8328500ac0cbb9733cba80c9adbeca01e2508f1b62ea0
Gentoo Linux Security Advisory 201909-03
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-3 - A buffer overflow in Pango might allow an attacker to execute arbitrary code. Versions less than 1.42.4-r2 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-1010238
SHA-256 | 7c1940fc30503650593e22655f582b0c7543b6481f2817d42681f9abe568f699
Gentoo Linux Security Advisory 201909-02
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-2 - Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code. Versions less than 3.0.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970
SHA-256 | 7bb9692d022c6948ea032af32ab718517cb186aba35c662e2fe07fc40e8169e0
Gentoo Linux Security Advisory 201909-01
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
SHA-256 | b9a00e1e7aadf66dc3afffae944c15940289010215cad6e8e25e0089b75effb4
Microsoft Windows 10 UAC Protection Bypass Via Windows Store
Posted Sep 6, 2019
Authored by timwr, sailay1996, ACTIVELabs | Site metasploit.com

This Metasploit module exploits a flaw in the WSReset.exe Windows Store Reset Tool. The tool is run with the "autoElevate" property set to true, however it can be moved to a new Windows directory containing a space (C:\Windows \System32\) where, upon execution, it will load our payload dll (propsys.dll).

tags | exploit
systems | windows
SHA-256 | 5772d80c89ffdf34ee4b98d8439e444a0c17923e2cae393bbe2593bcae61ffd4
Ubuntu Security Notice USN-4124-1
Posted Sep 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4124-1 - It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-15846
SHA-256 | 6492ae1d2957a586b96a98dece302e3f62bf57c5792fc38481f336ff9ba98a3b
Debian Security Advisory 4517-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4517-1 - "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2019-15846
SHA-256 | 48c9e7e3415df4075f9fcb477fc3b8cd54fa5aa909f175f1c2839f3653a83d56
WordPress 5.2.3 Remote Cross Site Host Modification
Posted Sep 6, 2019
Authored by Todor Donev

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.

tags | exploit, remote, proof of concept
SHA-256 | 1a67567c849803b819562bd468397e980bdac341a6d0c34e47b37bef8c293f41
Facebook Messenger Denial Of Service
Posted Sep 6, 2019
Authored by Social Engineering Neo

Facebook Messenger suffered from an application crash denial of service vulnerability when sent a single hyphen.

tags | exploit, denial of service
SHA-256 | b7528b2f2311c865c1cc203f37ffd1afa7e7fa6fa6578ece6d8d405ca9fbe40b
Microsoft Windows NTFS Privileged File Access Enumeration
Posted Sep 6, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.

tags | exploit
systems | windows
SHA-256 | 5e05030a16a75dc42812b10db9f0a4214eabae8a286c1c59d881691722d51c29
Debian Security Advisory 4516-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4516-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.

tags | advisory, web, denial of service, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
SHA-256 | fdf02e607914d7c6918476e9a49d8519122450a5482135a234e0fcc44c9b6bc1
FusionPBX 4.4.8 Remote Code Execution
Posted Sep 6, 2019
Authored by Askar

FusionPBX version 4.4.8 remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 3f9ccb9b6a54502ec081f485fb044474a5a2fa76fa573edbcbb6734679ef0eb3
Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution
Posted Sep 6, 2019
Authored by Alyssa Herrera, Justin Wagner

Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2019-11539
SHA-256 | 428ddb0b67961d1a87be1c6c6acc41e678e23d1cbb23562598e8a6d6caf8b149
Deep Dive Into .NET Malwares
Posted Sep 6, 2019
Authored by Sudeep Singh

This whitepaper provides an in-depth deep dive analysis into .NET malware.

tags | paper
SHA-256 | 4bf2a76e6ce65ee5d3885552452725dbcd30099c84069e4aa2d4e7d6bff0e016
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close