exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2020-01-15

SunOS 5.10 Generic_147148-26 Local Privilege Escalation
Posted Jan 15, 2020
Authored by Marco Ivaldi

SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
SHA-256 | aa916b476c438bad08b7aea8b01a918e991d3830378d96635e1586a0f7f2b220
WordPress Postie 1.9.40 Cross Site Scripting
Posted Jan 15, 2020
Authored by V1n1v131r4

WordPress Postie plugin versions 1.9.40 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-20204
SHA-256 | 45896cdfc90f871562bc93f05d2a7c31d959513fee7c36bcfe6274babb4f439c
Ubuntu Security Notice USN-4235-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-20372
SHA-256 | f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcd
Ubuntu Security Notice USN-4221-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4221-2 - USN-4221-1 fixed a vulnerability in libpcap. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-15165
SHA-256 | 233f1be15f4e552158f7602a8ce01d3d2499e4dfa07ebec1c306fe4ca99be687
Ubuntu Security Notice USN-4239-1
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4239-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11045, CVE-2019-11046
SHA-256 | 2e67ae92ce3f7e96cb1d36672d0bd1780ed4a26d793bece65056fc77ec88d7d9
Ubuntu Security Notice USN-4237-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4237-2 - USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-11805, CVE-2019-12420
SHA-256 | 9dbb5dda31343b000adf3701f9f753a0885b0533c6b250e7096d8479c357f23e
Debian Security Advisory 4602-1
Posted Jan 15, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4602-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-12207, CVE-2019-11091, CVE-2019-11135, CVE-2019-17340, CVE-2019-17341, CVE-2019-17342, CVE-2019-17343, CVE-2019-17344, CVE-2019-17345, CVE-2019-17346, CVE-2019-17347, CVE-2019-17348, CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579
SHA-256 | e5bfcc7743f4984f6ecac091e3a281590c7e7e3caf0c70d6d0dbc7576bed566f
Red Hat Security Advisory 2020-0111-01
Posted Jan 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
SHA-256 | 28c1d851054c5383bbe63ee7bb1b8b2fdbc55c214c08cdf429a2dbad5bf9a2e1
Huawei HG255 Directory Traversal
Posted Jan 15, 2020
Authored by Ismail Tasdelen

This Metasploit module exploits a directory traversal in Huawei HG255.

tags | exploit, file inclusion
advisories | CVE-2017-17309
SHA-256 | 067ab5b18acb24c456e0b9a078cfe01b25919509e185553aad4b5a3a85592bab
Online Book Store 1.0 SQL Injection
Posted Jan 15, 2020
Authored by AmirHadi Yazdani

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2c087023f805b4cfebb619172cc89b843972b84b1ffb24b39661919e514fc2dc
Plantronics Hub SpokesUpdateService Privilege Escalation
Posted Jan 15, 2020
Authored by Brendan Coles, Markus Krell | Site metasploit.com

The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).

tags | exploit
systems | windows
advisories | CVE-2019-15742
SHA-256 | 158f8bba58dd0cfb1693ccc6021434881f579c25482bb12c46542cc4b0abb810
Rukovoditel Project Management CRM 2.5.2 SQL Injection
Posted Jan 15, 2020
Authored by Fatih Celik

Rukovoditel Project Management CRM version 2.5.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, sql injection
SHA-256 | e6d8e35758669a0555a5226f12430c3db7831b53164a36983af7f2c027674910
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close