exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 361 RSS Feed

Files Date: 2019-04-01 to 2019-04-30

SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Posted Apr 19, 2019
Authored by Tavis Ormandy, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).

tags | exploit, arbitrary, root
systems | linux, fedora
advisories | CVE-2010-4170
SHA-256 | 57d955347310170d1a380dba46ef41462b10f297e733fec17201a3831094af3b
Atlassian Confluence Widget Connector Macro Velocity Template Injection
Posted Apr 18, 2019
Authored by Dmitry Shchannikov, Daniil Dmitriev | Site metasploit.com

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). Confluence before version 6.6.12, from version 6.7.0 before 6.12.3, from version 6.13.0 before 6.13.3 and from version 6.14.0 before 6.14.2 are affected.

tags | exploit, java, remote, code execution
systems | linux, windows
advisories | CVE-2019-3396
SHA-256 | f4c247f9a9679d32c545b710244463bf290d04f611d0ecce6a6427fde7c101ef
Ubuntu Security Notice USN-3950-1
Posted Apr 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3950-1 - It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9917
SHA-256 | 5fb5e38bcebcd5886bfe640b23b9a72b51a271df222d4ca60853a577cc65e6f7
Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference
Posted Apr 18, 2019
Authored by Fakhri Zulkifli

Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2018-16517
SHA-256 | ff620ab5ba2592c8b398b205c5304425b2dc0cefbfddb320a4cc1c881ace45ea
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
Posted Apr 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.

tags | exploit, shell, vulnerability, sql injection
SHA-256 | 95106466679de2024b9e4469f4bb9b8acabf974bb4ab6e9e3cbc9623f7471fd4
Evernote 7.9 Path Traversal / Code Execution
Posted Apr 18, 2019
Authored by Dhiraj Mishra

Evernote version 4.9 suffers from a path traversal that can allow for code execution.

tags | exploit, code execution, file inclusion
advisories | CVE-2019-10038
SHA-256 | b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805
Redacted Report On The Investigation Into Russian Interference In The 2016 Presidential Election
Posted Apr 18, 2019
Authored by Special Counsel Robert S. Mueller III | Site justice.gov

Released 2019/04/18 by the United States Justice Department, this is the Report On The Investigation Into Russian Interference In The 2016 Presidential Election. This is the redacted version.

tags | paper
SHA-256 | 5c935e422d05d47906729ef7caf3b86f48acddacce16f57440f0d2541b9de70b
OpenSSH 8.0p1
Posted Apr 18, 2019
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Various bug fixes and updates.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68
Slackware Security Advisory - libpng Updates
Posted Apr 18, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-14048, CVE-2018-14550, CVE-2019-7317
SHA-256 | b4b4ff26daa8f526e4c76b925e9cc0e3c2f76e411f39dbcfe285ebe048d92080
LibreOffice Macro Code Execution
Posted Apr 17, 2019
Authored by Alex Infuhr, Shelby Pace | Site metasploit.com

This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.

tags | exploit, arbitrary
advisories | CVE-2018-16858
SHA-256 | 1dbac9bc01a0968e5bd4defcfd3239c6f9cf90dfee38c29c3ff6560e99041d79
Gentoo Linux Security Advisory 201904-19
Posted Apr 17, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.

tags | advisory, root, vulnerability
systems | linux, gentoo
advisories | CVE-2019-3814, CVE-2019-7524
SHA-256 | ce3244367b87fcc80f3c1b30e2cd4f8e11bb766839c1f9b30ca32d7fdfb24186
Red Hat Security Advisory 2019-0782-01
Posted Apr 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362
SHA-256 | 112695995622cdf7982b5f45e341346c6fb131743373fd9b1ae6014aa1e901cf
Gentoo Linux Security Advisory 201904-18
Posted Apr 17, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-18 - A vulnerability in libseccomp allows for privilege escalation. Versions less than 2.4.0 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2019-9893
SHA-256 | 64c1326aba6403a74d274fc18185006fe5f5afbae867aee8378ac38680d7a2d1
Ubuntu Security Notice USN-3914-2
Posted Apr 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
SHA-256 | 208c409ec12a3be377bfbf3abfb46eedd2b6704c6b56af1b820f340b4d82ca5c
Gentoo Linux Security Advisory 201904-17
Posted Apr 17, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000156, CVE-2018-6951, CVE-2018-6952
SHA-256 | f611d1465ff71c629377f0a946b29349fec276e2a4cc800e95134e1952531f7a
Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption
Posted Apr 17, 2019
Authored by Google Security Research, mjurczyk

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts.

tags | exploit, java
advisories | CVE-2019-2698
SHA-256 | 3c3d35dfc5426eaa61ae91b3e754f6e09c909445eb2f9484504d724fdedd1db5
Oracle Java Runtime Environment sc_FindExtrema4 Heap Corruption
Posted Apr 17, 2019
Authored by Google Security Research, mjurczyk

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library.

tags | exploit, java
advisories | CVE-2019-2697
SHA-256 | cc1fdb072ca05f2a5b04c3cb9301fdc0fce66245b901c57e61aba6f76f5054ec
OAMbuster Multi-Threaded CVE-2018-2879 Scanner
Posted Apr 17, 2019
Authored by redtimmysec | Site github.com

OAMbuster is a multi-threaded exploit for CVE-2018-2879.

tags | exploit
advisories | CVE-2018-2879
SHA-256 | b68302c74939716ec55aa081bbd6419f01985352ca4eb583f4c9417195876784
Red Hat Security Advisory 2019-0778-01
Posted Apr 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0778-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a slow conversion of BigDecimal to long.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2602, CVE-2019-2684
SHA-256 | 5396f45bea3eb627c49258ab5c0f3243ea17dadc19e1cff73a3d79b2fa5fafbe
Red Hat Security Advisory 2019-0775-01
Posted Apr 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0775-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2602, CVE-2019-2684, CVE-2019-2698
SHA-256 | df87c0ca20994cd8b674294e7f0975316462269c1e290da4858ed6b852bad9ee
Red Hat Security Advisory 2019-0774-01
Posted Apr 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0774-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2602, CVE-2019-2684, CVE-2019-2698
SHA-256 | 05356c5064fc4c8320d6377262fbc8e7390666bc1448496fc0e517de3bdc1ade
Debian Security Advisory 4433-1
Posted Apr 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4433-1 - Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, ruby
systems | linux, debian
advisories | CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325
SHA-256 | e3199047134c8bcfe7382ed803154e3f50c1ae57b7e6b37aef6f86cfedc00a6d
Debian Security Advisory 4432-1
Posted Apr 17, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4432-1 - Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-3835, CVE-2019-3838
SHA-256 | 51784f8be1c1e386af3b69b6266e3d0c02983e49cdfd148d34f4341856f0003c
Ubuntu Security Notice USN-3918-4
Posted Apr 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-4 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9791, CVE-2019-9793, CVE-2019-9799, CVE-2019-9803, CVE-2019-9808
SHA-256 | 5b4f9b2b76b002e143884e0796cad669d48126daf811297c19395adffd7ed1c4
DHCP Server 2.5.2 Denial Of Service
Posted Apr 17, 2019
Authored by Victor Mondragon

DHCP Server version 2.5.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 60761f6a7cd8f8932e61462c57456faaef43add0623b17e39ba208e5aac27e5a
Page 5 of 15
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close