what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-02-13

Suricata IDPE 5.0.2
Posted Feb 13, 2020
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Addressed a segfault, a memory allocation error, and various other bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 28470c05f0f1d3eae2a0c7312c3eabc3
Anviz CrossChex Buffer Overflow
Posted Feb 13, 2020
Authored by Pedro Rodrigues, Luis Catarino, agalway-r7, adfoster-r7 | Site metasploit.com

This Metasploit modules waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2019-12518
MD5 | e3ba89a23a55784d1a94210335d0e24f
Samsung /dev/tsmux Heap Out-Of-Bounds Write
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

The Samsung kernel suffers from a heap out-of-bounds write in /dev/tsmux.

tags | exploit, kernel
MD5 | 00005339bd5f67a8a2ca1f91df549119
XPC Memory Disclosure / Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

XPC fast path fails to ensure NULL termination of XPC strings, leading to memory disclosure and corruption vulnerabilities in XPC services.

tags | exploit, vulnerability
advisories | CVE-2020-3856
MD5 | 0f1657d7f62dc322829fee09424c0e5c
macOS / iOS launchd XPC Message Parsing Memory Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

launchd on macOS and iOS suffer from a memory corruption issue due to a lack of bounds checking when parsing XPC messages.

tags | exploit
systems | ios
advisories | CVE-2020-3829
MD5 | 1214e0a3adca8432caea6990153f7571
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
MD5 | e563a245d3450a08dc89409be7d351e6
Red Hat Security Advisory 2020-0487-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, root
systems | linux, redhat
advisories | CVE-2019-18634
MD5 | 612c85a9d2cb652539696e8f19c95fbc
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
MD5 | 30243acc735a0a74cd60961a8b809988
OpenTFTP 1.66 Local Privilege Escalation
Posted Feb 13, 2020
Authored by boku

OpenTFTP version 1.66 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 4c237a98f5dd3ec8ed985d7311aa35bc
SuiteCRM 7.11.11 Bean Manipulation
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

tags | exploit
advisories | CVE-2020-8802
MD5 | 5b37a8d65609f140a2d503b2ba0f5aea
Pandora FMS 7.0 Authenticated Remote Code Execution
Posted Feb 13, 2020
Authored by Engin Demirbilek

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8947
MD5 | c3b198639fda25e23a0dfdf49744d535
Red Hat Security Advisory 2020-0497-01
Posted Feb 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
MD5 | bb8148a3b55bd05b404fb987854eb70c
SuiteCRM 7.11.11 Phar Deserialization
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-8801
MD5 | 40555272df9e2fe2b9399bbc7bb54c0a
AVIRA Generic Malformed Container Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.

tags | advisory
MD5 | 6e004bfa1a3b7ba17f65b840b147c977
ESET Generic Malformed Archive Bypass
Posted Feb 13, 2020
Authored by Thierry Zoller

The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
MD5 | b070d226240b5ffffd20b8b5dd28cd36
SuiteCRM 7.11.11 Second-Order PHP Object Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-8800
MD5 | ea4d3494a5be75e5e45932ce2189d4c2
Packet Sniffer To Sniff Sensitive Credentials Only
Posted Feb 13, 2020
Authored by Roshan Poudel

Whitepaper called Packet Sniffer to Sniff Sensitive Credentials Only.

tags | paper
MD5 | fccb94cbfba25dc0528f289cc32f6721
SweynTooth Bluetooth Exploits
Posted Feb 13, 2020
Authored by Matheus Garbelini | Site github.com

SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different Bluetooth Low Energy (BLE) software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security depending on the circumstances.

tags | exploit, overflow, vulnerability
MD5 | 042ed03928785582be3b2d73a5d65d5a
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    18 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close