what you don't know can hurt you
Showing 51 - 75 of 27,452 RSS Feed

Vulnerability Files

Joomla BreezingForms 1.9.0 Database Disclosure / SQL Injection
Posted Feb 11, 2019
Authored by KingSkrupellos

Joomla BreezingForms version 1.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 7943f915b1cbe49c75909c8ae1ec9523
WebKitGTK+ / WPE WebKit Memory Corruption / Code Execution
Posted Feb 11, 2019
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution. Multiple versions are affected.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234
MD5 | a72f52417cb554c8235929474eaed26a
IPFire 2.21 Cross Site Scripting
Posted Feb 8, 2019
Authored by Ozer Goker

IPFire version 2.21 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 75abfd5574dfd7e833680aac9c79042d
Apple Security Advisory 2019-2-07-1
Posted Feb 8, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | apple, ios
advisories | CVE-2019-6223, CVE-2019-7286, CVE-2019-7287, CVE-2019-7288
MD5 | ed3aa2ea9a8143e4941c2fae30b17f61
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
Posted Feb 8, 2019
Authored by Rafael Pedrero

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2009-3903, CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427
MD5 | 1dc32512f9bf470a0aa2faaf5bd63f2d
SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
Posted Feb 8, 2019
Authored by Rafael Pedrero

SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421
MD5 | a47c5206828796cf3e2e422be90d87fa
Apple Security Advisory 2019-2-07-3
Posted Feb 7, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-2-07-3 - Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities.

tags | advisory, vulnerability, info disclosure
systems | apple, ios
advisories | CVE-2019-7289, CVE-2019-7290
MD5 | f8403109d411196a3673f3ceda924d25
Debian Security Advisory 4386-1
Posted Feb 7, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4386-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
MD5 | 0b5291ca75b37da8828dd930b9951035
osCommerce 2.3.4.1 SQL Injection
Posted Feb 6, 2019
Authored by Mehmet Emiroglu

osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 8fea5cf7d607b45bbf0739919ed24e08
Skia Buffer Overflow
Posted Feb 6, 2019
Authored by Ivan Fratric, Google Security Research

Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | db5ddb42f112cdaac1ac2d70bcdebc9a
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a45930f318c3daf72f829b4afa303a37
WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection
Posted Feb 5, 2019
Authored by Tim Coen

WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2afe6529f7b9766f6122210d9142937e
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
Posted Feb 5, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

OSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | 7d8dfcb6bbea4a458be7237a76e44121
Debian Security Advisory 4384-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-6977, CVE-2019-6978
MD5 | 2d023cb3c984583f2c891fe07f43d4ac
Ubuntu Security Notice USN-3880-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
MD5 | 487a306925c7e670db035236bdf205f4
SQLMAP - Automatic SQL Injection Tool 1.3.2
Posted Feb 5, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates. Implemented support for automatic decoding of page content through detected charset. Added new tampering scripts avoiding popular WAF/IPS mechanisms. May other additions and fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | b9e8559cf071037f2344a0160a237897
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, arbitrary, root, vulnerability, code execution
MD5 | f23f6c76299553ece645020b9e371c87
Ubuntu Security Notice USN-3879-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, CVE-2018-19824, CVE-2018-20169
MD5 | 7d67540e48e386ac0d76ffd1bd9f7fbe
Ubuntu Security Notice USN-3871-4
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3871-4 - USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10883, CVE-2018-14625, CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407, CVE-2018-9516
MD5 | 36d11c033b19812d05a44d2b48c6688b
Red Hat Security Advisory 2019-0265-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0265-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include open redirection and other vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-14574, CVE-2018-7536, CVE-2018-7537
MD5 | 4365e7d5957ed74698d42c4ed284dda8
Debian Security Advisory 4383-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4383-1 - Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-6307
MD5 | 9d556a5a042cb152144c37fd812f564d
WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload
Posted Feb 5, 2019
Authored by KingSkrupellos

WordPress Ultimate-Member plugin version 2.0.38 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | f61b91a24dc98849236a6c36c3e9540e
Joomla Jumi 3.0.5 Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla Jumi component version 3.0.5 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 891d58fadcc2e9f34fca96f7a92cc2fe
Joomla JoomLeague 2.x Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla JoomLeague component version 2.x suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 6681d25f45fcae62008771934b0df4a1
Joomla RedShop 2.0.0.3 Database Disclosure / SQL Injection
Posted Feb 5, 2019
Authored by KingSkrupellos

Joomla RedShop component version 2.0.0.3 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | eeab626142b50fe01dccd2eceaa362c5
Page 3 of 1,099
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    15 Files
  • 21
    Feb 21st
    17 Files
  • 22
    Feb 22nd
    12 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close