what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-01-14

Red Hat Security Advisory 2020-0103-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0103-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-18281, CVE-2018-20856, CVE-2019-11599, CVE-2019-6974
MD5 | 05272a2469b0aa357075df89b291c39a
Packet Fence 9.3.0
Posted Jan 14, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Massively improved web admin performance. Fixed eduroam load-balancing issue on local realm. Various other improvements.
tags | tool, remote
systems | unix
MD5 | 13e080f343f11f19937fc662439042c5
Barco WePresent file_transfer.cgi Command Injection
Posted Jan 14, 2020
Authored by Jacob Baines | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.

tags | exploit, remote, web, cgi
advisories | CVE-2019-3929
MD5 | 9bf16d3b24df38008118d2a86f469b2e
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
Posted Jan 14, 2020
Authored by Ramella Sebastien, Project Zero India | Site metasploit.com

This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.

tags | exploit, arbitrary
advisories | CVE-2019-19781
MD5 | 4ddb7070438e963bf4a9bf8ddfe94f31
OpenSCAP Libraries 1.3.2
Posted Jan 14, 2020
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Offline mode support for environmentvariable58 probe. Improved support of multi-check rules (report, remediations, console output). Improved HTML report look and feel, including printed version. Improved a11y of HTML reports and guides. Various other updates and improvements.
tags | protocol, library
systems | unix
MD5 | f5d6f3b7a28a8896d7641ca24ca9d743
Ubuntu Security Notice USN-4238-1
Posted Jan 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4238-1 - It was discovered that SDL_image incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-3977, CVE-2019-12219, CVE-2019-13616
MD5 | 6d8c711414550ce81b98947e161c02f4
Ubuntu Security Notice USN-4236-2
Posted Jan 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4236-2 - USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-13627
MD5 | 05b2cded165fec1375159f7f0dce01e1
IBM RICOH 6400 Printer HTML Injection
Posted Jan 14, 2020
Authored by Ismail Tasdelen

The IBM RICOH 6400 printer suffers from an html injection vulnerability.

tags | exploit
MD5 | 0da4da9685980249a050d2c059b7a61b
Red Hat Security Advisory 2020-0101-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0101-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-16276, CVE-2019-17596
MD5 | 4bf83a96c37be3518baf4023b68b44d1
Red Hat Security Advisory 2020-0100-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0100-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-18281, CVE-2018-20856, CVE-2019-11599
MD5 | c7e5a02c23dbfd583473988c79c2a082
Redir 3.3 Denial Of Service
Posted Jan 14, 2020
Authored by hieubl

Redir version 3.3 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 613739db8c2343215f9e213d7ec70e38
Bitdefender Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
MD5 | 9ef57e4723299740f953c5176cce48f3
Bitdefender Generic Malformed Archive Bypass
Posted Jan 14, 2020
Authored by Thierry Zoller

The Bitdefender parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (Compressed Size) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating. All Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019 are affected.

tags | advisory, virus
MD5 | c3051127930c29478cb249b21d1022b1
Red Hat Security Advisory 2020-0020-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0020-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where schema info was written with world-writeable permissions when cached.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11244
MD5 | 3e29c3a3c40c79b2335dd49bdd3246aa
Sagemcom Fast 3890 Remote Code Execution
Posted Jan 14, 2020
Authored by Lyrebirds

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.

tags | exploit, overflow, shell, tcp
MD5 | 198aa336f424b90404d0e070fba143a2
WordPress 5.3 Denial Of Service
Posted Jan 14, 2020
Authored by Rory M | Site labs.arcturus.net

WordPress is vulnerable to denial of service by abusing XMLRPC API. The system.multicall function lets you batch other API calls. Another API function is pingback.ping, which makes WordPress make a connection out to another site. If you batch a few thousand pingback.ping requests using the multicall feature, you can exhaust a variety of different resources on the server. This PoC will eat through Apache2's worker threads and will also make MySQL eat up more CPU and mem, possibly knocking over low-RAM VPS instances.

tags | exploit, denial of service
MD5 | e76155a9ead0e0c59c99fdc87fabcc7a
IBM RICOH InfoPrint 6500 Printer HTML Injection
Posted Jan 14, 2020
Authored by Ismail Tasdelen

The IBM RICOH InfoPrint 6500 printer suffers from an html injection vulnerability.

tags | exploit
MD5 | 049b79cdf3ea552506a7fe1443ae2e1b
VPN Unlimited 6.1 Unquoted Service Path
Posted Jan 14, 2020
Authored by Amin Rawah

VPN Unlimited version 6.1 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 45282f58bcb5021c967516d6ba143266
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close