exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-04-17

Oracle Solaris 11.x / 10 whodo / w Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit heap-based buffer overflow in setuid root whodo and w binaries distributed with Solaris allows local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges.

tags | exploit, overflow, arbitrary, local, root
systems | solaris
advisories | CVE-2020-2771
MD5 | 126e62d56e5dfaefeb640c1b3525eab4
Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
Posted Apr 17, 2020
Authored by Marco Ivaldi

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate privileges via a long X11 display name. The vulnerable function is located in the libDtSvc library and can be reached by executing the setuid program dtsession. Versions 2.3.1 and below as well as 1.6 and earlier are affected.

tags | exploit, overflow, arbitrary, local
systems | solaris
advisories | CVE-2020-2851
MD5 | c7348e1fb04cdcfdbe4ecfb089b5825b
Common Desktop Environment 1.6 Local Privilege Escalation
Posted Apr 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2944
MD5 | a52155188d9d9476faa2c94dc62f2069
Fork CMS 5.8.0 Script Insertion
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Fork CMS version 5.8.0 suffers from multiple script insertion vulnerabilities.

tags | exploit, vulnerability
MD5 | dfb517111cdf0aff3b7e55c11f81a72e
Swift File Transfer Mobile Cross Site Scripting / Information Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
systems | ios
MD5 | 6fd632a2b00ac6e346ea8245a8726339
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
Posted Apr 17, 2020
Authored by Sivanesh Ashok

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
MD5 | e88f3fb2cabe4dd5fc52ac8955ab17bb
CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation
Posted Apr 17, 2020
Authored by Ken Williams | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to multiple vulnerabilities in CA API Developer Portal. Multiple vulnerabilities exist that can allow attackers to bypass access controls, view or modify sensitive information, perform open redirect attacks, or elevate privileges. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. Versions 4.2.x and below along with 4.3.1 are affected.

tags | advisory, vulnerability
advisories | CVE-2020-11658, CVE-2020-11659, CVE-2020-11660, CVE-2020-11661, CVE-2020-11662, CVE-2020-11663, CVE-2020-11664, CVE-2020-11665, CVE-2020-11666
MD5 | 3a4eeebabc5befc7819ab64a822abf25
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
Posted Apr 17, 2020
Authored by Nicolas Chatelain | Site metasploit.com

This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.

tags | exploit, arbitrary, root, php, vulnerability, code execution
advisories | CVE-2020-5847, CVE-2020-5849
MD5 | 66f62527f36bfb07368dcaf7a3f1185b
Metasploit Libnotify Arbitrary Command Execution
Posted Apr 17, 2020
Authored by pasta | Site metasploit.com

This Metasploit module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier.

tags | exploit, shell
advisories | CVE-2020-7350
MD5 | 885145668200c03fca22ddeebb838fd3
Falco 0.22.1
Posted Apr 17, 2020
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: A driver path has been corrected.
tags | tool, intrusion detection
systems | unix
MD5 | 3cbd208dacfed125e05829bb54938b03
Red Hat Security Advisory 2020-1497-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1497-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a buffer overflow vulnerability.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695
MD5 | 99d216db1301a7d0934167ad71cf75b8
SMACom 1.2.0 Insecure Transit / Password Disclosure
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SMACom version 1.2.0 suffers from an insecure transit vulnerability that allows for password disclosure.

tags | exploit
MD5 | 1594a98ac4066e2b917c5504b24a0dde
Red Hat Security Advisory 2020-1495-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | badb804b1ba4dbb1cbb4f9cfbbd4d8b7
TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

TAO Open Source Assessment Platform version 3.3.0 RC02 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 69ecb6106ee60a6163746e6f25c520b0
Code Blocks 16.01 Buffer Overflow
Posted Apr 17, 2020
Authored by T3jv1l

Code Blocks version 16.01 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c670af414cfdc635edc68bf60f9ece64
Playable 9.18 Script Insertion / Arbitrary File Upload
Posted Apr 17, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
systems | ios
MD5 | 69db8a47fd6bb84d9111eb838cd1a7a7
Red Hat Security Advisory 2020-1496-01
Posted Apr 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | 71676ef5284232170e0295f0907ecc33
Cisco IP Phone 11.7 Denial Of Service
Posted Apr 17, 2020
Authored by Jacob Baines

Cisco IP Phone version 11.7 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | cisco
advisories | CVE-2020-3161
MD5 | 9ae93c7c36b4741bda68dc135166ed33
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Posted Apr 17, 2020
Authored by Bailey Belisario

Easy MPEG to DVD Burner version 1.7.11 SEH buffer overflow exploit with DEP.

tags | exploit, overflow
MD5 | 70e2eabce72b8ffcd3b2086fc123b8aa
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close