exploit the possibilities
Showing 26 - 50 of 105,994 RSS Feed

Files

Microsoft Windows Binary Planting
Posted Mar 18, 2019
Authored by Frederic Bourla

This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.

tags | paper
systems | windows
MD5 | 2610f1f8b017ac3a538d7e379b554592
Debian Security Advisory 4408-1
Posted Mar 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2019-6256, CVE-2019-7314, CVE-2019-9215
MD5 | 425b2b589d0ad63f13c2c1d76cedbb9e
Red Hat Security Advisory 2019-0593-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-16856
MD5 | a237bb27c8dae27ed78040888e43e186
Ubuntu Security Notice USN-3911-1
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-8904
MD5 | a42b0939b032f1ef360d067831515fc8
Red Hat Security Advisory 2019-0580-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-3830
MD5 | 7e644b75b096d36c05109ff05d32869c
Red Hat Security Advisory 2019-0590-01
Posted Mar 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2018-16876
MD5 | 9ced9e836d867662811d99f22eea78e8
libseccomp Incorrect Compilation Of Arithmetic Comparisons
Posted Mar 18, 2019
Authored by Jann Horn, Google Security Research

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.

tags | exploit
MD5 | 527bc24d7a88f082d48938d2aa6fb5c0
Gitea 1.7.3 HTML Injection
Posted Mar 18, 2019
Authored by Anti Rais

Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.

tags | exploit
MD5 | fef0bde612a1a8aa1deaaf4794d240fa
TheCarProject 2 SQL Injection
Posted Mar 18, 2019
Authored by Mehmet Emiroglu

TheCarProject version 2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4798d80d4bad5e0537cc5cd98a477adf
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service
Posted Mar 18, 2019
Authored by Achilles

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.

tags | exploit, denial of service, local
MD5 | 6aa97f12923552790249925f4a0695af
WinMPG Video Convert 9.3.5 Denial Of Service
Posted Mar 18, 2019
Authored by Achilles

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.

tags | exploit, denial of service, local
MD5 | 72f20c22098c1a53d29670207f4b4ca1
WordPress FormCraft 2.0 CSRF / Shell Upload
Posted Mar 18, 2019
Authored by KingSkrupellos

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.

tags | exploit, shell, csrf
MD5 | 34bba172e28c83ea38f0a59db712f769
CSZ CMS 1.2.1 Arbitrary File Upload
Posted Mar 17, 2019
Authored by Mehmet Emiroglu

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | ad2667b2518dc48fc775c2bce95ae340
Ubuntu Security Notice USN-3910-1
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 4c9e16088685e925a3c78db741714aee
Ubuntu Security Notice USN-3910-2
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 90737e4356a35bc59a396e5d7a1d20a2
PHP MySQLi Database Class 2.9.2 SQL Injection
Posted Mar 16, 2019
Authored by Jaroslav Lobacevski

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 91d10b8a3c32ac8a868953e610dcaa2f
Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
MD5 | 3ba74c7641d287a5a1d6cee6bdb0eff5
BMC Patrol Agent Privilege Escalation / Command Execution
Posted Mar 15, 2019
Authored by b0yd | Site metasploit.com

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.

tags | exploit, remote
systems | windows
advisories | CVE-2018-20735
MD5 | 07522a05b37456d4fcb66eb0e429685a
Fujitsu LX901 GK900 Keystroke Injection
Posted Mar 15, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).

tags | advisory
MD5 | be5d36b96d4f2705e625f64190c28a98
VMware Security Advisory 2019-0003
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2019-5513
MD5 | 76f3dac71537e32727ad6ebb2ba40a25
VMware Security Advisory 2019-0002
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.

tags | advisory
advisories | CVE-2019-5511, CVE-2019-5512
MD5 | bd52e07808c7e943f940f78dc5dad784
Moodle 3.4.1 Remote Code Execution
Posted Mar 15, 2019
Authored by Darryn Ten

Moodle version 3.4.1 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-1133
MD5 | bd02c3aeef707232a71ffa986a5773f5
Mail Carrier 2.5.1 Buffer Overflow
Posted Mar 15, 2019
Authored by Joseph McDonagh

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 3e57b4dfb5a6eb123d1fd94288b6eb7e
ICE HRM 23.0 SQL / Iframe Injection
Posted Mar 15, 2019
Authored by Mehmet Emiroglu

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 88f32bcf40b75d3ec675f719b69058c2
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
MD5 | 2221652ee89c73f5809f4205dcbfb0d2
Page 2 of 4,240
Back12345Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close