what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-04-17

Oracle Solaris 11.x / 10 whodo / w Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges.

tags | exploit, overflow, arbitrary, local, root
systems | solaris
advisories | CVE-2020-2771
SHA-256 | b4fd5ab59754c50d0a4004387d6ef82f58b1de0dc8f81de2438e2e8a8dd7f4fb
Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.

tags | exploit, overflow, arbitrary, local
systems | solaris
advisories | CVE-2020-2851
SHA-256 | 7f50111057b19d6619dd24b1f2d5b993965259bb33db3ffa61cb8236878b3cc3
Common Desktop Environment 1.6 Local Privilege Escalation
Posted Apr 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2944
SHA-256 | 77a96ff828853997303f6f447de00f2ca068b80d3a3c567e8415e33a6e0d0922
Fork CMS 5.8.0 Script Insertion
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Fork CMS version 5.8.0 suffers from multiple script insertion vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 7fda84cb9778bda0039a49e505a8ad8d393403f233e7fbc13127c481e8eb65bd
Swift File Transfer Mobile Cross Site Scripting / Information Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
systems | ios
SHA-256 | c6b28c761212f0e60e98658f4009e7cd57fd0f4804640083646a2559d8213009
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
Posted Apr 17, 2020
Authored by Sivanesh Ashok

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
SHA-256 | e614085b9eb87091a2d75dab2853ff80979807cfc96148439021df1a832b95a4
CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation
Posted Apr 17, 2020
Authored by Ken Williams | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below along with 4.3.1 are affected.

tags | advisory, vulnerability
advisories | CVE-2020-11658, CVE-2020-11659, CVE-2020-11660, CVE-2020-11661, CVE-2020-11662, CVE-2020-11663, CVE-2020-11664, CVE-2020-11665, CVE-2020-11666
SHA-256 | bbbce1a3b7045cbd54fc2a306c012fa2c4f6c7730e766b2fc190b6abff8b3216
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
Posted Apr 17, 2020
Authored by Nicolas Chatelain | Site metasploit.com

This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.

tags | exploit, arbitrary, root, php, vulnerability, code execution
advisories | CVE-2020-5847, CVE-2020-5849
SHA-256 | 35b12f162c0f93f5dcd8552c4530c13b6a4979bffe9b0558493c22aea31db7e7
Metasploit Libnotify Arbitrary Command Execution
Posted Apr 17, 2020
Authored by pasta | Site metasploit.com

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

tags | exploit, shell
advisories | CVE-2020-7350
SHA-256 | ad067bdd31d638c4ac1ccfedad48f8bc32df34ac1fa4200beab6496c6c318e9b
Falco 0.22.1
Posted Apr 17, 2020
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: A driver path has been corrected.
tags | tool, intrusion detection
systems | unix
SHA-256 | 46fe71a817e2da763dfb01c1b0644bc54b6ee557a5646d87710e442b7490f151
Red Hat Security Advisory 2020-1497-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1497-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695
SHA-256 | f80f1e718d52160743afe826ffa9c8a4d9183700f91505d41bdbaf883bab9c21
SMACom 1.2.0 Insecure Transit / Password Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SMACom version 1.2.0 suffers from an insecure transit vulnerability that allows for password disclosure.

tags | exploit
SHA-256 | f51ea111518ccf91ba58454f6ee50e3572a1f227c409c3020f5f8696db69e58c
Red Hat Security Advisory 2020-1495-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
SHA-256 | 0372171b6c3257e955ee13ea1cff0749a2aa8955f6d4bbf1eb56e15f1c77b11d
TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

TAO Open Source Assessment Platform version 3.3.0 RC02 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c1521818335dcbc0d7c50cb49dc538af5b8ba8dd18438843a1e838ac9d5b8ad9
Code Blocks 16.01 Buffer Overflow
Posted Apr 17, 2020
Authored by T3jv1l

Code Blocks version 16.01 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3ddb4099b98d797c8e41079662c781fa87ff2bfcc8bb1c3e42448a9fc05f2402
Playable 9.18 Script Insertion / Arbitrary File Upload
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
systems | ios
SHA-256 | b0f783dd4aa412caeaa6e4c50fde08b54f10401f9c81abbfdf18170d2f268985
Red Hat Security Advisory 2020-1496-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
SHA-256 | f9059f9f96f09681cca6c1c026a26d7147b0fd9e3e88a56fd2fa77c59fab7c6d
Cisco IP Phone 11.7 Denial Of Service
Posted Apr 17, 2020
Authored by Jacob Baines

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | cisco
advisories | CVE-2020-3161
SHA-256 | 91023709bd06cb09c03533c7926183d762565f1ac3417ed227ca0ea133cc7045
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Posted Apr 17, 2020
Authored by Bailey Belisario

Easy MPEG to DVD Burner version 1.7.11 SEH buffer overflow exploit with DEP.

tags | exploit, overflow
SHA-256 | 96f59ee1d96bf8e52065014ce84fa1287014e085b286c877518311cea7eb3b77
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close