what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2019-04-01 to 2019-04-02

Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion
Posted Apr 1, 2019
Authored by Google Security Research, Glazvunov

Chrome suffers from a type confusion vulnerability in V8TrustedTypePolicyOptions::ToImpl.

tags | exploit
SHA-256 | 2958cc5bf93c21057e69ef8513bc362f687045e59f2c206cdccd608e727c8e50
WebKitGTK+ ThreadedCompositor Race Condition
Posted Apr 1, 2019
Authored by Google Security Research, Glazvunov

The compositor thread in WebKitGTK+ might alter a FilterOperation object's reference count variable at the same time as the main thread. Then the reference count corruption might lead to a use-after-free condition.

tags | exploit
SHA-256 | bbe17996fb172c1e4eed3095e053f8ed01eb9b918fe81e18dabc0807d4a6f3b7
XNU Unsafe Pidversion Increment During Execve
Posted Apr 1, 2019
Authored by saelo, Google Security Research

XNU has an issue where pidversion increment during execve is unsafe.

tags | exploit
advisories | CVE-2019-8514
SHA-256 | 2828bbb358863a44474238816c7e9b7bd8be56c3e4abd3cbe5d4946a7923e3d0
JavaScriptCore createRegExpMatchesArray Fails To Respect Inferred Types
Posted Apr 1, 2019
Authored by saelo, Google Security Research

JavaScriptCore has an issue where createRegExpMatchesArray does not respect inferred types.

tags | exploit
advisories | CVE-2019-8506
SHA-256 | e3e805d860fc95f3375effbe7e1765bebfec64afa85c31a72c61f81229111064
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution
Posted Apr 1, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2016-3510
SHA-256 | 34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2
SQLMAP - Automatic SQL Injection Tool 1.3.4
Posted Apr 1, 2019
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 7174148df741c7bf30bd090b71781b0f77d5d349c7bbb3c6cdf8e964111c0a0b
Botan C++ Crypto Algorithms Library 2.10.0
Posted Apr 1, 2019
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Added a new certificate store implementation that can access the MacOS keychain certificate store. Add BMI2 implementations of SHA-512 and SHA-3 which improve performance by 25-35% on common CPUs. Various other updates.
tags | library
SHA-256 | 88481997578c27924724fea76610d43d9f59c99edfe561d41803bbc98871ad31
Red Hat Security Advisory 2019-0693-01
Posted Apr 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0693-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.9 will be retired as of March 31, 2020, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 5.9 AMC after March 31, 2020.

tags | advisory
systems | linux, redhat
SHA-256 | 8c0098ce3afd334b71a97ed901af67e012f3ec7320f3d4719dbcdc9aa8d1990a
Ubuntu Security Notice USN-3928-1
Posted Apr 1, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3928-1 - It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-7524
SHA-256 | 3c2320ae6736daa9c795d4a946c97ede8f4726472d37f7d90094b764077a9d2a
Debian Security Advisory 4421-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4421-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5802, CVE-2019-5803
SHA-256 | 804289103c3ef32a6ea538fb368e0326f552c83b98886c6a99dce02e8ec9959a
Debian Security Advisory 4420-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4420-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796
SHA-256 | 4c970eecaec472a377f2971b515b2f12c34c8ef22aab88f39abedb736fd391a0
Debian Security Advisory 4419-1
Posted Apr 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4419-1 - Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.

tags | advisory, php, info disclosure
systems | linux, debian
advisories | CVE-2019-9942
SHA-256 | 65f39fb8b850fd411e14f6fba9aba785289c666dd278cc53224a7db303a3e98c
Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection
Posted Apr 1, 2019
Authored by Mr Winst0n

Fiverr Clone Script version 1.2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1618000c96bf39209ce18caf97a20da2dddd2af874a77c8d5abea7a3f1d90beb
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery
Posted Apr 1, 2019
Authored by Georg Knabl

WordPress Ultimate Member plugin version 2.0.38 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-10673
SHA-256 | 4772d215c378d25e9935476f1ef5390f196f37487b85160372746959794faf06
zStore 1.10 Cross Site Scripting
Posted Apr 1, 2019
Authored by indoushka

zStore version 1.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3139c10cc8dabfa325676ab6215e07820682a40a763796614559aced17d97fad
zipperSNAP 7.0.28 Cross Site Scripting
Posted Apr 1, 2019
Authored by indoushka

zipperSNAP version 7.0.28 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 55fce36109c88d7fd1d8d0636035f9e5812f2aab4f5e1f37c9005eb751eb8a91
zipperSNAP 7.0.28 Directory Traversal
Posted Apr 1, 2019
Authored by indoushka

zipperSNAP version 7.0.28 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 28257744b772433de28fbdabf08696d1384a6e2e6a3ca21c8da2292c4ec0c757
Zeuscart 3.0 User Detail Disclosure
Posted Apr 1, 2019
Authored by indoushka

Zeuscart version 3.0 appears to suffer from a user detail information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | e02d48ccd44b5dddd10aa229cfee4b59a02aa56257c65e8a17425477b415dcbb
SphereFTP 2.0 Denial Of Service
Posted Apr 1, 2019
Authored by Sachin Wagh

SphereFTP server version 2.0 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 50f3fdbd774c2c7cb68de14a98e48b0a15a7c7de2bde80cabcbea75849d4b50e
Classified Ad Lister 2.0 Arbitrary File Upload
Posted Apr 1, 2019
Authored by Mehmet Emiroglu

Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 63542f9d1c1104d0942738c1161df7996e1cf20ff40574c1071e3ef5584f6e3b
Packet Storm New Exploits For March, 2019
Posted Apr 1, 2019
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 205 exploits added to Packet Storm in March, 2019.

tags | exploit
SHA-256 | c93d1b13c676a6a24517848c02f420b5dc6abfa2c8fa2fdf5908d320d76ad119
Page 1 of 1

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By