This archive contains all of the 160 exploits added to Packet Storm in September, 2019.
28be43dd6e4a9a5141252b0b8bda06005535aa077a9bffeddfb497821677265fLG-ERICSSON LN202-003H HomeHub router remote configuration disclosure exploit.
987e3db9cd9808f34aa4883b65321ead1c66b510417b5dce16b50f72bd3f2f1aA FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.
dbc1310afdd15da14c73881539c81b6d75bfa93a15e200bb1094631bd6549cbeRocket.Chat versions prior to 2.1.0 suffer from a cross site scripting vulnerability.
d40bdb82931534076286057f602347f40cff460733e21b45ae5ef31f85d45b1fRed Hat Security Advisory 2019-2947-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMC after March 31, 2020.
b513060a01fe2f7c787e34b88df84100c2e9b556c32fba545de97c5a9cbd6778Red Hat Security Advisory 2019-2949-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a denial of service vulnerability.
bdab73625eed6702880a86fd35af0095fae8c3f7d4f7704061248eabd587b2c4Red Hat Security Advisory 2019-2950-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2, and includes security and bug fixes. Issues addressed include a denial of service vulnerability.
8a36a442363708a65ed4371e7d7752bc871efa82f80284469084d66e5e2852d3Red Hat Security Advisory 2019-2946-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section. Issues addressed include a denial of service vulnerability.
4eb951feb7e67bce17a0a4ed4c8806c235c72bb26a9093e01700c99790c2ed22Red Hat Security Advisory 2019-2945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security fix: If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw, can be used remotely. This can result in a remote denial of service. Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. Issues addressed include buffer overflow and denial of service vulnerabilities.
65efa005dce613e6fb85b5927fedb295eed747c8dc65ef05eb06a65e04687d84Ubuntu Security Notice 4145-1 - It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
d8ef831cccbb75205a0fe90a3bdbf104e78019136be3165a75d091b11d684f97Ubuntu Security Notice 4144-1 - It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
5dd65d9602394aefa348c4338b4b2eb8e342d2c44ad1989c239607e1f8bc53c8The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, the authors analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents.
517f98746fe2867354db4d9e80fb07916b9d1d2b6c386ab280af27aaadc9b848This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant.
28ae33e9b8acc6b5e5cf2cd7d546782a77c489178bc2073d4ed3ffe0a56a2291haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
99aa1996c6e39ea2459cfc37addfb8b1eecc63f3a2b6da9db17b22e76b6851aesqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
0cd67558e07da31d51ef743093e46f4ac7c9ef36b659799caea8638fa0c6035bLibpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump.
635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410WebKit suffers from a universal cross site scripting vulnerability using cached pages.
810dcaa2986bb123c9efd2714f5edbc290f2dfb7d68d466130b7b485e8aa22a1WebKit suffers from a user-agent shadow root leak in WebCore::ReplacementFragment::ReplacementFragment.
09a56fe094145d2f756865c520102b2afca903430fbb77803fd80b9dfa8ad54dWebKit suffers from a universal cross site scripting vulnerability in WebCore::command.
2ab8baa038de751d4ac569e191ed467bb9bad810a92cddd472ed35c8c2f678aaWebKit has an issue where URI and synchronous page loads are susceptible to a universal cross site scripting vulnerability.
75fd846052c0fb1009700c5d9f09694f68aba4180607e47c323de0c95599ba7cDotNetNuke versions prior to 9.4.0 suffer from a cross site scripting vulnerability.
b93ac5debc77532fbbca06f11376dad184cb28103cf7cf3c6ae9af6fbe78fb27kic version 2.4a suffers from a denial of service vulnerability.
f41842cb736ade025f403e5738e91af7e9515435143696e008ccd01e208f7006DameWare Remote Support version 12.1.0.34 SEH buffer overflow exploit.
0401d72f47530522069308304f660bc0f0b9f1a2f59236679cd2eca06e6a38ef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed