exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-01-09 to 2019-01-10

Ubuntu Security Notice USN-3850-1
Posted Jan 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
MD5 | f31e765a83742d73f9519be5d73246a3
systemd-journald Memory Corruption / Information Leak
Posted Jan 9, 2019
Authored by Qualys Security Advisory

This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws.

tags | advisory, vulnerability
advisories | CVE-2018-16864, CVE-2018-16865, CVE-2018-16866
MD5 | 5e1ba71c0b7e7dbafebb77bbd2703730
ZTE MF65 BD_HDV6MF65V1.0.0B05 Cross Site Scripting
Posted Jan 9, 2019
Authored by Nathu Nandwani

ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7355
MD5 | 58a06d4dbbbb86fe6727c100da9c4d09
Ampache 3.8.6 Cross Site Scripting
Posted Jan 9, 2019
Authored by Zekvan Arslan | Site netsparker.com

Ampache version 3.8.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 69f79c87e008dff3be4d80a1277357c0
BlogEngine 3.3 XML External Entity Injection
Posted Jan 9, 2019
Authored by Mustafa Yalcin | Site netsparker.com

BlogEngine version 3.3 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-14485
MD5 | 158c165dcd25c8de8be755c65883778b
OrangeForum 1.4.0 Open Redirection
Posted Jan 9, 2019
Authored by Omar Kurt | Site netsparker.com

OrangeForum version 1.4.0 suffers from open redirection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-14474
MD5 | 4de8fa1d010b149048243c3de65f00e7
Red Hat Security Advisory 2019-0040-01
Posted Jan 9, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0040-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-0545, CVE-2019-0548, CVE-2019-0564
MD5 | 859cd5a46a0f3ca739c6a9c1e1c87cc8
Debian Security Advisory 4364-1
Posted Jan 9, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2018-16468
MD5 | 1ac92e51a244345f0cc61b7ed70eaece
WordPress User Registration 1.5.3 Cross Site Scripting
Posted Jan 9, 2019
Authored by Mr Winst0n

WordPress User Registration plugin version 1.5.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 54cd525f334901df9a655277b12b554d
Microsoft Windows Error Reporting Local Privilege Escalation
Posted Jan 9, 2019
Authored by SandboxEscaper

Angry Polar Bear is a Microsoft Windows error reporting privilege escalation exploit.

tags | exploit
systems | windows
MD5 | ee7fca66252eae44b2c5ca2e9081020d
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
Posted Jan 9, 2019
Authored by sajjadbnd

Heatmiser Wifi Thermostat version 1.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | bf3a94692d78a3a7c5485a2e1f6cb691
EstudioNeoFilms / Grupo LosGrobo / IdeaSeven SQL Injection
Posted Jan 9, 2019
Authored by KingSkrupellos

Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.

tags | exploit, web, vulnerability, sql injection
MD5 | f924892391cf79940be495a27d89509b
Google Chrome V8 JavaScript Engine 71.0.3578.98 Denial Of Service
Posted Jan 9, 2019
Authored by Bogdan Kurinnoy

Google Chrome V8 JavaScript Engine version 71.0.3578.98 suffers from a denial of service vulnerability.

tags | exploit, denial of service, javascript
MD5 | c3001fc74087cc36390e2cf67a3cdee9
Microsoft Office SharePoint Server 2016 Denial Of Service
Posted Jan 9, 2019
Authored by Gal Zror | Site metasploit.com

A vulnerability in Microsoft SharePoint Server could allow a remote attacker to make the server unavailable. The vulnerability is a result of the dependency SharePoint has in Microsoft.Data.OData library which was vulnerable to remote DOS.

tags | exploit, remote, denial of service
advisories | CVE-2018-8269
MD5 | 5c064a5afe000a923b1cc0813497efe7
Wifi-soft Unibox 2.x Remote Command / Code Injection
Posted Jan 9, 2019
Authored by Sahil Dhar

Wifi-soft Unibox Controllers versions 0.x through 0.2 suffer from code execution and command injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-3495, CVE-2019-3496, CVE-2019-3497
MD5 | 37a9a3ae4b24d98cdbdcb798c75e9851
MDwiki Cross Site Scripting
Posted Jan 9, 2019
Authored by Evi1m0

MDwiki versions prior to 0.6.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 027a43af292c7cdc3d6004b803c18c0a
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close