exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-02-13

Suricata IDPE 5.0.2
Posted Feb 13, 2020
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Addressed a segfault, a memory allocation error, and various other bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 28470c05f0f1d3eae2a0c7312c3eabc3
Anviz CrossChex Buffer Overflow
Posted Feb 13, 2020
Authored by Pedro Rodrigues, Luis Catarino, agalway-r7, adfoster-r7 | Site metasploit.com

This Metasploit modules waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2019-12518
MD5 | e3ba89a23a55784d1a94210335d0e24f
Samsung /dev/tsmux Heap Out-Of-Bounds Write
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

The Samsung kernel suffers from a heap out-of-bounds write in /dev/tsmux.

tags | exploit, kernel
MD5 | 00005339bd5f67a8a2ca1f91df549119
XPC Memory Disclosure / Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

XPC fast path fails to ensure NULL termination of XPC strings, leading to memory disclosure and corruption vulnerabilities in XPC services.

tags | exploit, vulnerability
advisories | CVE-2020-3856
MD5 | 0f1657d7f62dc322829fee09424c0e5c
macOS / iOS launchd XPC Message Parsing Memory Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

launchd on macOS and iOS suffer from a memory corruption issue due to a lack of bounds checking when parsing XPC messages.

tags | exploit
systems | ios
advisories | CVE-2020-3829
MD5 | 1214e0a3adca8432caea6990153f7571
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
MD5 | e563a245d3450a08dc89409be7d351e6
Red Hat Security Advisory 2020-0487-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | 612c85a9d2cb652539696e8f19c95fbc
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
MD5 | 30243acc735a0a74cd60961a8b809988
OpenTFTP 1.66 Local Privilege Escalation
Posted Feb 13, 2020
Authored by boku

OpenTFTP version 1.66 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 4c237a98f5dd3ec8ed985d7311aa35bc
SuiteCRM 7.11.11 Bean Manipulation
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

tags | exploit
advisories | CVE-2020-8802
MD5 | 5b37a8d65609f140a2d503b2ba0f5aea
Pandora FMS 7.0 Authenticated Remote Code Execution
Posted Feb 13, 2020
Authored by Engin Demirbilek

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8947
MD5 | c3b198639fda25e23a0dfdf49744d535
Red Hat Security Advisory 2020-0497-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
MD5 | bb8148a3b55bd05b404fb987854eb70c
SuiteCRM 7.11.11 Phar Deserialization
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-8801
MD5 | 40555272df9e2fe2b9399bbc7bb54c0a
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
MD5 | 6e004bfa1a3b7ba17f65b840b147c977
ESET Generic Malformed Archive Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
MD5 | b070d226240b5ffffd20b8b5dd28cd36
SuiteCRM 7.11.11 Second-Order PHP Object Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-8800
MD5 | ea4d3494a5be75e5e45932ce2189d4c2
Packet Sniffer To Sniff Sensitive Credentials Only
Posted Feb 13, 2020
Authored by Roshan Poudel

Whitepaper called Packet Sniffer to Sniff Sensitive Credentials Only.

tags | paper
MD5 | fccb94cbfba25dc0528f289cc32f6721
SweynTooth Bluetooth Exploits
Posted Feb 13, 2020
Authored by Matheus Garbelini | Site github.com

SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different Bluetooth Low Energy (BLE) software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security depending on the circumstances.

tags | exploit, overflow, vulnerability
MD5 | 042ed03928785582be3b2d73a5d65d5a
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    11 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close