what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-02-13

Suricata IDPE 5.0.2
Posted Feb 13, 2020
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Addressed a segfault, a memory allocation error, and various other bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 7f30cac92feeab2a9281b6059b96f9f163dce9aadcc959a6c0b9a2f6d750cee7
Anviz CrossChex Buffer Overflow
Posted Feb 13, 2020
Authored by Pedro Rodrigues, Luis Catarino, agalway-r7, adfoster-r7 | Site metasploit.com

This Metasploit modules waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2019-12518
SHA-256 | fcc76b20f0ef9b7cb9eacc5f4294aa56b0c1f5cb9149be7799f84734a92a6d8e
Samsung /dev/tsmux Heap Out-Of-Bounds Write
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

The Samsung kernel suffers from a heap out-of-bounds write in /dev/tsmux.

tags | exploit, kernel
SHA-256 | cfdc74006e656bf14b792a3ef9b9b45e5579d2eed455326e014482691d8ebf38
XPC Memory Disclosure / Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

XPC fast path fails to ensure NULL termination of XPC strings, leading to memory disclosure and corruption vulnerabilities in XPC services.

tags | exploit, vulnerability
advisories | CVE-2020-3856
SHA-256 | 177cb639e6a25a5904e8f4f9ae68c987f945f93207a3d09333a7ea42bc47e766
macOS / iOS launchd XPC Message Parsing Memory Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

launchd on macOS and iOS suffer from a memory corruption issue due to a lack of bounds checking when parsing XPC messages.

tags | exploit
systems | ios
advisories | CVE-2020-3829
SHA-256 | 13c83122693a08ee0f24211a2e669324b5b58b62191c82afb69d83c51fdecf4a
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
SHA-256 | 6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4
Red Hat Security Advisory 2020-0487-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
SHA-256 | d07d1892269b8f92df66a4d09cc3d2fd52cb020b25b56e79796b27001a2d25ef
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
SHA-256 | bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6
OpenTFTP 1.66 Local Privilege Escalation
Posted Feb 13, 2020
Authored by Bobby Cooke

OpenTFTP version 1.66 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 5d2b25539718d896a4dfdcdac7ba083b886438ab40228dcc00f3b42e60608afe
SuiteCRM 7.11.11 Bean Manipulation
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

tags | exploit
advisories | CVE-2020-8802
SHA-256 | 2180571bb1e2260ae7306d067b16cfbedbc9933b8f3852afefaabda12b8e98f8
Pandora FMS 7.0 Authenticated Remote Code Execution
Posted Feb 13, 2020
Authored by Engin Demirbilek

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8947
SHA-256 | e8569c21b7bc7bcd154f048ee7b342645684557e5d7eed9343a3c351f795a4a4
Red Hat Security Advisory 2020-0497-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 26852e77b838e0d5a87fe97d3c16c806d3cdf8d7434d7b5456efee625099d1f1
SuiteCRM 7.11.11 Phar Deserialization
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-8801
SHA-256 | 6635b4d98132797e97d5f7beb1446ac64f1d1b045f58dd11a4416288eebcbc03
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
SHA-256 | ac2daf7bcc95857b4f5049cebd3177cbe3381b4badbb37ff3079ae24ed46821a
ESET Generic Malformed Archive Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
SHA-256 | e2f741cde9f439ac70973eeae7d76a4af0d0b4eb7a85e38074a57965ddaf71b3
SuiteCRM 7.11.11 Second-Order PHP Object Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-8800
SHA-256 | 0b39b583ac4c6a3f164f129018fb829ea101106ca187de455b16329ca19a3403
Packet Sniffer To Sniff Sensitive Credentials Only
Posted Feb 13, 2020
Authored by Roshan Poudel

Whitepaper called Packet Sniffer to Sniff Sensitive Credentials Only.

tags | paper
SHA-256 | 903f256eb800e55d6283faf82461a30ade3cfd200b4d8acd6dfd8b9a89f6d7d6
SweynTooth Bluetooth Exploits
Posted Feb 13, 2020
Authored by Matheus Garbelini | Site github.com

SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different Bluetooth Low Energy (BLE) software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security depending on the circumstances.

tags | exploit, overflow, vulnerability
SHA-256 | f44bedf383c9d61f39058db170d8ca3ef17bc3122bb8b97a69aca174d01d9633
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close