what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2019-09-16

LastPass Credential Leak From Previous Site
Posted Sep 16, 2019
Authored by Tavis Ormandy, Google Security Research

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

tags | exploit
MD5 | 868ccacf1a79234f0073d4e84c526158
Ubuntu Security Notice USN-4124-2
Posted Sep 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4124-2 - USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-15846
MD5 | 96cc6b097f3176d6115b243fc194fdee
Debian Security Advisory 4523-1
Posted Sep 16, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4523-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.

tags | advisory, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752
MD5 | ddf3032ad011c83b2ac786de6545870e
Inteno IOPSYS Gateway 3DES Key Extraction Improper Access
Posted Sep 16, 2019
Authored by Gerard Fuguet

Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.

tags | exploit, web
advisories | CVE-2019-13140
MD5 | 42d98d4eb695d10843154434df1ef4f3
Red Hat Security Advisory 2019-2774-01
Posted Sep 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752
MD5 | 2345ff0764a023bcbe9575f6569f4b03
Ubuntu Security Notice USN-4134-1
Posted Sep 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-14822
MD5 | 6002dfaf1a23b111091bd34ff316b088
docPrint Pro 8.0 SEH Buffer Overflow
Posted Sep 16, 2019
Authored by Connor McGarr

docPrint Pro version 8.0 suffers from a SEH buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 5308c4595d22a62a948464471901acc2
Ubuntu Security Notice USN-4133-1
Posted Sep 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2019-12295
MD5 | 5beae93d0843329763e065d95b120cde
Debian Security Advisory 4522-1
Posted Sep 16, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4522-1 - Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-19502, CVE-2018-19503, CVE-2018-19504, CVE-2018-20194, CVE-2018-20195, CVE-2018-20197, CVE-2018-20198, CVE-2018-20357, CVE-2018-20358, CVE-2018-20359, CVE-2018-20361, CVE-2018-20362, CVE-2019-15296
MD5 | a595a24b5bcbf799d382af553b3e2130
AppXSvc 17763.1.amd64fre.rs5_release.180914-1434 Privilege Escalation
Posted Sep 16, 2019
Authored by Gabor Seljan

AppXSvc version 17763.1.amd64fre.rs5_release.180914-1434 suffers from an arbitrary file security descriptor overwrite privilege escalation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2019-1253
MD5 | bcc6ebfdae931fcb8e576b663d612f88
Master Data Online Cross Site Request Forgery / Data Tampering
Posted Sep 16, 2019
Authored by Prithwish Pal

Master Data Online suffers from a cross site request forgery vulnerability that allows for data tampering.

tags | exploit, csrf
advisories | CVE-2018-17789
MD5 | 69777c8a3ab73daec61eecb03a1a96e5
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close