what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2019-10-23

Rusty Joomla Unauthenticated Remote Code Execution
Posted Oct 23, 2019
Authored by Alessandro Groppo | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in Joomla version 3.4.6.

tags | exploit, php
SHA-256 | 720d4426d8ea415ac2c89a1ca2663242a08f62d1c096d74f7889e995acc1ccfa
Wireshark Analyzer 3.0.6
Posted Oct 23, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes have been applied.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | a87f4022a0c15ddbf1730bf1acafce9e75a4e657ce9fa494ceda0324c0c3e33e
Solaris xscreensaver Privilege Escalation
Posted Oct 23, 2019
Authored by Marco Ivaldi, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2019-3010
SHA-256 | 61fc2ea992be47242e9913209ccde2e47b80ce69f13985b6c1cff3d42dbfc4cf
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
Posted Oct 23, 2019
Authored by Brendan Coles, Jann Horn, timwr | Site metasploit.com

This Metasploit module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2019-13272
SHA-256 | 072effef6153caac38d664913a4c85d900178cc8a6bc497726bd11fee5a2a0bc
Fujitsu Wireless Keyboard Set LX390 Keystroke Injection
Posted Oct 23, 2019
Authored by Matthias Deeg | Site syss.de

SySS GmbH found out that the wireless desktop set Fujitsu LX390 is vulnerable to keystroke injection attacks as the used data communication is unencrypted and unauthenticated.

tags | advisory
advisories | CVE-2019-18200
SHA-256 | 72e3a8a7ac3d4e50e3972e6d6918be3b7f2b6ca3eca7ea02e00dfe5635e73ab0
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
Posted Oct 23, 2019
Authored by Matthias Deeg | Site syss.de

SySS GmbH found out that the wireless desktop set Fujitsu LX390 does not use encryption for transmitting data packets containing keyboard events like keystrokes.

tags | advisory
advisories | CVE-2019-18201
SHA-256 | 428f12fda63193810aa96ae244938aed4cd7ce68fd0888dd83fb5f74b77cccf2
Fujitsu Wireless Keyboard Set LX390 Replay Attacks
Posted Oct 23, 2019
Authored by Matthias Deeg | Site syss.de

SySS GmbH found out that the wireless keyboard Fujitsu LX390 is prone to replay attacks. An attacker can simply sniff the data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data at will causing the same effect as the original data communication. A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Fujitsu LX390 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded data communication for the password-based user authentication and thereby gets unauthorized access to the victim's system.

tags | advisory
advisories | CVE-2019-18199
SHA-256 | 295b09287826516575c2c41b82ab9bd3db14c75832de107e4dc41a201729e311
WordPress Sliced Invoices 3.8.2 SQL Injection
Posted Oct 23, 2019
Authored by Lucian Ioan Nitescu

WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7af73b3be82ffc714534ece6604b983786cbc3d85da7c07c07b70c88ae2b056e
WordPress Sliced Invoices 3.8.2 Cross Site Scripting
Posted Oct 23, 2019
Authored by Lucian Ioan Nitescu

WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 862e75596dfa0524a979540ab935799c6b032addb7d4fe5b86a007690fe956f4
Kernel Live Patch Security Notice LSN-0058-1
Posted Oct 23, 2019
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846
SHA-256 | 5442de6a129171e9103a7acd9d861ab0fda6074505e32a4ad08db9df45b30c61
Red Hat Security Advisory 2019-3193-01
Posted Oct 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3193-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764
SHA-256 | c066b11b51d4b6ada70cb181d5dfb0b130c0429362551b4df1e9ee37addc3307
Red Hat Security Advisory 2019-3187-01
Posted Oct 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3187-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. BR/EDR encryption key negotiation attacks were addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9506
SHA-256 | db2b81f011a68ae0d68852de4c21786ec0bf75a118114b59ed22e14208010887
Ubuntu Security Notice USN-4162-2
Posted Oct 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4162-2 - USN-4162-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-21008, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902, CVE-2019-15918
SHA-256 | a8a09508e2d243ad7c849b55cb109f6c7f0aab08c2af289f59cfc77cbf683dc2
Slackware Security Advisory - mozilla-firefox Updates
Posted Oct 23, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903
SHA-256 | f7f527b29f8543776ff99d7a6d581ab08d43b05404ef93897f1a7728c884d2f7
Ubuntu Security Notice USN-4163-2
Posted Oct 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4163-2 - USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902
SHA-256 | 53e52d858b375dc759da8d71940b9a74799ef2429cb268bda52182f86a67c27c
IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path
Posted Oct 23, 2019
Authored by Sainadh Jamalpur

IObit Uninstaller version 9.1.0.8 suffers from an IObitUnSvr unquoted service path vulnerability.

tags | exploit
SHA-256 | f551a6b4b9009d2ff3f816cd6d77e89d7bbbb1ea991380adfbaeaadf4b538bef
Rocket.Chat 2.1.0 Cross Site Scripting
Posted Oct 23, 2019
Authored by 3H34N

Rocket.Chat version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-17220
SHA-256 | ac733a335a493d27656586a910398bfb94e6aef3ce4a22c9de4f99112440c929
Moxa EDR-810 Command Injection / Information Disclosure
Posted Oct 23, 2019
Authored by RandoriSec

Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2019-10963, CVE-2019-10969
SHA-256 | 93e38fc3569bee3955b056de09b84048ae4fb87e813b1c03a73b32bcd0449b36
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close