exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-04-17

Oracle Solaris 11.x / 10 whodo / w Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges.

tags | exploit, overflow, arbitrary, local, root
systems | solaris
advisories | CVE-2020-2771
SHA-256 | b4fd5ab59754c50d0a4004387d6ef82f58b1de0dc8f81de2438e2e8a8dd7f4fb
Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.

tags | exploit, overflow, arbitrary, local
systems | solaris
advisories | CVE-2020-2851
SHA-256 | 7f50111057b19d6619dd24b1f2d5b993965259bb33db3ffa61cb8236878b3cc3
Common Desktop Environment 1.6 Local Privilege Escalation
Posted Apr 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2944
SHA-256 | 77a96ff828853997303f6f447de00f2ca068b80d3a3c567e8415e33a6e0d0922
Fork CMS 5.8.0 Script Insertion
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Fork CMS version 5.8.0 suffers from multiple script insertion vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 7fda84cb9778bda0039a49e505a8ad8d393403f233e7fbc13127c481e8eb65bd
Swift File Transfer Mobile Cross Site Scripting / Information Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
systems | ios
SHA-256 | c6b28c761212f0e60e98658f4009e7cd57fd0f4804640083646a2559d8213009
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
Posted Apr 17, 2020
Authored by Sivanesh Ashok

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
SHA-256 | e614085b9eb87091a2d75dab2853ff80979807cfc96148439021df1a832b95a4
CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation
Posted Apr 17, 2020
Authored by Ken Williams | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below along with 4.3.1 are affected.

tags | advisory, vulnerability
advisories | CVE-2020-11658, CVE-2020-11659, CVE-2020-11660, CVE-2020-11661, CVE-2020-11662, CVE-2020-11663, CVE-2020-11664, CVE-2020-11665, CVE-2020-11666
SHA-256 | bbbce1a3b7045cbd54fc2a306c012fa2c4f6c7730e766b2fc190b6abff8b3216
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
Posted Apr 17, 2020
Authored by Nicolas Chatelain | Site metasploit.com

This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.

tags | exploit, arbitrary, root, php, vulnerability, code execution
advisories | CVE-2020-5847, CVE-2020-5849
SHA-256 | 35b12f162c0f93f5dcd8552c4530c13b6a4979bffe9b0558493c22aea31db7e7
Metasploit Libnotify Arbitrary Command Execution
Posted Apr 17, 2020
Authored by pasta | Site metasploit.com

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

tags | exploit, shell
advisories | CVE-2020-7350
SHA-256 | ad067bdd31d638c4ac1ccfedad48f8bc32df34ac1fa4200beab6496c6c318e9b
Falco 0.22.1
Posted Apr 17, 2020
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: A driver path has been corrected.
tags | tool, intrusion detection
systems | unix
SHA-256 | 46fe71a817e2da763dfb01c1b0644bc54b6ee557a5646d87710e442b7490f151
Red Hat Security Advisory 2020-1497-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1497-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695
SHA-256 | f80f1e718d52160743afe826ffa9c8a4d9183700f91505d41bdbaf883bab9c21
SMACom 1.2.0 Insecure Transit / Password Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SMACom version 1.2.0 suffers from an insecure transit vulnerability that allows for password disclosure.

tags | exploit
SHA-256 | f51ea111518ccf91ba58454f6ee50e3572a1f227c409c3020f5f8696db69e58c
Red Hat Security Advisory 2020-1495-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
SHA-256 | 0372171b6c3257e955ee13ea1cff0749a2aa8955f6d4bbf1eb56e15f1c77b11d
TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

TAO Open Source Assessment Platform version 3.3.0 RC02 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c1521818335dcbc0d7c50cb49dc538af5b8ba8dd18438843a1e838ac9d5b8ad9
Code Blocks 16.01 Buffer Overflow
Posted Apr 17, 2020
Authored by T3jv1l

Code Blocks version 16.01 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3ddb4099b98d797c8e41079662c781fa87ff2bfcc8bb1c3e42448a9fc05f2402
Playable 9.18 Script Insertion / Arbitrary File Upload
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
systems | ios
SHA-256 | b0f783dd4aa412caeaa6e4c50fde08b54f10401f9c81abbfdf18170d2f268985
Red Hat Security Advisory 2020-1496-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
SHA-256 | f9059f9f96f09681cca6c1c026a26d7147b0fd9e3e88a56fd2fa77c59fab7c6d
Cisco IP Phone 11.7 Denial Of Service
Posted Apr 17, 2020
Authored by Jacob Baines

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | cisco
advisories | CVE-2020-3161
SHA-256 | 91023709bd06cb09c03533c7926183d762565f1ac3417ed227ca0ea133cc7045
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Posted Apr 17, 2020
Authored by Bailey Belisario

Easy MPEG to DVD Burner version 1.7.11 SEH buffer overflow exploit with DEP.

tags | exploit, overflow
SHA-256 | 96f59ee1d96bf8e52065014ce84fa1287014e085b286c877518311cea7eb3b77
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close