what you don't know can hurt you
Showing 1 - 25 of 397 RSS Feed

Files Date: 2020-03-01 to 2020-03-31

Ubuntu Security Notice USN-4311-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4311-1 - It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-7837, CVE-2020-0556
MD5 | 003f02799609a41d0332d6037d56d870
Ubuntu Security Notice USN-4313-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4313-1 - Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-8835
MD5 | 64238cff52e7aff48c4ad8bc4b0032f4
10-Strike Network Inventory Explorer 9.03 Buffer Overflow
Posted Mar 30, 2020
Authored by Hodorsec

10-Strike Network Inventory Explorer version 9.03 Read-from-file buffer overflow exploit that uses SEH and ROP.

tags | exploit, overflow
MD5 | 4149e3e557d63c733212a574642fceed
Recon Informer
Posted Mar 30, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

tags | tool
systems | linux, windows, unix
MD5 | cb8d3c18e04a60fd39e205fae7a0cd88
Ubuntu Security Notice USN-4312-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4312-1 - Matthias Gerstner discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2020-10174
MD5 | 51355f6e192c7fbad0b80169911ffd45
Gentoo Linux Security Advisory 202003-66
Posted Mar 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-66 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13164, CVE-2020-8608
MD5 | a6a562170c2a21f14869b0569e784ed2
Gentoo Linux Security Advisory 202003-65
Posted Mar 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-65 - Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. Versions greater than or equal to 4 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-10001, CVE-2018-6912, CVE-2018-7557, CVE-2018-7751, CVE-2018-9841, CVE-2019-12730, CVE-2019-13312, CVE-2019-13390, CVE-2019-17539, CVE-2019-17542
MD5 | ff20d5cf4c2cd148a87e96d94a78b9c7
Gentoo Linux Security Advisory 202003-64
Posted Mar 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-64 - Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code. Versions less than 1.5.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12110, CVE-2017-12111, CVE-2017-2896, CVE-2017-2897, CVE-2017-2919, CVE-2018-20450, CVE-2018-20452
MD5 | ec4db6d44898f3dea240ba1ab3f8cd56
Gentoo Linux Security Advisory 202003-63
Posted Mar 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-63 - Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-12290, CVE-2019-18224
MD5 | f1700aa0a875c05fb47f2d7447393006
Joomla Fabrik 3.9.11 Directory Traversal
Posted Mar 30, 2020
Authored by qw3rTyTy

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | ca6510d47275441b8241ea7c2bb9e5e7
Gentoo Linux Security Advisory 202003-62
Posted Mar 30, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-62 - A buffer overflow in GNU Screen might allow remote attackers to corrupt memory. Versions less than 4.8.0 are affected.

tags | advisory, remote, overflow
systems | linux, gentoo
advisories | CVE-2020-9366
MD5 | ab4de12e48da1c85fe4f68a82ac29386
Ubuntu Security Notice USN-4310-1
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4310-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2020-10018
MD5 | ddd7bc5bb510c51d26056ea6338792b8
Ubuntu Security Notice USN-4308-2
Posted Mar 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4308-2 - USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. Various other issues were also addressed.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-12387, CVE-2019-12855, CVE-2020-10109
MD5 | b43b434bb001678ba973b3bd6564e349
Zen Load Balancer 3.10.1 Remote Code Execution
Posted Mar 30, 2020
Authored by Cody Sixteen

Zen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 8a94b04383ba5845668af5b40ea1572f
Pentesting Zen Load Balancer
Posted Mar 30, 2020
Authored by Cody Sixteen

This whitepaper is a quick tutorial on pentesting the Zen load balancer.

tags | paper
MD5 | 861099cc2be81725b83792a18b56b14b
WordPress Event-Registration 5.43 Arbitrary File Upload
Posted Mar 30, 2020
Authored by KingSkrupellos

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 279cd9d30da9f9ede81e18d63144ff44
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
Posted Mar 30, 2020
Authored by thelastvvv

DesignMasterEvents CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | ad266e42f66fca68495c697e74ab0a99
Odin Secure FTP Expert 7.6.3 Site Info Denial Of Service
Posted Mar 30, 2020
Authored by Ivan Marmolejo

Odin Secure FTP Expert version 7.6.3 Site Info denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 0f037ebeb04f167b2e5f257be89cf8d2
Redis Replication Code Execution
Posted Mar 29, 2020
Authored by Green-m | Site metasploit.com

This Metasploit module can be used to leverage the extension functionality added since Redis 4.0.0 to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave.

tags | exploit, arbitrary
MD5 | bc3bb68fe75ced3edda645b09f10803e
Micro Focus Vibe 4.0.6 Cross Site Scripting
Posted Mar 28, 2020
Authored by Dr. Vladimir Bostanov

Micro Focus Vibe version 4.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-9250
MD5 | a60027ac5b74660e7969af3d9c4d5357
Micro Focus Vibe 4.0.6 HTML Injection
Posted Mar 28, 2020
Authored by Dr. Vladimir Bostanov

Micro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.

tags | exploit
MD5 | 928c8f07f3d084c0452dd3915b1fbb32
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
Posted Mar 28, 2020
Authored by Pedro Ribeiro, Gareth Batchelor

IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.

tags | exploit, code execution
advisories | CVE-2019-4716
MD5 | d010aadf91fbdd90b9c6b2e2854fbafc
DLINK DWL-2600 Authenticated Remote Command Injection
Posted Mar 28, 2020
Authored by Raki Ben Hamouda, Nick Starke | Site metasploit.com

This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.

tags | exploit, web
advisories | CVE-2019-20499
MD5 | 058fc813826b27ba952231f09a327f06
codeBeamer 9.5 Cross Site Scripting
Posted Mar 28, 2020
Authored by Georg Ph E Heise

codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-19912, CVE-2019-19913
MD5 | f0eca9618f504c287a0819470ab7990f
rConfig 3.9.4 searchField Remote Code Execution
Posted Mar 28, 2020
Authored by vikingfr

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.

tags | exploit, remote, root, code execution
advisories | CVE-2019-19509, CVE-2019-19585, CVE-2020-10220
MD5 | 8c716113452b1998821e833fac8675aa
Page 1 of 16
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close