exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 361 RSS Feed

Files Date: 2019-04-01 to 2019-04-30

Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting
Posted Apr 26, 2019
Authored by Cisco Talos, Carl Hurd | Site talosintelligence.com

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

tags | exploit, web, cgi, javascript, code execution, xss
advisories | CVE-2018-4065
SHA-256 | 843062931f3d85ff42aac061fbc4007b19a65b2deb3e53ce1c161532a0586172
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
Posted Apr 26, 2019
Authored by Cisco Talos, Carl Hurd | Site talosintelligence.com

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

tags | exploit, web, cgi
advisories | CVE-2018-4064
SHA-256 | 03dc48edf642f79b31afeae22c3d7656aa0c1b7af7fa4437850772c1cd927437
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection
Posted Apr 26, 2019
Authored by Cisco Talos, Jared Rittle, Carl Hurd | Site talosintelligence.com

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2018-4061
SHA-256 | af5b23fa20f418a3ae4846c607a1b417e1e10c46d2de2f3be018020bcadeb4d2
Pycat Simple Windows Reverse TCP backdoor
Posted Apr 26, 2019
Authored by Daniel Moreno

Pycat is a simple Windows reverse TCP backdoor akin to a netcat TCP reverse connection clone. Written in Python.

tags | tcp, python
systems | windows
SHA-256 | 87c525e44512dcd47cc0d652b9ad377f81a2997c6ac650b9f0346ac0b7e1c508
Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting
Posted Apr 26, 2019
Authored by Dhiraj Mishra

Apache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-0186
SHA-256 | bc0a3e0163f2496ba695cd031c4936411fb61ecb6d3dd26b359fcdc291d07788
GAT-Ship Web Module Unrestricted File Upload
Posted Apr 26, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.

tags | advisory, web, file upload
advisories | CVE-2019-11028
SHA-256 | 29b659482027b40950b1a55c4531b6749375a0bdfd8e2c1ecbc694deaca21696
NSauditor 3.1.2.0 Name Denial Of Service
Posted Apr 26, 2019
Authored by Victor Mondragon

NSauditor version 3.1.2.0 Name denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | b45728985b980ab332a9c0066bf7ba8f9e7789f8d7efa96c6d4d13b4c4ca0152
NSauditor 3.1.2.0 Community Denial Of Service
Posted Apr 26, 2019
Authored by Victor Mondragon

NSauditor version 3.1.2.0 Community denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 4a1ef16e2621b86e79559a9f688df31ba3a101c21e9fc34cd25db04ca9b4052a
systemd DynamicUser SetUID Binary Creation
Posted Apr 25, 2019
Authored by Jann Horn, Google Security Research

This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact.

tags | exploit
advisories | CVE-2019-3844
SHA-256 | 064bbdd76f48df03346ba02e71f7b8230c92792ac615692d64f9d04ec97b425c
Lavavo CD Ripper 4.20 Buffer Overflow
Posted Apr 25, 2019
Authored by Achilles

Lavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 3983b9f05d055c78f6849eb93d3fb1883efee5a082c670dbddbea041819ff59e
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Posted Apr 25, 2019
Authored by Ozkan Mustafa Akkus

osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | a3a0c940e3990234b185e1da84523131a41176574735f7fdcd88b7bd105ca85a
Ubuntu Security Notice USN-3956-1
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3956-1 - It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service, tcp
systems | linux, ubuntu
advisories | CVE-2018-5743
SHA-256 | 3d24ed0e149890bba90071f8a75a8241b8ac0de8924929c8af98c07861a6b0c0
Ubuntu Security Notice USN-3955-1
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3955-1 - It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-14938
SHA-256 | 6cf5a53ec29be9040d1801329f4f20f949f71d9d030b7c6df3a273f9ac45bd7c
Ubuntu Security Notice USN-3922-3
Posted Apr 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
SHA-256 | 803a4bbada6ca25b99730a60e87bb2e4bd4ffb9f3b9c099cee7b2e025aff543b
Red Hat Security Advisory 2019-0886-01
Posted Apr 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0886-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6 and 7.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-0223
SHA-256 | 51ee6ce89ffa1483a5ec9d03a365dbe195147c06ea7b02816c74f69960f40146
Gentoo Linux Security Advisory 201904-25
Posted Apr 25, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-25 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.0-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-20815, CVE-2019-9824
SHA-256 | b8ef2d5b31853634154b8d8df5f413eb259a7fcf09e7c186b608a5ad6e3aad61
Gentoo Linux Security Advisory 201904-24
Posted Apr 25, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-24 - Multiple vulnerabilities have been found in Ming, the worst of which could result in a Denial of Service condition. Versions less than 0.20181112 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-9988, CVE-2017-9989, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6358, CVE-2018-6359
SHA-256 | 89fc4c461140c0c378a047021c889a873387afdd57d749af13dc04ddb3fedb14
JioFi 4G M2S 1.0.2 Denial Of Service
Posted Apr 25, 2019
Authored by Vikas Chaudhary

JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2019-7439
SHA-256 | bfb318c7283d8c93cf9ad2a4ebed7e3340ee93cda24996f05d110932ada60d32
JioFi 4G M2S 1.0.2 Cross Site Scripting
Posted Apr 25, 2019
Authored by Vikas Chaudhary

JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-7438
SHA-256 | a76563a625e94df0efd3181bfd88a48c5d42ad331df04f77b53be95efc39a591
Backup Key Recovery 2.2.4 Denial Of Service
Posted Apr 25, 2019
Authored by Victor Mondragon

Backup Key Recovery version 2.2.4 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | fda5aaec9e849b7ef551fa6227f43b87a963b19943f7a75d681f96e9b8db2be9
HeidiSQL Portable 10.1.0.5464 Denial Of Service
Posted Apr 25, 2019
Authored by Victor Mondragon

HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | fde7b9d442a468d221f6586a17c488a893198703baa9d9cfc49c3e636abd98f0
AnMing MP3 CD Burner 2.0 Denial Of Service
Posted Apr 25, 2019
Authored by Achilles

AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 78466ee8b720a5ba53c6f0f8d1341df659ae685fbd0dc8043428a21c726da7c8
TestSSL 3.0rc5
Posted Apr 25, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 will not be supported anymore once 3.0 has been released.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 6118f08b88c0075f39820296f0d76889165dd67e64dbfdfd1104d6d122a938c9
Chrome NewFixedDoubleArray Integer Overflow
Posted Apr 24, 2019
Authored by Google Security Research, Glazvunov

Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray.

tags | exploit, overflow
SHA-256 | fee96039860fbbb8b9bf0114df077f357a98c9c049396724d0575314295ee4e5
Red Hat Security Advisory 2019-0877-01
Posted Apr 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1000180, CVE-2018-1067, CVE-2018-10862, CVE-2018-10894, CVE-2018-10912, CVE-2018-1114, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362
SHA-256 | 5a770a9e44f952c4dbd8ebcd0a5a7da0c0737d9f710ca712c6c037e86137438f
Page 2 of 15
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close