what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-05-08

Linux 5.6 IORING_OP_MADVISE Race Condition
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.

tags | exploit
systems | linux
MD5 | 48173960a553b8ac2d2d1b4706631456
Linux futex+VFS Use-After-Free
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.

tags | exploit
systems | linux
MD5 | b10f0f2bf1162cf416ade38ced936f86
Samsung Android Remote Code Execution
Posted May 8, 2020
Authored by Google Security Research, mjurczyk

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-8899
MD5 | 3f9f4d5bfc619d4b462f0ef931e31a05
Packet Fence 10.0.1
Posted May 8, 2020
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Fixed issue with out of bound array in pfacct. Fixed handling of VSA in pfacct. Fixed handling of wireless secure to open SSID VLAN filter. Various other enhancements.
tags | tool, remote
systems | unix
MD5 | 9ade118add1a7c7a0c796ca7c82df847
nfstream 5.1.0
Posted May 8, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Added to_csv export feature. Reworked to_pandas export and libpcap setup. Patched for IPv6 support.
tags | tool, python
systems | unix
MD5 | bcbb3d4417337289681f4a1fc7ceab08
TestSSL 3.0.2
Posted May 8, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is another bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 23f32eb9dee4e088a704a11bd2a2339a
Microsoft Windows NtUserMNDragOver Local Privilege Escalation
Posted May 8, 2020
Authored by Clement LECIGNE, timwr, Grant Willcox | Site metasploit.com

This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module has been tested against Windows 7 x86 SP0 and SP1. Offsets within the solution may need to be adjusted to work with other versions of Windows, such as Windows Server 2008.

tags | exploit, x86
systems | windows, 7
advisories | CVE-2019-0808
MD5 | e65eeb8c736544fe952269396a557f62
Service Tracing Privilege Escalation
Posted May 8, 2020
Authored by bwatters-r7, itm4n | Site metasploit.com

This Metasploit module leverages a trusted file overwrite with a dll hijacking vulnerability to gain SYSTEM-level access on vulnerable Windows 10 x64 targets.

tags | exploit
systems | windows
advisories | CVE-2020-0668
MD5 | 516baab41d9288815d39cc0f80df1826
Zeek 3.1.3
Posted May 8, 2020
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a buffer over-read in the Ident analyzer. Various other bug fixes as well.
tags | tool, intrusion detection
systems | unix
MD5 | 3174ea8d91b17fa7b7c568a4a9225b13
Capstone 4.0.2
Posted May 8, 2020
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: This release fixes some bugs of version 4.0.1, as well as introduces some improvements for several bindings.
tags | tool
systems | unix
MD5 | 8894344c966a948f1248e66c91b53e2c
ManageEngine Asset Explorer Windows Agent Remote Code Execution
Posted May 8, 2020
Authored by Sahil Dhar, xen1thLabs

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2020-8838
MD5 | ff4fdf0c7d6b92afcdddd961ccbb4ed7
Creative Zone SQL Injection
Posted May 8, 2020
Authored by Bl4ck M4n | Site vulnerability-lab.com

Creative Zone suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2e1b53b9c1b3b3fdd25b7fe6f3e941b8
WordPress Dosimple Theme 2.0 Cross Site Scripting
Posted May 8, 2020
Authored by Milad Karimi | Site vulnerability-lab.com

WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1918aa45c4c317429179db3d2fc8b8e5
ManageEngine DataSecurity Plus Authentication Bypass
Posted May 8, 2020
Authored by Sahil Dhar, xen1thLabs

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-11532
MD5 | 6d02c70f321ed959a848ad38b68e5373
WebTareas 2.0p8 Cross Site Scripting
Posted May 8, 2020
Authored by Bobby Cooke

WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1e1b18d6abc7bfaf1594a5ee92f4b133
WordPress ChopSlider 3 SQL Injection
Posted May 8, 2020
Authored by Callum Murphy

WordPress ChopSlider plugin version 3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-11530
MD5 | a7272e287d6019c424e8e877129da5d4
Qik Chat 3.0 Command Injection
Posted May 8, 2020
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.

tags | exploit
systems | ios
MD5 | 91dac40216ea76f090e89ec3087e917d
Tiny MySQL Cross Site Scripting
Posted May 8, 2020
Authored by Milad Karimi | Site vulnerability-lab.com

Tiny MySQL suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | baecdb27c442ebf8eaf94171b4c24196
ManageEngine DataSecurity Plus Path Traversal / Code Execution
Posted May 8, 2020
Authored by Sahil Dhar, xen1thLabs

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2020-11531
MD5 | cb5ff48aa48c7fc8e7186331fb3c00e7
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close