what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Root Cause Of The CVE-2019-0808 Kernel Privilege Escalation
Posted Mar 14, 2019
Authored by 360 Core Security | Site blogs.360.cn

This is a write up detailing the root cause of the kernel privilege escalation vulnerabilities Microsoft patched on March 12, 2019.

tags | exploit, kernel, root, vulnerability
advisories | CVE-2019-0808
MD5 | 8520f0c9a26e0a2ded5a338ad6ac17cd

Related Files

nt!_SEP_TOKEN_PRIVILEGES Single Write EoP Protection
Posted Apr 21, 2017
Authored by Kyriakos Economou

This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.

tags | paper, kernel
MD5 | 30228610ed457bed8670b8f3dcfdd1b6
Seagate GoFlex Remote Shell
Posted Nov 15, 2015
Authored by Anarchy Angel

This is a write up on how to grab a remote shell on Seagate GoFlex home network storage systems.

tags | exploit, remote, shell
MD5 | aabe947b7070ac4365b2318cedd32182
Office 365 Account Hijacking
Posted Feb 27, 2014
Authored by Gery Oei

This is a write up that discusses the Office 365 account hijacking via a known cookie re-use flaw with additional information.

tags | exploit
MD5 | 0414bcec1097656fc124290c2afe1cf0
Exploiting glibc __tzfile_read Integer Overflow To Buffer Overflow And Vsftpd
Posted Dec 13, 2011
Authored by Ramon de C Valle | Site rcvalle.com

This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.

tags | paper, overflow
MD5 | 761eafe34246bc9609dce3ba94413dea
CVE Checker 3.0
Posted Apr 12, 2011
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: MySQL is now supported. Watchlists have been added.
tags | vulnerability
systems | unix
MD5 | ac94c661c820a3a60fc4be28c23a5cc0
Apache Tomcat 7.0.11 Information Disclosure
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.

tags | advisory, web
advisories | CVE-2011-1475
MD5 | 085e762a7d40dcfa9a273b6855555f99
Apache Tomcat 7.0.11 Security Constraint Bypass
Posted Apr 6, 2011
Authored by Mark Thomas | Site tomcat.apache.org

A regression in the Apache Tomcat version 7.0.11 fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.

tags | advisory, web
advisories | CVE-2011-1183
MD5 | 0980425b255a7636cac825013b841b85
Apache Tomcat Security Constraint Bypass
Posted Mar 16, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a security constraint bypass vulnerability. When a web application was started, @ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. Versions 7.0.0 through 7.0.10 are affected.

tags | advisory, web, bypass
advisories | CVE-2011-1088
MD5 | 3e29d8f14872b74458314b7472e8c8ae
Apache Archiva 1.3.3 Cross Site Scripting
Posted Feb 16, 2011
Authored by Brett Porter | Site archiva.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.

tags | advisory, arbitrary, javascript
advisories | CVE-2011-0533
MD5 | 5c36aceb17edc3187785dac6f101face
Apache Continuum Cross Site Request Forgery
Posted Feb 10, 2011
Authored by Brett Porter | Site continuum.apache.org

Apache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.

tags | advisory, csrf
advisories | CVE-2010-3449
MD5 | 2bd9d355e5cecdbba70d5b3f29382f8d
Apache Continuum Cross Site Scripting
Posted Feb 10, 2011
Authored by Brett Porter | Site continuum.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.

tags | advisory, arbitrary, javascript
advisories | CVE-2011-0533
MD5 | 09e317e35e26263a626c5d31513d7a74
Apache Tomcat Denial Of Service
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.

tags | advisory, web
advisories | CVE-2011-0534
MD5 | cf333be8a534d8e8100eaef2213d881e
Apache Tomcat Local Bypass
Posted Feb 5, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from a local bypass a of Security Manager file permissions. Versions from 7.0.0, 6.0.0 and 5.5.0 are affected.

