what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2020-01-07

Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key
Posted Jan 7, 2020
Authored by Andrew Klaus

Fortinet FortiSIEM has a hard-coded SSH public key for user "tunneluser" which is the same between all installs. An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor. The unencrypted key is also stored inside the FortiSIEM image. While the user's shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds. Versions 5.2.5 and 5.2.6 have been verified as vulnerable.

tags | exploit, shell
SHA-256 | 2c28af53eba7e337d89352df4d65040bfaf3d030410b0fb0308bd4147ae2c358
MikroTik RouterOS Memory Corruption / Failed Assertion
Posted Jan 7, 2020
Authored by Qian Chen

MikroTik RouterOS versions prior to 6.44.6 suffer from memory corruption and assertion failure vulnerabilities.

tags | advisory, vulnerability
SHA-256 | b9e283a6208f56a952f99e2174e47221c663e9cd7c8f17571ff9c7c8eeb5c785
Job Portal 1.0 Shell Upload
Posted Jan 7, 2020
Authored by Tib3rius

Job Portal version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 990266f7ac1dfb9a6d75e38471a5897efa8f177cefb67f964662b161bb086756
Dairy Farm Shop Management System 1.0 Cross Site Scripting
Posted Jan 7, 2020
Authored by Chris Inzinga

Dairy Farm Shop Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-5308
SHA-256 | 26aa096418d56951ebe4e9aeaec482580d138834b0f1e2c3c214a96c57d10d7f
Dairy Farm Shop Management System 1.0 SQL Injection
Posted Jan 7, 2020
Authored by Chris Inzinga

Dairy Farm Shop Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6f1d6a66183cb8c3179889b0f7e4b825a1c7de24392ee460910d1f2252041750
piSignage 2.6.4 Directory Traversal
Posted Jan 7, 2020
Authored by JunYeong Ko

piSignage version 2.6.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-20354
SHA-256 | 299d2aa52bc5446e014af68cf50cf420cb0a9f36d8d70b087690f67c10a906c3
Red Hat Security Advisory 2020-0046-01
Posted Jan 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0046-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. Issues addressed include deserialization and null pointer vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2019-17631, CVE-2019-2945, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2996, CVE-2019-2999
SHA-256 | 7afc9a0d7aac85fc76e9e8bed71610847e2271baa85e26dc197531371f68b7f0
Red Hat Security Advisory 2020-0036-01
Posted Jan 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0036-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-0861, CVE-2017-10661, CVE-2018-10853, CVE-2018-18281, CVE-2019-11810, CVE-2019-11811
SHA-256 | 1e0f0fd70b306e09392d1b9748151af1a86a0d713f765efd696043bf2e820c1d
Slackware Security Advisory - mozilla-firefox Updates
Posted Jan 7, 2020
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 0953c59b401a7153760f5c8e755e8bdb6adf55114c5927bdcd58b18bc0471891
Ubuntu Security Notice USN-4228-1
Posted Jan 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4228-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-14895, CVE-2019-18660, CVE-2019-19052, CVE-2019-19524, CVE-2019-19534
SHA-256 | a3e4222fc7e06b89b4de61d6570f14345fef41adaf9b37a34001a797f38b4886
Ubuntu Security Notice USN-4227-1
Posted Jan 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4227-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-14895, CVE-2019-16231, CVE-2019-16233, CVE-2019-18660, CVE-2019-19045, CVE-2019-19052, CVE-2019-19083, CVE-2019-19524, CVE-2019-19529, CVE-2019-19534, CVE-2019-19807
SHA-256 | 71d1c0d0efeddafd12756dac5e91430c22d3570696bd238daf8fcc8b8965494a
Ubuntu Security Notice USN-4226-1
Posted Jan 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4226-1 - Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-10220, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214
SHA-256 | 39575de5b2f924406650b6da561fc6af020f2015cd3e538ab41586df07456031
Ubuntu Security Notice USN-4225-1
Posted Jan 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4225-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2019-14895, CVE-2019-16231, CVE-2019-18660, CVE-2019-18813, CVE-2019-19044, CVE-2019-19045, CVE-2019-19047, CVE-2019-19051, CVE-2019-19052, CVE-2019-19055, CVE-2019-19072, CVE-2019-19524, CVE-2019-19529, CVE-2019-19534, CVE-2019-19807
SHA-256 | a5849344e6b55b6061edfe1acacaf489846dcccb142eac960ed55b5351f9ba1e
Complaint Management System 4.0 Remote Code Execution
Posted Jan 7, 2020
Authored by Metin Yunus Kandemir

Complaint Management System version 4.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7b0aa980a77d3f44b50de965bfd78bcc8506a9e151f332e040c46eef55d76f21
AnyDesk 5.4.0 Unquoted Service Path
Posted Jan 7, 2020
Authored by sajjadbnd

AnyDesk version 5.4.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 62090ba341933c40d0dc9dd54aee9204f33bb8cbb14e053aaddb67a06914c164
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close