what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-01-22

D-Link DIR-859 Unauthenticated Remote Command Execution
Posted Jan 22, 2020
Authored by Miguel Mendez Z, Pablo Pollanco P | Site metasploit.com

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.

tags | exploit, cgi
advisories | CVE-2019-17621
MD5 | f5cec50c246c0217d1a4e5586f49167e
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
Posted Jan 22, 2020
Authored by Brendan Coles, Jann Horn, Mohamed Ghannam, nstarke, wbowling | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2018-5333, CVE-2019-9213
MD5 | e83495fea436d8a384500ace26357f2f
Logwatch 7.5.3
Posted Jan 22, 2020
Site logwatch.org

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 8bcf3edc5a4687c8aad1b9c01e2be54b
ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
Posted Jan 22, 2020
Authored by Johannes Kruchem | Site sec-consult.com

ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-6843
MD5 | 12badb31b3d895bd0a427533aba4a756
Red Hat Security Advisory 2020-0203-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0203-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-18408
MD5 | dc5a6bc400fd8c6131f64b013f501ae4
Red Hat Security Advisory 2020-0202-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0202-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659
MD5 | 3404f9722d84211d020ebba911c2dd70
Employee Leaves Management System 2.0 Cross Site Request Forgery
Posted Jan 22, 2020
Authored by Priyanka Samak

Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 2ae268dfb5b02477de0b12594fff1310
Red Hat Security Advisory 2020-0201-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0201-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-17626
MD5 | 12af8d3d17da89c3b09e1da7b2e8f2d2
Red Hat Security Advisory 2020-0199-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0199-01 - OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, protocol
systems | linux, redhat
advisories | CVE-2019-5544
MD5 | b4794de27a65960e05acce29197a7023
Debian Security Advisory 4608-1
Posted Jan 22, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2019-14973, CVE-2019-17546
MD5 | 12eed5360dd4febddd4c4451276e9aac
Red Hat Security Advisory 2020-0172-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0172-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-14818
MD5 | bdbd811168e083447624425779c51b66
Red Hat Security Advisory 2020-0171-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0171-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-14818
MD5 | 86115796b10eaa0ddaca193f1185b910
Red Hat Security Advisory 2020-0196-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0196-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659
MD5 | 1c7d2c0c668a926712bd020620aa036b
Red Hat Security Advisory 2020-0195-01
Posted Jan 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0195-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-17626
MD5 | 401dc7405f3d7c9406236cdfbb63ec71
Citrix XenMobile Server 10.8 XML Injection
Posted Jan 22, 2020
Authored by Jonas Lejon

Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-10653
MD5 | 98dfa95366d3218a5c4e705da6798a5c
Microsoft Windows 7 Screen Lock Shellcode
Posted Jan 22, 2020
Authored by Saswat Nayak

9 bytes small Microsoft Windows 7 screen locking shellcode.

tags | shellcode
systems | windows, 7
MD5 | 342333e070d67e23f69ad3f94c730111
XNU vm_map_copy Insufficient Fix
Posted Jan 22, 2020
Authored by Google Security Research, ianbeer

An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.

tags | exploit
advisories | CVE-2019-6205, CVE-2019-8833
MD5 | f8e6dfd4187cd8bfbcbdada394e14738
KeePass 2.44 Denial Of Service
Posted Jan 22, 2020
Authored by Mustafa Emre Gul

KeePass version 2.44 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | e3921df2f71a715fc3761f07b520768e
ECTouch ECShop 2.7.3 SQL Injection
Posted Jan 22, 2020
Authored by KingSkrupellos

ECTouch ECShop version 2.7.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0ba14f6875fb0a9daeddafb224ed1358
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close