what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2019-05-22 to 2019-05-23

Debian Security Advisory 4448-1
Posted May 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4448-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820
SHA-256 | d89f01da812aa3a226285e5880b87cf7b169f13f720a9c99ad5b79d20fac0109
Ubuntu Security Notice USN-3993-2
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-5436
SHA-256 | fc1e90e6b6f384b445a2dd01f2878f8c9d5c81c233eef28840bdc119fb3c14f5
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
Posted May 22, 2019
Authored by Benjamin Hess | Site syss.de

Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2019-11875
SHA-256 | 6135a2b9c51d5180a54bad7920ef8a1809f6efa7effd249711a4d0fd4afccc24
Ubuntu Security Notice USN-3992-1
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-8595
SHA-256 | 322076f25e741c70254f1a1b19ff39d72373752fcd85275434a1bdf43a4bc12a
Ubuntu Security Notice USN-3993-1
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-5435, CVE-2019-5436
SHA-256 | 0b745cdea1e32adf422a20edd455b2e23f046fdb5325d7492534a73649ba4733
Slackware Security Advisory - mozilla-firefox Updates
Posted May 22, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 54768d3786da9a2bf719b2c29ee76ef588285a54890fb08494ce5c350362701f
Ubuntu Security Notice USN-3566-2
Posted May 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783, CVE-2019-11036
SHA-256 | 67095f2f9ac768e4785669b65b3795e6353f1c9dc900546602720afd985c34ec
Red Hat Security Advisory 2019-1260-01
Posted May 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-10745, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947
SHA-256 | 05618523951e266d43a52069da1f0ba34d7ea40ab7b10ec9fbdc045f2a7608d6
Red Hat Security Advisory 2019-1259-01
Posted May 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-0757, CVE-2019-0820, CVE-2019-0980, CVE-2019-0981
SHA-256 | 88adbd50131e2a099da28f4661da4264afaab14abbf4ed24b5194139431d2b90
Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write
Posted May 22, 2019
Authored by SandboxEscaper

Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.

tags | exploit, arbitrary, proof of concept
systems | windows
SHA-256 | 0fa856233177fd157eb0c17568447c14846e7a88d108dd0d1cfae0edd06e078a
TapinRadio 2.11.6 Denial Of Service
Posted May 22, 2019
Authored by Victor Mondragon

TapinRadio version 2.11.6 Address denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | c54a6bc5658ebe3b595abc06038eced3cd4485aeef06b677bb0c2a54a295998f
BlueStacks 4.80.0.1060 Denial Of Service
Posted May 22, 2019
Authored by Alejandra Sanchez

BlueStacks version 4.80.0.1060 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | d7d8c980ea4548ffdfa45c26f69335fb4266eb00f211f84ef5f1ef2be78055c8
RarmaRadio 2.72.3 Username / Server Denial Of Service
Posted May 22, 2019
Authored by Victor Mondragon

RarmaRadio version 2.72.3 Server and Username proof of concept denial of service exploits.

tags | exploit, denial of service, proof of concept
SHA-256 | 2cf8d4616810f4b556f2b5373539dd423691b70ced181f173f2626ba41bc0b11
WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery
Posted May 22, 2019
Authored by KingSkrupellos

WordPress Inkblot Theme version 4.9.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b687cfe4c04f5d0895d41768d61c886605acfa0816f14424c3379413d173ca9f
WordPress Memphis Documents Library 3.9.19 Cross Site Request Forgery
Posted May 22, 2019
Authored by Mr Winst0n

WordPress Memphis Documents Library plugin version 3.9.19 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0337424caad277a5c8d581ece302b14e037057f2794e244be4ef799782b2a61c
Zoho ManageEngine ServiceDesk Plus Privilege Escalation
Posted May 22, 2019
Authored by Enter Of VinCSS

Zoho ManageEngine ServiceDesk Plus versions prior to 10.5 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2019-12252
SHA-256 | fb4fb0ce251b10d8ce122d04d7196984c16b1a0b477a902ab72b78e87d6cc803
Zoho ManageEngine ServiceDesk Plus 9.3 Cross Site Scripting
Posted May 22, 2019
Authored by Enter Of VinCSS

Zoho ManageEngine ServiceDesk Plus version 9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12189
SHA-256 | a921286c05e37173064be732c7132cf490d45492be6a3e66d5c8610ed97043df
FreeBSD rtld execl() Privilege Escalation
Posted May 22, 2019
Authored by stealth, Kingcope | Site metasploit.com

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.

tags | exploit, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2009-4146, CVE-2009-4147
SHA-256 | b7d2e9a938e3bd3e306735ac30c5547fb5873fe1a798d291f7cd437bdee37ad0
Mac OS X Feedback Assistant Race Condition
Posted May 22, 2019
Authored by timwr, CodeColorist | Site metasploit.com

This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.

tags | exploit, remote, root, code execution
advisories | CVE-2019-8565
SHA-256 | 177b5b62a07b473da68dffff7f74c282ae90ad2e298981c9578046603f9e403a
Shopware createInstanceFromNamedArguments PHP Object Instantiation
Posted May 22, 2019
Authored by mr_me, Karim Ouerghemmi | Site metasploit.com

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2017-18357
SHA-256 | 663b17e7e771b4cd3b76f4e9be53f77eb788f99d74c6047ec270aeb991f94fd8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close