tags | advisory, local
advisories | CVE-2010-3718
MD5 | 107b271fcf16f33e14987e888121d6d1
Apache CouchDB Cross Site Scripting
Posted Jan 31, 2011
Authored by Jan Lehnardt | Site couchdb.apache.org

Apache CouchDB versions 0.8.0 through 1.0.1 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2010-3854
MD5 | d0d3d927bcc86a3954a1f823c24627bf
CVE Checker 2.0
Posted Dec 2, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This release includes the ability to scan changed/added files rather than the entire system, a command that helps to generate version matching rules, and a new switch to report vulnerabilities of software versions that are higher than the software versions you have on your system.
tags | vulnerability
systems | unix
MD5 | 1d52797e80a5c7ec547f421f3d9f0209
Apache Tomcat Manager Cross Site Scripting
Posted Nov 23, 2010
Authored by Mark Thomas | Site tomcat.apache.org

The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.

tags | advisory, xss
advisories | CVE-2010-4172
MD5 | 315a8036e67802e9c0704e15dd03fd12
CVE Checker 1.0
Posted Oct 4, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: A few small error handling and buffer overflow problems were fixed.
tags | vulnerability
systems | unix
MD5 | f065dac607eb7ef7f7554bc74ad09efb
Linux Kernel pktcdvd Kernel Memory Disclosure
Posted Sep 29, 2010
Authored by Jon Oberheide

Linux kernel versions prior to 2.6.36-rc6 pktcdvd kernel memory disclosure exploit.

tags | exploit, kernel
systems | linux
advisories | CVE-2010-3437
MD5 | bd262a32a99c96cc365a054ad47cdf65
CVE Checker 0.6
Posted Sep 11, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: Reporting performance was improved tremendously for recent SQLite libraries. Reporting on found software, regardless of it matching a CVE entry, was added, and quite a few bugs were fixed.
tags | vulnerability
systems | unix
MD5 | 0e7c5d0504b2ddc2e069ee1d3e0b7edd
CVE Checker 0.5
Posted Sep 3, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: The tool should now build properly on NetBSD and FreeBSD (although more user experience here is still welcome). This release introduces a cvereport command (example output can be found at the project site), and has lowered its initial dependency requirements. pullcves now only loads the CVE XML changes in the database, rather than iterating across all CVE XML entries.
tags | vulnerability
systems | unix
MD5 | d6c5e5538ebcc6e87a24a1ff70d38942
CVE Checker 0.4
Posted Aug 26, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This release includes internal project files reorganization (more to the liking of the GNU autoconf/automake standards), fixes a database leak bug, and introduces a slightly more intelligent pullcves command (with multiple return code behavior to improve automation efforts). All documentation has been updated, and a pullcves manual page has been added.
tags | vulnerability
systems | unix
MD5 | 83ec8494760832e1e391601aa0a612e7
CVE Checker 0.3
Posted Aug 21, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: Cleanups in the CSV output have been made, and a few sample reporting files have been added. This release fixes a few bugs in file matching support and adds --no-check-certificates to the wget command.
tags | vulnerability
systems | unix
MD5 | 1de655f957214c0c9da92df1fadce655
Apache CouchDB Cross Site Request Forgery
Posted Aug 17, 2010
Authored by Jan Lehnardt | Site couchdb.apache.org

Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.

tags | advisory, web, arbitrary, javascript, csrf
MD5 | 65d8869788216e6c830f5184962e2e09
CVE Checker 0.2
Posted Aug 17, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This release fixes ./configure to fail when sqlite3 or libconfig isn\'t present. It fixes make to support make install. It fixes compiler warnings on size_t usage.
tags | vulnerability
systems | unix
MD5 | 10d25a36b8ae26465de794551a8fd3c8
Apache Tomcat Remote Denial Of Service / Information Disclosure
Posted Jul 10, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from denial of service and information disclosure vulnerabilities. Versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
advisories | CVE-2010-2227
MD5 | c6c324200350deaf9fdba926a4f1be01
Page 1 of 4
Back1234Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    14 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    10 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close