what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2020-02-05

Clam AntiVirus Toolkit 0.102.2
Posted Feb 5, 2020
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: A denial of service vulnerability has been addressed. Significantly improved scan speed of PDF files on Windows. Various other updates and improvements.
tags | tool, virus
systems | unix
advisories | CVE-2020-3123
SHA-256 | 89fcdcc0eba329ca84d270df09d2bb89ae55f5024b0c3bddb817512fb2c907d3
Ubuntu Security Notice USN-4269-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4269-1 - It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-16888, CVE-2019-20386, CVE-2020-1712
SHA-256 | 801a330186d2d0b57ba060621d63e9763e16344004da69650cf8fc1454009020
Ubuntu Security Notice USN-4268-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2020-7247
SHA-256 | fb1a4c6a7673d1e704ce5b14810da07fcd07eca7997ed43842b41e748c35f68a
nfstream 3.1.2
Posted Feb 5, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fixed test workflows. Updated nDPI.
tags | tool, python
systems | unix
SHA-256 | 276e62b019d9ddf89b56b83251e72160914945f874193e34854919443ee42e62
Red Hat Security Advisory 2020-0378-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0378-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-10195, CVE-2019-14867
SHA-256 | e325a135b7467b9227486cb20387420c5511728dac11b4ac7498178c225e7891
Windscribe WindscribeService Named Pipe Privilege Escalation
Posted Feb 5, 2020
Authored by Brendan Coles, Emin Ghuliev | Site metasploit.com

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \\.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on Windscribe versions 1.80 and 1.81 on Windows 7 SP1 (x64).

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-11479
SHA-256 | 7f200c24f141392d23225b9330afb247d5a945ace30e10996f31e175ed2e9dc9
Wago PFC200 Remote Code Execution
Posted Feb 5, 2020
Authored by Nico Jansen

This Metasploit module exploits an authenticated remote code execution vulnerability in Wago PFC200.

tags | exploit, remote, code execution
SHA-256 | e644a31ee3142610bca80adf663279d598540879469ec6f7a6af0fa7628a3816
Ubuntu Security Notice USN-4263-2
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4263-2 - USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-18634
SHA-256 | 2e8986e72ddfa93d5be915aa5cdadfaa3bba5b67d5c5ef98260cdf49fce35fdc
Socat 1.7.3.4 Heap Overflow
Posted Feb 5, 2020
Authored by hieubl

Socat version 1.7.3.4 heap-based overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | ea76f2c99e8e5b6adebb04f17444c94a60a9b41ec27f10b52807e410a2f26f3a
Red Hat Security Advisory 2020-0431-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.

tags | advisory, shell
systems | linux, redhat, unix, osx
advisories | CVE-2019-14868
SHA-256 | 3f802c294b8f8fddd40b350160f80dee7808cfc53835bb711f47c188bc802448
Ubuntu Security Notice USN-4266-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4266-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-17912, CVE-2017-18229
SHA-256 | ac062f6edb9292ca25a7e3888494aa164e19b77a3440890ac4d70afe04cf4547
Red Hat Security Advisory 2020-0375-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0375-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17133
SHA-256 | 2771ec56a1f0cdfd7ba4c8445cd02a7bde8636e5735411475b0569947ef740f2
Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting
Posted Feb 5, 2020
Authored by Nolan B. Kennedy

Kronos WebTA version 4.0 suffers from cross site scripting and authenticated remote privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, xss
advisories | CVE-2020-8493, CVE-2020-8495
SHA-256 | 65fefe87417d3f24f93505f6a2d0b0861b7653921bcaeb169587b91355306bae
Verodin Director Web Console 3.5.4.0 Password Disclosure
Posted Feb 5, 2020
Authored by Nolan B. Kennedy

Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.

tags | exploit, remote, web, proof of concept, info disclosure
advisories | CVE-2019-10716
SHA-256 | 64c5c3dad0e1734a2a2d694fc84ba6acdb52e85df43750c90a10d29c8e57d888
Red Hat Security Advisory 2020-0374-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0374-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17133
SHA-256 | 109afefb19126c43d7ea9a360f7c9f6f419aad8d5207ac254a40d2179d15cf87
Ubuntu Security Notice USN-4265-2
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4265-2 - USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-1930
SHA-256 | 57693934af71cbf8f73c4502ce102a0dc12d22f24ab5a503dac709bb9ac3541b
AVideo Platform 8.1 User Enumeration
Posted Feb 5, 2020
Authored by Ihsan Sencan

AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.

tags | exploit, info disclosure
SHA-256 | 0be44102dcefa7d92f71d105ca104461782d75773b24c639b3473a1ed84e31ce
Red Hat Security Advisory 2020-0366-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0366-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2019-11135, CVE-2019-14378
SHA-256 | 5314db8d5b4027b9ffd78348452ce53792e5d0ad186dc12d43dd568bffb5542a
Red Hat Security Advisory 2020-0406-01
Posted Feb 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0406-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Issues addressed include unbounded memory growth.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-9512, CVE-2019-9514
SHA-256 | b75e2e7f5013af928a3171a30ff45ec52fcfef6e871c3c46ffb1d556479dffde
AVideo Platform 8.1 Cross Site Request Forgery
Posted Feb 5, 2020
Authored by Ihsan Sencan

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 06fe28aee68501ef47ba17ef49650509561048eb09385f0f64c56e4af3948357
xglance-bin Local Root Privilege Escalation
Posted Feb 5, 2020
Authored by Tim Brown, Marco Ortisi, Robert Jaroszuk

xglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.

tags | exploit, local, root
systems | linux
advisories | CVE-2014-2630
SHA-256 | d27e4f2ed6ba8d5e7e900a787e939d59f6386be68ee424e030c1c37dbe438c85
ISO-8385 Protocol Fuzzer
Posted Feb 5, 2020
Authored by Fakhir Karim Reda

This python script is a fuzzer for the ISO-8385 financial protocol. It is compatible with sulley and bofuzz and is now part of the official bofuzz release.

tags | tool, protocol, python, fuzzer
SHA-256 | d1cd712ddf8adaf71b93d57c4b8957aa1038bc884f3451a6f085124d3115cc0d
Cisco Discovery Protocol (CDP) Remote Device Takeover
Posted Feb 5, 2020
Authored by Barak Hadad, Yuval Sarel, Ben Seri | Site armis.com

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.

tags | advisory, remote, vulnerability, protocol
systems | cisco
advisories | CVE-2020-3110, CVE-2020-3111, CVE-2020-3118, CVE-2020-3119, CVE-2020-3120
SHA-256 | 5e3050fbeb1f22ebf589d261aab1741e8ff40e062b5d1b2a93dee1b7c870f8c4
HiSilicon DVR/NVR hi3520d Firmware Backdoor Account
Posted Feb 5, 2020
Authored by Snawoot

HiSilicon DVR/NVR with hi3520d firmware suffers from having a remote backdoor account vulnerability.

tags | exploit, remote
SHA-256 | fb9c5743e89b20410d85556efda5278324665de203fa6f5a86bdf0bf1d11edd2
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close