what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2019-12-18

Posted Dec 18, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: GRR server debian package now has to be installed on Ubuntu 18. UpdateClient flow fixed for Ubuntu clients. A number of bugfixes and minor enhancements for YARA memory scanning.
tags | tool, remote, web, forensics
systems | unix
MD5 | 7df8bc2c0ab8d2e194c383c9d4df7169
Wireshark Analyzer 3.2.0
Posted Dec 18, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: This is the last release branch with official support for Windows 7 and Windows Server 2008 R2. Many improvements have been made.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 259915adbbaded15de075afe7b4b03b6
Microsoft UPnP Local Privilege Elevation
Posted Dec 18, 2019
Authored by bwatters-r7, hoangprod, NCC Group | Site metasploit.com

This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first (CVE-2019-1405) uses the UPnP Device Host Service to elevate to NT AUTHORITY\LOCAL SERVICE. The second (CVE-2019-1322) leverages the Update Orchestrator Service to elevate from NT AUTHORITY\LOCAL SERVICE to NT AUTHORITY\SYSTEM.

tags | exploit, local, vulnerability
advisories | CVE-2019-1322, CVE-2019-1405
MD5 | 8771710762dc8716de0e038c77c98625
Red Hat Security Advisory 2019-4317-01
Posted Dec 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4317-01 - The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2019-10086
MD5 | a105d653a9c0c5077cc8b21d58647ec3
macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free
Posted Dec 18, 2019
Authored by Google Security Research, bazad

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges.

tags | exploit, kernel, root
systems | bsd
MD5 | cba1e82afa4ec28fd0073d6cfded8a11
Telerik UI Remote Code Execution
Posted Dec 18, 2019
Authored by Markus Wulftange, Paul Taylor, Bishop Fox | Site know.bishopfox.com

The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.

tags | exploit, remote, arbitrary, code execution, asp
advisories | CVE-2019-18935
MD5 | 725661dfbd6f55841367cc547d0ba030
Rumpus FTP Web File Manager Cross Site Scripting
Posted Dec 18, 2019
Authored by Sudeepto Roy, Harshit Shukla

Rumpus FTP Web File Manager version suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
advisories | CVE-2019-19368
MD5 | e8cd7b0d4d80042cf785c07043e43423
AVS Audio Converter 9.1 Buffer Overflow
Posted Dec 18, 2019
Authored by ZwX

AVS Audio Converter version 9.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a522adc354931a00881800e12aa81c3a
XnView 2.49.1 Denial Of Service
Posted Dec 18, 2019
Authored by ZwX

XnView version 2.49.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 63dd00a949211632e6bbbad6f97a6254
Debian Security Advisory 4588-1
Posted Dec 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4588-1 - It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a denial-of-service.

tags | advisory, remote, python
systems | linux, debian
advisories | CVE-2019-14853, CVE-2019-14859
MD5 | c75947eccd87f36e857a849b2103b4ac
Ubuntu Security Notice USN-4223-1
Posted Dec 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4223-1 - Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2019-2894, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2975, CVE-2019-2977, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999
MD5 | 7c8115a6198c52530eaa647fbdfc5290
Page 1 of 1

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By