exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2019-02-12 to 2019-02-13

Android Binder VMA Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability in VMA via a race between reclaim and munmap.

tags | exploit
advisories | CVE-2019-1999
SHA-256 | 30e7b19cade88138c58960f0d7e5f5b18ba1d4a346ffb29b3faf11ceb745b600
Android Binder fdget() Optimization Use-After-Free
Posted Feb 12, 2019
Authored by Jann Horn, Google Security Research

Android binder suffers from a use-after-free vulnerability via fdget() optimization.

tags | exploit
advisories | CVE-2019-2000
SHA-256 | e1809748df02c9d09d6f4feddfb033fdc2a0eee3d38b0c8d9099f338a04d4eed
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79
Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
SHA-256 | 108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063a
Red Hat Security Advisory 2019-0324-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-18397
SHA-256 | eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0c
Red Hat Security Advisory 2019-0315-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
SHA-256 | dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918
Debian Security Advisory 4377-2
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
SHA-256 | 04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75
CentOS Web Panel 0.9.8.763 Cross Site Scripting
Posted Feb 12, 2019
Authored by DKM

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
advisories | CVE-2019-7646
SHA-256 | 363a981e5d0b6820f7dbde5f83a8e9b84e0cc2a0208e369d24a824efdd7dd5ee
LayerBB 1.1.2 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

LayerBB version 1.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 702c64ef6a0d830cae9f5467564cef670bd29d35be3a0a60bcd6a840fb550c9f
BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution
Posted Feb 12, 2019
Authored by Dustin Cobb

BlogEngine.NET version 3.3.6 suffers from code execution and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, file inclusion
advisories | CVE-2019-6714
SHA-256 | e49280b62c0fab022834f64d848d66c34f0be69807c773aa5c6000bf8eead37e
Joomla ZCalendar Zap Calendar 4.4.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ZCalendar Zap Calendar version 4.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0fd178b31648f3260452ba672ccfd7a94ebc42604baf12da7d46688879a39c6b
Joomla WordPress Blog 4.8.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f23d0cf4071ad835fc57ff9482cc094ed174de476687030b773d1f1d64132f26
Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 49477a24bf923b15d7a1fa08ddc92a230dc8d16473c7b84812942e3253b3e04e
Joomla PhocaGuestBook 3.0.8 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | ff3ed0f4f6b454abdcb15666e6a1492409e1946ba2cf91ede9b57a8366956184
Joomla Mosets Hot Property 1.0.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7e0f599e2a5ac00ba05dcfd0954c7ad84f620009dbd2dc1879f788236ebf35e1
Joomla JoomGallery 3.2.2 / PonyGallery 2.5.1 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 67a774b08d7de877c935eac6bfa362b3adaa01b872550253e50478960fa34e27
Joomla ExtCalendar 2.0 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f1ddc09174aefaf7e7e70d98ddd545b17e5a8103c4059ebb61ae539c02af0ebc
Joomla BookLibrary 4.0.31 Database Disclosure / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 666573b06f3b684ec2602cb6e3a8267107b0d14b8d72d5580802d755724fd52a
Joomla Agora 4.10 Bypass / SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 5ee466b9276f596647b1cb303df250caa5a3b0c0b515c80a0250a2e313c4457f
Joomla ABook Alexandria Book Library 3.1.4 SQL Injection
Posted Feb 12, 2019
Authored by KingSkrupellos

Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e87de497e1bf652b6ade3c24668df4261df02eb3e949f4b1f9f1eb1d4eb165e6
Debian Security Advisory 4389-1
Posted Feb 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.

tags | advisory, overflow, arbitrary, protocol
systems | linux, debian
advisories | CVE-2018-20340
SHA-256 | e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8
Jenkins 2.150.2 Remote Command Execution Via Node JS
Posted Feb 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.

tags | exploit, root
SHA-256 | 8ea53be5af0483c2c3d30fcac65026e3a286197d419ceee4de6b5bf2f1cabbcc
Microsoft Excel .SLK Payload Delivery
Posted Feb 12, 2019
Authored by Stan Hegt, Carter Brainerd, Pieter Ceelen | Site metasploit.com

This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.

tags | exploit, web
SHA-256 | 7a0ea0738d43606ec6870e46a4249dfcb5578f826120fe39781d750879c33d98
Webiness Inventory 2.3 SQL Injection
Posted Feb 12, 2019
Authored by Mehmet Emiroglu

Webiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7938902c9f301faa0f8de8e0dcb408f4f33880e0a27f737835c8243f972462d6
MyBB Bans List 1.0 Cross Site Scripting
Posted Feb 12, 2019
Authored by 0xB9

MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 95a8b1f2cfa7e437a276bbabdb00d7498620ef5483e38eeeb1eeecad3491dba5
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close