exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2020-02-28

MITREid 1.3.3 Cross Site Scripting
Posted Feb 28, 2020
Authored by Aaron Bishop

MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-5497
SHA-256 | beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2
Microsoft Windows Kernel Privilege Escalation
Posted Feb 28, 2020
Authored by nu11secur1ty

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.

tags | exploit, remote, local, registry
systems | windows
advisories | CVE-2020-0668
SHA-256 | 6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96
qdPM Remote Code Execution
Posted Feb 28, 2020
Authored by Tobin Shields

qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.

tags | exploit, remote, shell, code execution
advisories | CVE-2020-7246
SHA-256 | 7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d
Debian Security Advisory 4630-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.

tags | advisory, python
systems | linux, debian
advisories | CVE-2020-5390
SHA-256 | b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48
Debian Security Advisory 4631-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.

tags | advisory, denial of service, arbitrary, python
systems | linux, debian
advisories | CVE-2019-16865, CVE-2019-19911, CVE-2020-5311, CVE-2020-5312, CVE-2020-5313
SHA-256 | 672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27f
Debian Security Advisory 4632-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).

tags | advisory, denial of service, overflow, protocol
systems | linux, debian
advisories | CVE-2020-8597
SHA-256 | f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590e
Debian Security Advisory 4634-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2020-8794
SHA-256 | 5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
Debian Security Advisory 4635-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2020-9273
SHA-256 | bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8ae
Debian Security Advisory 4636-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.

tags | advisory, python
systems | linux, debian
advisories | CVE-2020-6802
SHA-256 | 94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953
Deciphering The SWIFT-DRIDEX Relationship In Bank
Posted Feb 28, 2020
Authored by Monika Arora, Harsh, Achint Basoya

This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.

tags | paper
SHA-256 | 6a0cab11f2e64f9df513d332add9505f86699b1e1ba54f3ff7ddc853a502e82f
Nimsoft nimcontroller 7.80 Remote Code Execution
Posted Feb 28, 2020
Authored by wetw0rk

Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8012
SHA-256 | af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0
SerialTweaker 1.1
Posted Feb 28, 2020
Authored by Stefan Broeder, redtimmysec

SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.

tags | tool
systems | unix
SHA-256 | f07b0cb7767fe9ecacd5cc0f2aacef08a3520cd39de4d809fae2a85d1b7c8bb0
Wireshark Analyzer 3.2.2
Posted Feb 28, 2020
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple vulnerabilities and bug fixes in dissectors have been addressed.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79
Zeek 3.1.0
Posted Feb 28, 2020
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added a new supervisor framework that enables Zeek to operate clusters. Various other additions and changes in functionality.
tags | tool, intrusion detection
systems | unix
SHA-256 | a31c015afddef00022d3a2c0ab9383a616b6e6954cba467eb037d16b88aaac8c
Red Hat Security Advisory 2020-0637-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
SHA-256 | 94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66
Red Hat Security Advisory 2020-0638-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
SHA-256 | e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close