exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2019-12-10

vBulletin 5.5.4 Remote Command Execution
Posted Dec 10, 2019
Authored by mekhalleh | Site metasploit.com

This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.

tags | exploit, remote
advisories | CVE-2019-16759
SHA-256 | 326f81b545fe8313bbeed2d318b0e0e5050341b5d04a71833263a320f03d34af
Zeek 3.0.1
Posted Dec 10, 2019
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release addresses a performance regression in JSON logging along with various other bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 79f4f3efd883c9c2960295778dc290372d10874380fd88450271652e829811d2
CA Nolio 6.6 Arbitrary Code Execution
Posted Dec 10, 2019
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Nolio (Release Automation) in the DataManagement component. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA published a solution to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to insecure deserialization. A remote attacker may execute arbitrary commands by exploiting insecure deserialization through the DataManagement service.

tags | advisory, remote, arbitrary
advisories | CVE-2019-19230
SHA-256 | 314bbacc567ea848f967938952b1812d54c37c90a86c36a1035c553b80e17251
DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18345
SHA-256 | 1e3247ffa05b66e23aff44c536006d5a44e2b777e35efc4ecb47cde012955385
DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-18346
SHA-256 | 3ba72e73d7da8d7cd6dc3b23935358e19e8957232d7f94a98c4abe2260bcd352
DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting
Posted Dec 10, 2019
Authored by Rick Verdoes

DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18347
SHA-256 | d21fe829dfa49ef5635cecda3ecc3586cb8e1642ac384bf9cc8577a4fdf451d2
Ubuntu Security Notice USN-4202-2
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4202-2 - USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2019-11755, CVE-2019-11761, CVE-2019-15903
SHA-256 | 0508b25ed86166d9e8ad492da3dab33c26ea8d976fc0c2aaea774bea64b55912
Debian Security Advisory 4581-1
Posted Dec 10, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4581-1 - Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, CVE-2019-1387, CVE-2019-19604
SHA-256 | bd5bc206398f2c858236193f8d1423d0d7c13056efb639821dc47e007a0886b1
Ubuntu Security Notice USN-4220-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4220-1 - Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-1348, CVE-2019-1352, CVE-2019-19604
SHA-256 | b64faada40f1690c47afbe84c01e70a9543d9ba15bee65587867f07241e09abb
Red Hat Security Advisory 2019-4195-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4195-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012
SHA-256 | 647ee1916f058f5ff82d7aa09485987261a83061924b86719d9af91c8506243e
Ubuntu Security Notice USN-4219-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4219-1 - It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14889
SHA-256 | 4431479b354d66fc022ba565aef23c5e5b290bf3be3039210d70f2110572a75b
Red Hat Security Advisory 2019-4190-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4190-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services libraries. An out-of-bounds write vulnerability was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11729, CVE-2019-11745
SHA-256 | c6309421d9f435509de27d878786d1b1be6de862683ea853d6042b272f929b5f
Red Hat Security Advisory 2019-4192-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4192-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-17531
SHA-256 | a8181d462928088e6908d3b9b6101794c0c839e1ee9f99c58e49ad2791503822
TOR Virtual Network Tunneling Tool 0.4.2.5
Posted Dec 10, 2019
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This is the first stable release in the 0.4.2.x series. This series improves reliability and stability, and includes several stability and correctness improvements for onion services. It also fixes many smaller bugs present in previous series.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 4d5975862e7808faebe9960def6235669fafeeac844cb76965501fa7af79d8c2
Apache Olingo OData 4.6.x XML Injection
Posted Dec 10, 2019
Authored by Archibald Haddock

Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-17554
SHA-256 | d75945c0ef25d01e09b20bc238efc4643956f6efcb9ef7c60c5a3616439af4af
Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.

tags | exploit
SHA-256 | f1d5a23a767ec52a68545eb2ad5dc16b6827f7848f56e42399c0f89afd658373
Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 1ad1213e3c36af824a6cc1d43d296b476e47ee91265834d4a0555e2d6041df73
Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root
Posted Dec 10, 2019
Authored by LiquidWorm | Site zeroscience.mk

Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.

tags | exploit, remote, root
SHA-256 | 02c053f6ab4d3da0f1fb70f85395b573cbb106c385b0a94a6e03e831fbf60634
WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting
Posted Dec 10, 2019
Authored by Simon Moser | Site syss.de

WordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-19198
SHA-256 | dc1aa291b8bb0d98f7ee64b5239ae8996dfeff75588abfd2a7215d862ff5bbde
Red Hat Security Advisory 2019-4191-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
SHA-256 | df393d115db17ca7d5cc58fa98739292787d64b5fecc9f8dca94ee94518febfe
Ubuntu Security Notice USN-4218-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4218-1 - Jakub Wilk discovered that GNU C incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6485
SHA-256 | df29784494505674a7e15ef613cb7906a0da073196456b4142c72d4f22417fa7
Ubuntu Security Notice USN-4217-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4217-1 - Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-14861, CVE-2019-14870
SHA-256 | 51b01c1767b0bdb132c8d865c0a4fae6ca8ba99c8b662d627473d2bc026ba909
Red Hat Security Advisory 2019-4168-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4168-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2019-9500
SHA-256 | 1a1691787b85ce9ab25f75a1ac2e3bcc905d125a5f1987cb3749d4a099331280
Red Hat Security Advisory 2019-4171-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4171-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2019-9500
SHA-256 | 5caa21595d3f56f297935aeb707637a6b5e43535f4e7bd845f2c08d75fa892f1
Red Hat Security Advisory 2019-4152-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4152-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write vulnerability has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11745
SHA-256 | d80f57e0335040e0050c95d5478f05c4687da2e6759b7d28e50f46b374ae3bac
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close