exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2019-10-23

Rusty Joomla Unauthenticated Remote Code Execution
Posted Oct 23, 2019
Authored by Alessandro Groppo | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in Joomla version 3.4.6.

tags | exploit, php
MD5 | 40a2c7517a1a512236449ed2d7eb3073
Wireshark Analyzer 3.0.6
Posted Oct 23, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes have been applied.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | c6f8d12a3efe21cc7885f7cb0c4bd938
Solaris xscreensaver Privilege Escalation
Posted Oct 23, 2019
Authored by Marco Ivaldi, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2019-3010
MD5 | 6839e7bec0a8edd74031049d0e2ff4f0
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
Posted Oct 23, 2019
Authored by Brendan Coles, Jann Horn, timwr | Site metasploit.com

This Metasploit module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2019-13272
MD5 | a67b52657090e25d42aa370f66e7ca88
Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
Posted Oct 23, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX390 is vulnerable to keystroke injection attacks as the used data communication is unencrypted and unauthenticated.

tags | advisory
advisories | CVE-2019-18200
MD5 | 46f8039bc3143237160c82d81a99144c
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
Posted Oct 23, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX390 does not use encryption for transmitting data packets containing keyboard events like keystrokes.

tags | advisory
advisories | CVE-2019-18201
MD5 | 9da9fdcb531ffd979cce3d19c995049a
Fujitsu Wireless Keyboard Set LX390 Replay Attacks
Posted Oct 23, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless keyboard Fujitsu LX390 is prone to replay attacks. An attacker can simply sniff the data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data at will causing the same effect as the original data communication. A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Fujitsu LX390 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded data communication for the password-based user authentication and thereby gets unauthorized access to the victim's system.

tags | advisory
advisories | CVE-2019-18199
MD5 | ce4fab29d187678de3f4e3aa69d4200f
WordPress Sliced Invoices 3.8.2 SQL Injection
Posted Oct 23, 2019
Authored by Lucian Ioan Nitescu

WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9ded6b959b02e7be9501260e777779e3
WordPress Sliced Invoices 3.8.2 Cross Site Scripting
Posted Oct 23, 2019
Authored by Lucian Ioan Nitescu

WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | df9d4d1e2f545ded8d4d29f70c2d5267
Kernel Live Patch Security Notice LSN-0058-1
Posted Oct 23, 2019
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846
MD5 | aa1b2d5e0e41264715ab20ee76ffa47d
Red Hat Security Advisory 2019-3193-01
Posted Oct 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3193-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764
MD5 | a0eb5cf0c3c7462ccd3b643f896fd32a
Red Hat Security Advisory 2019-3187-01
Posted Oct 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3187-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. BR/EDR encryption key negotiation attacks were addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9506
MD5 | 7ad27ac9c2533b2a01b7657da6d845bf
Ubuntu Security Notice USN-4162-2
Posted Oct 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4162-2 - USN-4162-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-21008, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902, CVE-2019-15918
MD5 | 3e3f2ea22058c41745d3f9b8662322db
Slackware Security Advisory - mozilla-firefox Updates
Posted Oct 23, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
MD5 | fee5e64bc1beffc59874a58428182583
Ubuntu Security Notice USN-4163-2
Posted Oct 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4163-2 - USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902
MD5 | c0aa284e15530090be4397bd622f2915
IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path
Posted Oct 23, 2019
Authored by Sainadh Jamalpur

IObit Uninstaller version 9.1.0.8 suffers from an IObitUnSvr unquoted service path vulnerability.

tags | exploit
MD5 | 084f3207692cb64b3de2525e77497157
Rocket.Chat 2.1.0 Cross Site Scripting
Posted Oct 23, 2019
Authored by 3H34N

Rocket.Chat version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-17220
MD5 | 426408e3c6927553e46c936cb22c498b
Moxa EDR-810 Command Injection / Information Disclosure
Posted Oct 23, 2019
Authored by RandoriSec

Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2019-10963, CVE-2019-10969
MD5 | 44aaabac61169cb9f8674a0c43a2cae6
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close