exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2019-11-14

FusionPBX Operator Panel exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles, Dustin Cobb | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11409
MD5 | 8371c066836fe4c5336f32a7b5aa18d5
FusionPBX Command exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, shell, php
systems | linux, ubuntu
MD5 | f85a37b65def4dd691f01bcc8dc57001
FreeSWITCH Event Socket Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).

tags | exploit, local, tcp
systems | linux, windows, ubuntu, 7
MD5 | fabd4afa284981bdc1c471d62f81d23a
Ubuntu shiftfs refcount Underflow / Type Confusion
Posted Nov 14, 2019
Authored by Jann Horn, Google Security Research

Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.

tags | exploit, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-15793
MD5 | 0997e77626bf20fe372537310c94c69f
Ubuntu Security Notice USN-4192-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4192-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-12974, CVE-2019-12978, CVE-2019-13295, CVE-2019-13304, CVE-2019-13308, CVE-2019-13391, CVE-2019-15140, CVE-2019-16711
MD5 | ecdb1a346e29876aa64e3ec34325e2a1
Red Hat Security Advisory 2019-3883-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3883-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
MD5 | 27d3a1e6a923397522bdbc68da9f6f9d
Ubuntu Security Notice USN-4191-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4191-1 - It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Sergej Schumilo, Cornelius Aschermann and Simon Woerner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378, CVE-2019-15890
MD5 | 8e7f58665c8a2c50a4d016d2bdb10d3a
Ubuntu Security Notice USN-4191-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4191-2 - USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378, CVE-2019-15890
MD5 | 08f7e0e6b2e4c5fc716d75fd51174222
Ubuntu Security Notice USN-4186-3
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4186-3 - USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-16746, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666, CVE-2019-2215
MD5 | 35657c491a35b8937950f7a7a72bcfec
Red Hat Security Advisory 2019-3878-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3878-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
MD5 | 718e1370bc4044cd4a17b3d033e41e52
Ubuntu Security Notice USN-4185-3
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4185-3 - USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666
MD5 | 48c055fdc23ec8eaea074849871aa586
Ubuntu Security Notice USN-4183-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4183-2 - USN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15791, CVE-2019-15792, CVE-2019-15793, CVE-2019-16746, CVE-2019-17666
MD5 | 63968a584ee33d219857ed9bdd445938
Ubuntu Security Notice USN-4184-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4184-2 - USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-15791, CVE-2019-15792, CVE-2019-15793, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666
MD5 | 729df00f6313e1ee60a63c8d339f79f4
Red Hat Security Advisory 2019-3877-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3877-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
MD5 | f21f10f2c3738e1898e5be0695eed6d3
Red Hat Security Advisory 2019-3872-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
MD5 | c8e77457b393b8584c9d98eb58dbc0b9
Red Hat Security Advisory 2019-3770-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3770-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the oauth-server container image for Red Hat OpenShift Container Platform 4.2.4. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2019-3889
MD5 | 03372543ae393c4bce603b4572384765
Red Hat Security Advisory 2019-3771-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3771-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the golang-github-prometheus-prometheus container image for Red Hat OpenShift Container Platform 4.2.4. A cross site scripting issue was addressed.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2019-10215
MD5 | 0caefec9ef6b92b644544d0c746a7448
Red Hat Security Advisory 2019-3873-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3873-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
MD5 | 4599f88f933a2f38eded08c713292d2d
Ubuntu Security Notice USN-4190-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4190-1 - It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-14498, CVE-2018-19664, CVE-2018-20330, CVE-2019-2201
MD5 | a20a9a6262901f9026a8e9c9415d7387
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
Posted Nov 14, 2019
Authored by Noman Riffat

Xfilesharing versions 2.5.1 and below suffer from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
advisories | CVE-2019-18951, CVE-2019-18952
MD5 | 32664407095a4d5b51c0c8904cda9172
oXygen XML Editor 21.1.1 XML Injection
Posted Nov 14, 2019
Authored by Pablo Santiago

oXygen XML Editor version 21.1.1 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 549afa7c4c23bb4c69a0b03fd6faca04
SMPlayer 19.5.0 Buffer Overflow / Denial Of Service
Posted Nov 14, 2019
Authored by Malav Vyas

SMPlayer version 19.5.0 suffers from a buffer overflow vulnerability that can trigger a denial of service condition.

tags | exploit, denial of service, overflow
MD5 | 70be75c4db514980714749fa4e8570fe
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close