exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 289 RSS Feed

Files Date: 2019-12-01 to 2019-12-31

phpMyChat-Plus 1.98 Cross Site Scripting
Posted Dec 22, 2019
Authored by Chris Inzinga

phpMyChat-Plus version 1.98 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fc3081ae14700d148fbfe6106238355f1443347a2834aa030d24342487f9f5c5
Microsoft Windows 10 BasicRender.sys Denial Of Service
Posted Dec 21, 2019
Authored by Victor Portal Gonzalez

Microsoft Windows 10 BasicRender.sys denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | windows
SHA-256 | 4fbb7848a946c49a91a49b3f117ad384417e81c96ae67382d1dc8559b366ef0b
Debian Security Advisory 4590-1
Posted Dec 21, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2019-19783
SHA-256 | 7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664
Red Hat Security Advisory 2019-4344-01
Posted Dec 21, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4344-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-12155, CVE-2019-14378
SHA-256 | e11ac502d606e1134718d23388fd9668d8b17fde716bcede8c211a3ae676b634
Slackware Security Advisory - wavpack Updates
Posted Dec 20, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540, CVE-2018-19840, CVE-2018-19841, CVE-2018-6767, CVE-2018-7253, CVE-2018-7254
SHA-256 | 9cefb5e15aa67fbfa341c9f107fa051a63541401c64efa56a9eaf3dd2adda9cd
FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read
Posted Dec 20, 2019
Authored by Google Security Research, natashenka

FaceTime suffers from an out-of-bounds read vulnerability in _RSU_DecodeByteBuffer.

tags | exploit
advisories | CVE-2019-8830
SHA-256 | fa09fd95c1d80107456b04a936a43a4bc80318ba53f17a4669d03b5c70a1f8d0
Stegano 0.9.8
Posted Dec 20, 2019
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Stegano is now using poetry. Minor improvements to the command line.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | 1be08a9fa0e4420e7fbf7a6e4dc82ff60fe268cf858651939df92c55faf58cda
Atlassian Confluence Man-In-The-Middle
Posted Dec 20, 2019
Authored by Atlassian

Atlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.

tags | advisory
advisories | CVE-2019-15006
SHA-256 | 210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027
Red Hat Security Advisory 2019-4237-01
Posted Dec 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4237-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass and man-in-the-middle vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2019-14845
SHA-256 | 3ef3ef43c36441eb0a3d42185d73d3c7abdeea9f1d0fa06b1391b2681245eed3
Faraday 3.10.0
Posted Dec 19, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Now uses Python 3 instead of Python 2 in the Faraday Server. Added ability to manage agents with multiple executors. Tons of other additions and fixes.
tags | tool, rootkit
systems | unix
SHA-256 | f88f90111c84943c54ed30508e7ed962f3a207f681d0bc65500e35b684eb105b
Deutsche Bahn Ticket Vending Machine Privilege Escalation
Posted Dec 19, 2019
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Deutsche Bahn Ticket Vending Machine suffers from a local kiosk privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 5971c4b58a7d2afbacc5c158f98dd5c786a8afaecb525b550f4c00f11d324b13
Red Hat Security Advisory 2019-4358-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4358-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. An issue was addressed where the credentials API allowed non-admin users to list and retrieve all users credentials.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19687
SHA-256 | 8d64a15f8acd37509d405de1e4329f96f3110df713ea6216a2650682dc3e0346
Red Hat Security Advisory 2019-4356-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4356-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1387
SHA-256 | 75b2c23f16e2c56c47dd13c644fc7c0898bd6dcca7a91807c78a3eb2563846dc
Red Hat Security Advisory 2019-4357-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4357-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-19337
SHA-256 | 881de3defb7584bf97a9132a154940789ab184d3390211d15fe49e902e793ca6
Red Hat Security Advisory 2019-4353-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4353-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-19337
SHA-256 | 01e632f693290194f6decf41d319edc3180d561f66612a7500d6101d952f0ec1
Red Hat Security Advisory 2019-4326-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4326-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-18397
SHA-256 | b9d0915061cf43dbc1453ef5fd0fb6b2e6ebe01cf43682aaa4f4195f863c6394
Red Hat Security Advisory 2019-4341-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4341-01 - An issue was resolved where Red Hat Quay stored robot account tokens in plain text.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10205
SHA-256 | cb4d46e0c022d28e2017f6f2cb80a4bc9bde13c8bc9b0a6bf487ad588d84fe19
Red Hat Security Advisory 2019-4352-01
Posted Dec 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4352-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. Issues addressed include code execution, deserialization, and information leakage vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-0201, CVE-2019-10173, CVE-2019-12384, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
SHA-256 | f1533a79e96cd3429ddc8bf06dda73bd15b59ba3b3f8b62bdccf40e56138d887
Debian Security Advisory 4589-1
Posted Dec 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4589-1 - It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3467
SHA-256 | 81ed36fc1bdd6f0fc5538e25cf7ea4ef12558378dee24e75461bf5406b3f57fa
Ubuntu Security Notice USN-4224-1
Posted Dec 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4224-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-19844
SHA-256 | 2d00245a2e8b66cfc557ff1fb2cb66b61f72d82bf26c36911ca948106d412ecb
FTP Navigator 8.03 Denial Of Service
Posted Dec 19, 2019
Authored by Chris Inzinga

FTP Navigator version 8.03 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | df3768f34ad2879950a542bf6b7bf11a46a78c179afceef9114fda2622373ff6
Don't Break The Door, The Key Is Under The Doormat
Posted Dec 19, 2019
Authored by Gerard Fuguet

Whitepaper called Don't Break The Door, The Key Is Under The Doormat.

tags | paper
SHA-256 | e7e4105f7c52ed138e43edf0a901c3125fc58e88375089f39ed0a16c487ff549
GRR 3.4.0.1
Posted Dec 18, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: GRR server debian package now has to be installed on Ubuntu 18. UpdateClient flow fixed for Ubuntu clients. A number of bugfixes and minor enhancements for YARA memory scanning.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | e1d8aa30b0752b40b74b2efba69dadd6ce0fe317780edf2cce36273f9106f43a
Wireshark Analyzer 3.2.0
Posted Dec 18, 2019
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: This is the last release branch with official support for Windows 7 and Windows Server 2008 R2. Many improvements have been made.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 4cfd33a19a454ff4002243e9d04d6afd64280a109a21ae652a192f2be2b1b66c
Microsoft UPnP Local Privilege Elevation
Posted Dec 18, 2019
Authored by bwatters-r7, hoangprod, NCC Group | Site metasploit.com

This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first (CVE-2019-1405) uses the UPnP Device Host Service to elevate to NT AUTHORITY\LOCAL SERVICE. The second (CVE-2019-1322) leverages the Update Orchestrator Service to elevate from NT AUTHORITY\LOCAL SERVICE to NT AUTHORITY\SYSTEM.

tags | exploit, local, vulnerability
advisories | CVE-2019-1322, CVE-2019-1405
SHA-256 | 2b0831d90d0d3308c8fa7b290f260d2b523e84eb9e91f7f255d05dc7617c32f1
Page 3 of 12
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close