exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2020-01-15

SunOS 5.10 Generic_147148-26 Local Privilege Escalation
Posted Jan 15, 2020
Authored by Marco Ivaldi

SunOS version 5.10 Generic_147148-26 local privilege escalation exploit. A buffer overflow in the CheckMonitor() function in the Common Desktop Environment versions 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2696
MD5 | 55c1e1683127ba3a3c82c35279e5e6db
WordPress Postie 1.9.40 Cross Site Scripting
Posted Jan 15, 2020
Authored by V1n1v131r4

WordPress Postie plugin versions 1.9.40 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-20204
MD5 | 8507d3053d9db85a54c917232bef71d1
Ubuntu Security Notice USN-4235-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-20372
MD5 | 79f5ea577eeb2a6404b974c04050e995
Ubuntu Security Notice USN-4221-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4221-2 - USN-4221-1 fixed a vulnerability in libpcap. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-15165
MD5 | 941776c10d29fddc0fefa1bd941788e2
Ubuntu Security Notice USN-4239-1
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4239-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11045, CVE-2019-11046
MD5 | 012a05d335b6979994cbc66683861124
Ubuntu Security Notice USN-4237-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4237-2 - USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-11805, CVE-2019-12420
MD5 | 24283c9eeaee6b6e24145d1e9c95c89d
Debian Security Advisory 4602-1
Posted Jan 15, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4602-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-12207, CVE-2019-11091, CVE-2019-11135, CVE-2019-17340, CVE-2019-17341, CVE-2019-17342, CVE-2019-17343, CVE-2019-17344, CVE-2019-17345, CVE-2019-17346, CVE-2019-17347, CVE-2019-17348, CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579
MD5 | 8759c914ef760bf6ab8a00be963ebc88
Red Hat Security Advisory 2020-0111-01
Posted Jan 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 36adb5f774a4e684239d2466916380dd
Huawei HG255 Directory Traversal
Posted Jan 15, 2020
Authored by Ismail Tasdelen

This Metasploit module exploits a directory traversal in Huawei HG255.

tags | exploit, file inclusion
advisories | CVE-2017-17309
MD5 | 16cb3c95e3cda16e38fc0cb442488455
Online Book Store 1.0 SQL Injection
Posted Jan 15, 2020
Authored by AmirHadi Yazdani

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ff84f5276e5a66c210270a9ad5a3b6f0
Plantronics Hub SpokesUpdateService Privilege Escalation
Posted Jan 15, 2020
Authored by Brendan Coles, Markus Krell | Site metasploit.com

The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).

tags | exploit
systems | windows, 7
advisories | CVE-2019-15742
MD5 | 3edb57f1063129875bbf9e59e5ed282b
Rukovoditel Project Management CRM 2.5.2 SQL Injection
Posted Jan 15, 2020
Authored by Fatih Celik

Rukovoditel Project Management CRM version 2.5.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, sql injection
MD5 | d1cbf57ffd8df644d5e2b6f3df620f49
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    34 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close