exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 353 RSS Feed

Files Date: 2019-10-01 to 2019-10-31

Ubuntu Security Notice USN-4171-1
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4171-1 - Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user. This could be used by a local attacker to possibly crash Apport or have other unspecified consequences. Sander Bos discovered a race-condition in Apport during core dump creation. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Various other issues were also addressed.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2019-11481, CVE-2019-11482, CVE-2019-11483, CVE-2019-11485, CVE-2019-15790
SHA-256 | 414c77c1efcd581bccb93eb38f2173989c5cd936f5639b87bd9d281606c00e45
Ansvif 1.12
Posted Oct 30, 2019
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This is a bugfix release to ansvif. Many things were tweaked and fixed since the last version, but no real functionality has changed.
tags | tool, fuzzer
systems | unix
SHA-256 | b1ab3d738d61d727cce3db2834c74e0d3f9d64dd23f7c1d305ccd92c05839223
Red Hat Security Advisory 2019-3255-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3255-01 - Heketi provides a RESTful management interface that can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will automatically determine the location for bricks across the cluster, making sure to place bricks and its replicas across different failure domains. Heketi also supports any number of GlusterFS clusters, allowing cloud services to provide network file storage without being limited to a single GlusterFS cluster.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-3899
SHA-256 | dedb851428a54d9ccf67f8fbfcc2929ffa91dcb5d8801c33e85cab12d4bea8a9
iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure
Posted Oct 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P suffer from an unauthenticated and unauthorized live stream disclosure vulnerability when get_jpeg script is called.

tags | exploit
SHA-256 | 2527c2f23c073d2297e68ff7e40a00e0d9b7718b04646a0169d6462b16fd1c31
Red Hat Security Advisory 2019-3253-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3253-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-10197
SHA-256 | e618919ed776649dfce281b1c564622323d2d94f2b50f4885029fcdb324b1c6d
JavaScriptCore GetterSetter Type Confusion
Posted Oct 30, 2019
Authored by saelo, Google Security Research

JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.

tags | exploit
advisories | CVE-2019-8765
SHA-256 | f8e60930397de757314b85c289c63228a5b19761b6793d77e58b54ffc9aab262
Ubuntu Security Notice USN-4170-1
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4170-1 - Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-11484
SHA-256 | 6fac85dce2731913253b710497a95e001fbe05954d7fe2840f6f78e566c0ef81
Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) Null Free Shellcode
Posted Oct 30, 2019
Authored by Daniel Ortiz

47 bytes small Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) null free shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 5126a940c58c7f5f3299183cf28243ed1ac37a3f18ff919c6188dec22e23f309
Citrix StoreFront Server 7.15 XML Injection
Posted Oct 30, 2019
Authored by Vahagn Vardanya

Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.

tags | exploit
SHA-256 | 179c0d1aea2e1a88c424e879d0658af19c0726c2fbf5308693fd30506d076ec8
Ubuntu Security Notice USN-4169-1
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4169-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-18408
SHA-256 | 49e751148e79baf76e691a3db5344f7464dfb778c39475e930265e4cc7492926
WMV To AVI MPEG DVD WMV Converter 4.6.1217 Denial Of Service
Posted Oct 30, 2019
Authored by Nithoshitha S

WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8beb518893d841f080cf953c404ca650f462bddc06447c5f6a5f61191e6b8233
Red Hat Security Advisory 2019-3245-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3245-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include unbounded memory growth.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-9512, CVE-2019-9514
SHA-256 | 7109fee70b5637b2e5b176db11d56b0ba3ba07ab6e791ed8ede3d1dad2c562b9
Red Hat Security Advisory 2019-3244-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3244-01 - This release of Red Hat Fuse 7.4.1 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14860
SHA-256 | 472947f2afb495f3a83c7d81d41d1b56610b9d58b5a704ac0bab74c68c04f27d
Ubuntu Security Notice USN-4167-2
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4167-2 - USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Various other issues were also addressed.

tags | advisory, remote, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-10218, CVE-2019-14847
SHA-256 | b5fb0142cc993c986386d3ffec9da13cd0602f1b07d4c30053d11a3bbcb90d49
Red Hat Security Advisory 2019-3239-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3239-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-1002100, CVE-2019-11249, CVE-2019-11253
SHA-256 | 5b03eefa48a154f9b334fb50aaeaa5c76a0250f458dd00c3dbcd0d7dc1edc068
Red Hat Security Advisory 2019-3238-01
Posted Oct 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3238-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-0503, CVE-2018-0504, CVE-2018-0505
SHA-256 | 33861b64c541b1dcaea4a8cd365910f372ddebcb9b10e3707a44ab96149e0bd5
Ubuntu Security Notice USN-4168-1
Posted Oct 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4168-1 - It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12290, CVE-2019-18224
SHA-256 | cf79bda79ca9397f2b33a211436016b37be02011ced052fcfc31479870124c25
Red Hat Security Advisory 2019-3231-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3231-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. BR/EDR encryption key negotiation attacks were addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9506
SHA-256 | 0b33abbdc0dd8f4ec7681bafd3c911f22d3a31437bc7b269d62e13b0d0acac22
Red Hat Security Advisory 2019-3222-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3222-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Out-of-bounds read and state injection vulnerabilities have been addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-15686, CVE-2018-16866
SHA-256 | 577451cf310db1a48ba0a694b200718a00ae7476608a14cab9a14f1716ea0098
Red Hat Security Advisory 2019-3225-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3225-01 - Java Security Services provides an interface between Java Virtual Machine and Network Security Services. It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. The OCSP policy Leaf and Chain implicitly trusts the root certificate.

tags | advisory, java, root, protocol
systems | linux, redhat
advisories | CVE-2019-14823
SHA-256 | 92309c773d0f38d49d3989c3f56a76f97d63d4f27ca885241749a73dccceafaf
Ubuntu Security Notice USN-4167-1
Posted Oct 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4167-1 - Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Simon Fonteneau and Bjoern Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
SHA-256 | ef19bb6d0495cb9e8b6742c4abe83117b6c43a9bc24e0152f873865b854071c3
Ubuntu Security Notice USN-4166-2
Posted Oct 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4166-2 - USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11043
SHA-256 | 22ce5d9536099a62be238f172d1aa7be1a8a0dd24d9ff596e34568e558b800ad
Craft CMS Rate Limiting / Brute Force
Posted Oct 29, 2019
Authored by Mohammed Abdul Raheem

Craft CMS versions up to 3.1.7 are missing rate limiting on password validations.

tags | exploit
advisories | CVE-2019-15929
SHA-256 | e26079a4a65a4669c9d8c5046a323f66dfea3ad1774ae2ef65e4b26a2599bda8
WordPress 5.2.4 Cross Origin Resource Sharing
Posted Oct 29, 2019
Authored by Milad Khoshdel

WordPress version 5.2.4 fails to validate an origin header.

tags | exploit
SHA-256 | 3221b6e70ffc3ec1c88a8712fb1a47505186d32fb600ff75143ab8214bae1b44
Red Hat Security Advisory 2019-3232-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3232-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-19788
SHA-256 | 9257b343607816b0b98f99e027b4fe3185a66876aedc5f1ee5ce31a4b6ae9211
Page 1 of 15
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close