exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-01-08 to 2019-01-09

Debian Security Advisory 4363-1
Posted Jan 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4363-1 - It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

tags | advisory, web, spoof, python
systems | linux, debian
advisories | CVE-2019-3498
SHA-256 | e43ffa774ebdcc131069141ab52a0af279975106b0b8c19b8d3aa2c02cdcaee5
Wireshark Analyzer 2.6.6
Posted Jan 8, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Added a boundary check to get_t61_string. Various other updates.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 487933ea075bdbb25d8df06017d9c4f49fc20eb7f6ec80af086718ed5550e863
Mailcleaner Remote Code Execution
Posted Jan 8, 2019
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability.

tags | exploit, web, root
advisories | CVE-2018-20323
SHA-256 | 9be39a4bc9f67632a6a5377d1cf086a107e68b119a124c2b425f517817903bb6
TOR Virtual Network Tunneling Tool 0.3.5.7
Posted Jan 8, 2019
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 1b0887fc21ac535befea7243c5d5f1e31394d7458d64b30807a3e98cca0d839e
Wireshark get_t61_string Heap Out-Of-Bounds Read
Posted Jan 8, 2019
Authored by Google Security Research, mjurczyk

Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.

tags | exploit
SHA-256 | e78bb2f18e5c8a09bd4bc2e09df300bcd8466772f61124b02d3646830c2a39cb
Polkit Temporary Authentication Hijacking
Posted Jan 8, 2019
Authored by Jann Horn, Google Security Research

Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.

tags | exploit
SHA-256 | cda12b6164dcf7cc8e7788d38b12813f0f957ff6db104d4bad25b01f47fe046b
Microsoft Windows DSSVC CheckFilePermission Arbitrary File Deletion
Posted Jan 8, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8584
SHA-256 | f54dc03a0548a0bf309514e8238a7332722ced26331dd750eae0f876a0ed3877
ZenPhoto 1.4.14 Cross Site Scripting
Posted Jan 8, 2019
Authored by Zekvan Arslan | Site netsparker.com

ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-20140
SHA-256 | 10fab1ecdb12b992f281934a8923030c443cb6246e70b8221ab99c037bddddea
Red Hat Security Advisory 2019-0036-01
Posted Jan 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0036-01 - Source-to-Image is a tool for building reproducible container images. It produces ready-to-run images by injecting a user source into a container image and assembling a new container image. The new image incorporates the base image and built source, and is ready to use with the "docker run" command. S2I supports incremental builds, which re-use previously downloaded dependencies, previously built artifacts, and more. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
SHA-256 | 7a86f73181e3810ec789e0efe32f394cb8c43b3d70c82e5e4178e6f5cc8a7e6c
Mantis 2.11.1 Cross Site Scripting
Posted Jan 8, 2019
Authored by Omer Citak | Site netsparker.com

Mantis version 2.11.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13055
SHA-256 | 007736d3715949fe6452171a06d4473baa940cdc4a1befb91ceaa5d79be7ad82
Dolibarr ERP-CRM 8.0.4 SQL Injection
Posted Jan 8, 2019
Authored by Mehmet Onder Key

Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0cd579c529c4cdfc92e87078188a90d8b1deb7799e498826ff25224d10f7d825
WordPress MapSVG Lite 3.2.3 Cross Site Request Forgery
Posted Jan 8, 2019
Authored by Rob Skilling

WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a62a696e1371182ff1d03ef33a6c1c775ff3fe79e8c36c980ef390c38d2ba247
CF Image Hosting Script 1.6.5 Privilege Escalation
Posted Jan 8, 2019
Authored by David Tavarez

CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 5eb3a7d3d1fd37031f7881bc3ed9379bf868eb0bc8c46b5d041c307f0fd16f01
UFONet 1.2
Posted Jan 8, 2019
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: New release called Armageddon. Various updates.
tags | tool, web, denial of service, spoof
systems | unix
SHA-256 | 86301d7058a33f23d02f2b9f84ada5e293f8f8d9829367feafacf7d748c1a3b0
Aspose.ZIP For .NET Path Traversal
Posted Jan 8, 2019
Authored by Jaroslav Lobacevski

Aspose.ZIP for .NET was vulnerable to path traversal that allowed an attacker overwriting arbitrary file in a context of running application. The issue was fixed in version 19.1.0.

tags | advisory, arbitrary, file inclusion
SHA-256 | 31da380d7683b8a4824fe47f9bc31ab3816251626abfdac05f7a4da39a2d3275
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close