what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-01-14

Red Hat Security Advisory 2020-0103-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0103-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-18281, CVE-2018-20856, CVE-2019-11599, CVE-2019-6974
SHA-256 | fcb90197bf847c6ebafd82de864d910086dc1d311169e67eb45ec1ca8f2ab402
Packet Fence 9.3.0
Posted Jan 14, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Massively improved web admin performance. Fixed eduroam load-balancing issue on local realm. Various other improvements.
tags | tool, remote
systems | unix
SHA-256 | d35ea155a6c94161743e443b6727e8115d4238a5f423584fbeea100c0b01007b
Barco WePresent file_transfer.cgi Command Injection
Posted Jan 14, 2020
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

tags | exploit, remote, web, cgi
advisories | CVE-2019-3929
SHA-256 | 30e838ce81c07ffc6eb59ae667a49dfa96e48b0d99660dc1f80dedd7f8c19b0b
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
Posted Jan 14, 2020
Authored by Ramella Sebastien, Project Zero India | Site metasploit.com

This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.

tags | exploit, arbitrary
advisories | CVE-2019-19781
SHA-256 | 0f0c8e65ca7fee56037d7ddffc1e77aeffb0987b8111f2b772dbffe0b1b1fb89
OpenSCAP Libraries 1.3.2
Posted Jan 14, 2020
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Offline mode support for environmentvariable58 probe. Improved support of multi-check rules (report, remediations, console output). Improved HTML report look and feel, including printed version. Improved a11y of HTML reports and guides. Various other updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | aa6036f5b4af90867f5ef6b388b50c75aadb110d0e7c1ecb583e6861f997cf20
Ubuntu Security Notice USN-4238-1
Posted Jan 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4238-1 - It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-3977, CVE-2019-12219, CVE-2019-13616
SHA-256 | cc8641972a152329c899361963ae7b70c6a01af1111373d086a5ffacd3729617
Ubuntu Security Notice USN-4236-2
Posted Jan 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4236-2 - USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-13627
SHA-256 | 1f61d26f6cb6c274b90d78435080b9439ecd8f4e06246022da88999a9353e124
IBM RICOH 6400 Printer HTML Injection
Posted Jan 14, 2020
Authored by Ismail Tasdelen

The IBM RICOH 6400 printer suffers from an html injection vulnerability.

tags | exploit
SHA-256 | f70121eb8cf76d671f90a09e39af35a6b6c7f6265e80e9a3975a5335a52ea8c3
Red Hat Security Advisory 2020-0101-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0101-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-16276, CVE-2019-17596
SHA-256 | 8cd12115c567905aa4b28d5729c79d46fafeb7f25be5b5a0d00d778b99dde612
Red Hat Security Advisory 2020-0100-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0100-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-18281, CVE-2018-20856, CVE-2019-11599
SHA-256 | a496efe6c540f0dbcf5379a134ce5b2024588daefb242c5104a38024a949a636
Redir 3.3 Denial Of Service
Posted Jan 14, 2020
Authored by hieubl

Redir version 3.3 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 00d5955211f767c5499b874efae44de1cd74477881c9f5012ee51d4851b2a8cf
Bitdefender Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
SHA-256 | 56d047fd1371cddc803a7c6831bbb28724f403134f3ad701d0d1f2b2b8a12b6d
Bitdefender Generic Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
SHA-256 | 1ee5d2c1f340adcecb8d86ba987e2df0e0cc93d8618945a14a6393943bdd41ce
Red Hat Security Advisory 2020-0020-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0020-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where schema info was written with world-writeable permissions when cached.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11244
SHA-256 | 0804c4b61d9a57ef11cefb8ba8cca763650c38b22bb5201d8d702612d6b71eec
Sagemcom Fast 3890 Remote Code Execution
Posted Jan 14, 2020
Authored by Lyrebirds

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.

tags | exploit, overflow, shell, tcp
SHA-256 | 658e656e50297dc9328be51b95fa17458c6d29e74f2464a318d0eabe41049aa0
WordPress 5.3 Denial Of Service
Posted Jan 14, 2020
Authored by Rory M | Site labs.arcturus.net

WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.

tags | exploit, denial of service
SHA-256 | 6c6fe7a9f5127e081592602ad3e160fb880556efc026bfde16f893df42e1b79d
IBM RICOH InfoPrint 6500 Printer HTML Injection
Posted Jan 14, 2020
Authored by Ismail Tasdelen

The IBM RICOH InfoPrint 6500 printer suffers from an html injection vulnerability.

tags | exploit
SHA-256 | 9f33416e6eedfdf26e4663cd809bf3fb58700a9dc539583ca08385cc217abf41
VPN Unlimited 6.1 Unquoted Service Path
Posted Jan 14, 2020
Authored by Amin Rawah

VPN Unlimited version 6.1 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 7df4b2d0315103092ca9a6d5be14d0ab9e752bda4abc8824b66326f0ca1d4f29
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close