what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 18 of 18

Files Date: 2019-11-08

Chrome Site Isolation Bypass / File Disclosure

Posted Nov 8, 2019

Authored by Google Security Research, Glazvunov

The Chrome Payment Handler API suffers from site isolation bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability

SHA-256 | 5422de00f3ad840d3ddaf47ca01135dd9a83ecda77339b7267b4ed4026c4879c

Download | Favorite | View

WebKitGTK+ / WPE WebKit Code Execution / XSS

Posted Nov 8, 2019

Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from code execution, universal cross site scripting, and memory corruption vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, code execution, xss

advisories | CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823

SHA-256 | e942f161feb7c2ca30eb995ee4e9dcd5afccf820c672b47f99da8302c18074e6

Download | Favorite | View

Nextcloud 17 Cross Site Request Forgery

Posted Nov 8, 2019

Authored by Ozer Goker

Nextcloud 17 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf

SHA-256 | 5d7ad910ebcb331b42c05229483f3f723e71af0993c760c2101684d39ad7a00d

Download | Favorite | View

Jira Service Desk Server / Data Center Path Traversal

Posted Nov 8, 2019

Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion

advisories | CVE-2019-15003, CVE-2019-15004

SHA-256 | 7080e92a97a87f926d87df454a396848f9491f786060cbd25b9c83577cc2efa3

Download | Favorite | View

Adive Framework 2.0.7 Privilege Escalation

Posted Nov 8, 2019

Authored by Pablo Santiago

Adive Framework version 2.0.7 suffers from a privilege escalation vulnerability.

tags | exploit

advisories | CVE-2019-14347

SHA-256 | 0b20e4720adf1f6ea10e606db63013c37e4d431350c204169cb32136beb923e0

Download | Favorite | View

Slackware Security Advisory - Slackware 14.2 kernel Updates

Posted Nov 8, 2019

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.

tags | advisory, kernel

systems | linux, slackware

advisories | CVE-2016-10905, CVE-2016-10906, CVE-2018-20976, CVE-2019-10638, CVE-2019-14814, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-15098, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-16746, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17075, CVE-2019-17133, CVE-2019-2215, CVE-2019-3900

SHA-256 | bf62eae52a9e8701d96b669a2f1dc34dbcad875c47ff666c8f00d6add34b28a7

Download | Favorite | View

Debian Security Advisory 4561-1

Posted Nov 8, 2019

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4561-1 - Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in denial of service or potentially the execution of arbitrary code, when processing a large number of unicode isolate directional characters.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, debian

advisories | CVE-2019-18397

SHA-256 | 5fccf8379646032d9d2350ccc915e6b5645abbc025cac588a1e2a172f9f3b601

Download | Favorite | View

Ubuntu Security Notice USN-4179-1

Posted Nov 8, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4179-1 - Alex Murray discovered a stack-based buffer overflow when handling a large number of unicode isolate directives. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, ubuntu

advisories | CVE-2019-18397

SHA-256 | a64a3540d6115694264002f126e106dce0143b168f7c9e79d0e8f4245c44fcf5

Download | Favorite | View

Gentoo Linux Security Advisory 201911-04

Posted Nov 8, 2019

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201911-4 - Multiple information disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2t are affected.

tags | advisory, vulnerability, info disclosure

systems | linux, gentoo

advisories | CVE-2019-1547, CVE-2019-1563

SHA-256 | d0d2808bdb7b5e21d54dc5b11536556321445e4a171cd058a9f69980dbaca635

Download | Favorite | View

Gentoo Linux Security Advisory 201911-03

Posted Nov 8, 2019

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201911-3 - Multiple vulnerabilities have been found in Oniguruma, the worst of which could result in the arbitrary execution of code. Versions less than 6.9.3 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2019-13224, CVE-2019-13225

SHA-256 | ad8c3a8f3538270fa6278c5d84ad7b774902fd2be0fced00e9669cc6439d6c91

Download | Favorite | View

Gentoo Linux Security Advisory 201911-02

Posted Nov 8, 2019

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201911-2 - A buffer overflow in pump might allow remote attacker to execute arbitrary code. Versions less than or equal to 0.8.24-r4 are affected.

tags | advisory, remote, overflow, arbitrary

systems | linux, gentoo

SHA-256 | e74b397cbbff9d90abe7ca586c18a093151fd1982553545d961f06ea0c2af15d

Download | Favorite | View

Gentoo Linux Security Advisory 201911-01

Posted Nov 8, 2019

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201911-1 - An integer overflow in OpenSSH might allow an attacker to execute arbitrary code. Versions greater than or equal to 8.0_p1-r2 are affected.

tags | advisory, overflow, arbitrary

systems | linux, gentoo

advisories | CVE-2019-16905

SHA-256 | 115ff5b35f7f50020a10f2f6c2b4113e967c92feaf22dc2a4cfb9bbc7a1269b8

Download | Favorite | View

Red Hat Security Advisory 2019-3812-01

Posted Nov 8, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3812-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the cri-o RPM package for Red Hat OpenShift Container Platform 3.9.102. A credential disclosure issue was addressed.

tags | advisory

systems | linux, redhat

advisories | CVE-2019-10214

SHA-256 | 1877937d9143576c4a341e405f0fd211c15774c574a24986f01ffcd2fd505e55

Download | Favorite | View

Red Hat Security Advisory 2019-3813-01

Posted Nov 8, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3813-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the mediawiki123 RPM package for Red Hat OpenShift Container Platform 3.9.102. Issues addressed include a bypass vulnerability.

tags | advisory, bypass

systems | linux, redhat

advisories | CVE-2018-0503, CVE-2018-0504, CVE-2018-0505

SHA-256 | 947e884a3c1d00dac4f45d6a7e850e417239e1ba98ea54375843401352229ebc

Download | Favorite | View

Red Hat Security Advisory 2019-3811-01

Posted Nov 8, 2019

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3811-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.9.102. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability

systems | linux, redhat

advisories | CVE-2019-10150, CVE-2019-11249, CVE-2019-11251, CVE-2019-11253

SHA-256 | 723c4654df1e079c4d0af35656d5bfe62d7462e1e10ac16066f97a336297f61e

Download | Favorite | View

SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path

Posted Nov 8, 2019

Authored by Carlos A Garcia R

SolarWinds Kiwi Syslog Server version 8.3.52 suffers from a Kiwi Syslog Service unquoted service path vulnerability.

tags | exploit

SHA-256 | 999eaddcb4e8329c989ef5af84103f428227682c7a270f26b8316e92f53b8615

Download | Favorite | View

Ubuntu Security Notice USN-4178-1

Posted Nov 8, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4178-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss

systems | linux, ubuntu

advisories | CVE-2019-8625

SHA-256 | f2f51e6f6aff61cabe9f4760ca0601530d7ae684208e4d7b7228314e65a945f5

Download | Favorite | View

Jenkins Build-Metrics 1.3 Cross Site Scripting

Posted Nov 8, 2019

Authored by vesche

Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2019-10475

SHA-256 | d418e19ba81cb0adbe7e003d7fa890804d64f4a2cbb72d771a4bdb298fb673cb

Download | Favorite | View