exploit the possibilities
Showing 1 - 25 of 7,753 RSS Feed

Web Files

Debian Security Advisory 4391-1
Posted Feb 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4391-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18356, CVE-2019-5785
MD5 | ae5044944624c06ea62f2b3d6e4c4b75
Red Hat Security Advisory 2019-0348-01
Posted Feb 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0348-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.142. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-7090
MD5 | 240caee5b698727e594858c3553de7ed
CA Privileged Access Manager Information Disclosure / Modification
Posted Feb 13, 2019
Authored by Kevin Kotas, Bob Brust | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manager. A vulnerability exists that can allow a remote attacker to access sensitive information or modify configuration. CA published solutions to address the vulnerabilities. CVE-2019-7392 describes a vulnerability resulting from inadequate access controls for the components jk-manager and jk-status web service allowing a remote attacker to access the CA PAM Web-UI without authentication. Affected versions include 3.2.1 and below, 3.1.2 and below, and 3.0.x releases.

tags | advisory, remote, web, vulnerability
advisories | CVE-2019-7392
MD5 | 62e102837dc764a13b22e6ff9411499e
Nokia 8810 Denial Of Service
Posted Feb 13, 2019
Authored by Kaustubh G. Padwad

A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.

tags | exploit, remote, web, denial of service, code execution
advisories | CVE-2019-7386
MD5 | 3634f2043d52856b3dc8fee6e53be5da
Ubuntu Security Notice USN-3889-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-6212
MD5 | 13b47ad83ec48720409f49c0385d5369
Red Hat Security Advisory 2019-0315-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
MD5 | 37af4fadd68586d2c557578b4aa96179
CentOS Web Panel 0.9.8.763 Cross Site Scripting
Posted Feb 12, 2019
Authored by DKM

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
systems | linux, centos
advisories | CVE-2019-7646
MD5 | 65d33120e280a9e636a124ec0ff6a60f
Microsoft Excel .SLK Payload Delivery
Posted Feb 12, 2019
Authored by Stan Hegt, Carter Brainerd, Pieter Ceelen | Site metasploit.com

This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.

tags | exploit, web
MD5 | 94d9c996172414156065a8ee4e017837
Red Hat Security Advisory 2019-0309-01
Posted Feb 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0309-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5761, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5771, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781
MD5 | 3121ab5441e39be58b3ed8ee75189d5f
Indusoft Web Studio 8.1 SP2 Remote Code Execution
Posted Feb 11, 2019
Authored by Jacob Baines

Indusoft Web Studio version 8.1 SP2 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
advisories | CVE-2019-6543, CVE-2019-6545
MD5 | cada8abc8cc2c69b59c84d5039d2b6f7
SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
Posted Feb 8, 2019
Authored by Rafael Pedrero

SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421
MD5 | a47c5206828796cf3e2e422be90d87fa
Red Hat Security Advisory 2019-0212-01
Posted Feb 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0212-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2018-11627
MD5 | 6577192796db1ab307a7960b52e49ff6
NUUO NVRmini upgrade_handle.php Remote Command Execution
Posted Feb 7, 2019
Authored by Berk Dusunur, numan turle | Site metasploit.com

This Metasploit module exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.

tags | exploit, web, php
advisories | CVE-2018-14933
MD5 | 82e2720684ff38edfa0d4244f5b84680
Red Hat Security Advisory 2019-0275-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0275-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a crash condition.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-20615
MD5 | b1f23ecb1e474d5a9bce8d47f5d0672a
SQLMAP - Automatic SQL Injection Tool 1.3.2
Posted Feb 5, 2019
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates. Implemented support for automatic decoding of page content through detected charset. Added new tampering scripts avoiding popular WAF/IPS mechanisms. May other additions and fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | b9e8559cf071037f2344a0160a237897
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 2eed9bbda22111e9816aab55c98c6681
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | e852b2c1f1bcfd701b84be2ef2d46252
Red Hat Security Advisory 2019-0265-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0265-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include open redirection and other vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-14574, CVE-2018-7536, CVE-2018-7537
MD5 | 4365e7d5957ed74698d42c4ed284dda8
Debian Security Advisory 4376-1
Posted Jan 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4376-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 4f6aa00ae290ef84a9bacd66a05ee470
Red Hat Security Advisory 2019-0218-01
Posted Jan 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0218-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 472c1e9e4e6475993b99796d2537e4bb
Red Hat Security Advisory 2019-0219-01
Posted Jan 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0219-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 119e1b6a27103d046f02037acf1a4063
CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting
Posted Jan 24, 2019
Authored by Marc Nimmerrichte | Site sec-consult.com

CA Automic Workload Automation Web Interface versions 12.0, 12.1, and 12.2 suffer from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2019-6504
MD5 | 94f61cf33cb702f316eb5e02642c1426
CA Automic Workload Automation 12.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ken Williams, Marc Nimmerrichte | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Automic Workload Automation Automic Web Interface (AWI). A vulnerability exists that can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. The vulnerability has a medium risk rating and concerns insufficient output sanitization, which can allow an attacker to potentially conduct persistent cross site scripting (XSS) attacks. Versions 12.0, 12.1 and 12.2 are affected.

tags | advisory, web, xss
advisories | CVE-2019-6504
MD5 | 7a2927d39fb28bb1d5fe04e9edcc54d3
Cisco RV320 Command Injection
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1652
MD5 | cafb4ced2f3eab94923ea85bcfb23157
Cisco RV320 Unauthenticated Diagnostic Data Retrieval
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 91a2e5f5865089a09b9294c78db4dd79
Page 1 of 311
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    31 Files
  • 15
    Feb 15th
    10 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close