exploit the possibilities
Showing 1 - 25 of 30 RSS Feed

Files Date: 2019-12-10

vBulletin 5.5.4 Remote Command Execution
Posted Dec 10, 2019
Authored by mekhalleh | Site metasploit.com

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.

tags | exploit, remote
advisories | CVE-2019-16759
MD5 | 12d01f78d7c81ffd50f6373629755cb8
Zeek 3.0.1
Posted Dec 10, 2019
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release addresses a performance regression in JSON logging along with various other bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | 8067e609e8ac988131505f1d7da9c348
CA Nolio 6.6 Arbitrary Code Execution
Posted Dec 10, 2019
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Nolio (Release Automation) in the DataManagement component. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA published a solution to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to insecure deserialization. A remote attacker may execute arbitrary commands by exploiting insecure deserialization through the DataManagement service.

tags | advisory, remote, arbitrary
advisories | CVE-2019-19230
MD5 | 9248904c6a72fc2220b9a25d486cb249
DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18345
MD5 | 106d6376bfe42cd1d4a6aa71f7885eaa
DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-18346
MD5 | 71241e8b0dd14c1b51e8708854a79e80
DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18347
MD5 | 168863215252aa9df18b7fb2768cce78
Ubuntu Security Notice USN-4202-2
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2019-11755, CVE-2019-11761, CVE-2019-15903
MD5 | 9fff7c893619a32a00e008fd58151899
Debian Security Advisory 4581-1
Posted Dec 10, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4581-1 - Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, CVE-2019-1387, CVE-2019-19604
MD5 | 138a8c7ad170b8b560c153c2f2dd3395
Ubuntu Security Notice USN-4220-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4220-1 - Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-1348, CVE-2019-1352, CVE-2019-19604
MD5 | 76398bb59611f119d1c7e1fb55b430e6
Red Hat Security Advisory 2019-4195-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4195-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012
MD5 | d0f0239332ac7b4081518284b6f34403
Ubuntu Security Notice USN-4219-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14889
MD5 | 83a46e77959c6c7efba0b0d10a2979bf
Red Hat Security Advisory 2019-4190-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4190-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services libraries. An out-of-bounds write vulnerability was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11729, CVE-2019-11745
MD5 | 971ffb21a61e8977f95fb83f968d8364
Red Hat Security Advisory 2019-4192-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4192-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-17531
MD5 | 54c9f9237e75238330759e67a009a2da
TOR Virtual Network Tunneling Tool 0.4.2.5
Posted Dec 10, 2019
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This is the first stable release in the 0.4.2.x series. This series improves reliability and stability, and includes several stability and correctness improvements for onion services. It also fixes many smaller bugs present in previous series.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | ea9e9078ff2e175332f0095c60284458
Apache Olingo OData 4.6.x XML Injection
Posted Dec 10, 2019
Authored by Archibald Haddock

Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-17554
MD5 | 051e029f16764feddeb7a0590f43de8e
Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.

tags | exploit
MD5 | 04f17bebbbf0986a1f927de3cebd3ef5
Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.

tags | exploit
MD5 | f21751ca54479762c2e2bdb3358bab9d
Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.

tags | exploit, remote, root
MD5 | fa5b04b87f4f1fdd3b909cfc78a8b51d
WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting
Posted Dec 10, 2019
Authored by Simon Moser

WordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-19198
MD5 | e04e112fcfa436f18ef05c4933998c2c
Red Hat Security Advisory 2019-4191-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | b3aa81372e4847ca631a49474175167b
Ubuntu Security Notice USN-4218-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4218-1 - Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6485
MD5 | 4df9b8e164b4384d69d7db1fb19db978
Ubuntu Security Notice USN-4217-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4217-1 - Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-14861, CVE-2019-14870
MD5 | 35c60fc6f144781461cde60315d43abf
Red Hat Security Advisory 2019-4168-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4168-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2019-9500
MD5 | 376ded621b89e5ac3a374fd61c9ec8b1
Red Hat Security Advisory 2019-4171-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4171-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2019-9500
MD5 | 37c23e4c50eda89425f47b99d7f73071
Red Hat Security Advisory 2019-4152-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4152-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write vulnerability has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11745
MD5 | f49183fa76924922724dc8d6b1bcc25a
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close