what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-09-06

LibreNMS Collectd Command Injection
Posted Sep 6, 2019
Authored by Eldar Marcussen, Shelby Pace | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

tags | exploit, shell, code execution
advisories | CVE-2019-10669
MD5 | 4480c86153083ea98f618156ca80c47b
October CMS Upload Protection Bypass Code Execution
Posted Sep 6, 2019
Authored by Anti Rais, Touhid M.Shaikh, SecureLayer7.net | Site metasploit.com

This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.

tags | exploit, php
systems | linux, ubuntu
advisories | CVE-2017-1000119
MD5 | 577544e8738172a5269aa660dcf271ea
Gentoo Linux Security Advisory 201909-05
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-5 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.24.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11070, CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672
MD5 | 22e7c150aafd4b1ef5d4ef04c68102dc
Gentoo Linux Security Advisory 201909-04
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-4 - Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition. Versions less than 2.4.41 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2019-9517
MD5 | b7e2ec2f187750b6821de061c6e7ef30
Gentoo Linux Security Advisory 201909-03
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-3 - A buffer overflow in Pango might allow an attacker to execute arbitrary code. Versions less than 1.42.4-r2 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-1010238
MD5 | 3fc4435140e88dc165e8f2f1e76b9a7b
Gentoo Linux Security Advisory 201909-02
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-2 - Multiple vulnerabilities have been found in VLC, the worst of which could result in the arbitrary execution of code. Versions less than 3.0.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970
MD5 | 9f885bf2f3dda6d1684415d9e7519db6
Gentoo Linux Security Advisory 201909-01
Posted Sep 6, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
MD5 | 8e0bb972c12f551aeb803dc511351152
Microsoft Windows 10 UAC Protection Bypass Via Windows Store
Posted Sep 6, 2019
Authored by timwr, sailay1996, ACTIVELabs | Site metasploit.com

This Metasploit module exploits a flaw in the WSReset.exe Windows Store Reset Tool. The tool is run with the "autoElevate" property set to true, however it can be moved to a new Windows directory containing a space (C:\Windows \System32\) where, upon execution, it will load our payload dll (propsys.dll).

tags | exploit
systems | windows
MD5 | b188fc5d0237e2798ceb17453907bcbe
Ubuntu Security Notice USN-4124-1
Posted Sep 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4124-1 - It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-15846
MD5 | 80829915cb70bfff960bd00382ae0fcb
Debian Security Advisory 4517-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4517-1 - "Zerons" and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges.

tags | advisory, overflow, arbitrary, root
systems | linux, debian
advisories | CVE-2019-15846
MD5 | 917fd1ab543da423c5a922e3d0043040
WordPress 5.2.3 Remote Cross Site Host Modification
Posted Sep 6, 2019
Authored by Todor Donev

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.

tags | exploit, remote, proof of concept
MD5 | a24e8725d0673921cf2836f076c013d4
Facebook Messenger Denial Of Service
Posted Sep 6, 2019
Authored by Social Engineering Neo

Facebook Messenger suffered from an application crash denial of service vulnerability when sent a single hyphen.

tags | exploit, denial of service
MD5 | f9c39e248cc5f36277b1a247ed2200ab
Microsoft Windows NTFS Privileged File Access Enumeration
Posted Sep 6, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.

tags | exploit
systems | windows
MD5 | 8f8a5a6cf1cf40cfec6b841ca09e2618
Debian Security Advisory 4516-1
Posted Sep 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4516-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, bypass of the same-origin policy, sandbox escape, information disclosure or denial of service.

tags | advisory, web, denial of service, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
MD5 | 4f51cfe384f8c7d3c4a9699c848b5719
FusionPBX 4.4.8 Remote Code Execution
Posted Sep 6, 2019
Authored by Askar

FusionPBX version 4.4.8 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 0c516823852522b8ca82abb6defe813b
Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution
Posted Sep 6, 2019
Authored by Alyssa Herrera, Justin Wagner

Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2019-11539
MD5 | 86d78b8af9738ec8a8ba5b6eb9822ba1
Deep Dive Into .NET Malwares
Posted Sep 6, 2019
Authored by Sudeep Singh

This whitepaper provides an in-depth deep dive analysis into .NET malware.

tags | paper
MD5 | 48defef9492f0c5d095d6ecec56c6756
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close