exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 50 RSS Feed

Files Date: 2019-02-05

WordPress Quiz And Survey Master 6.0.4 Cross Site Scripting
Posted Feb 5, 2019
Authored by Tim Coen

WordPress Quiz and Survey Master plugin version 6.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9575
SHA-256 | 6c3a4a6fc1bf937f0fe35d0b3dd66154e309afefad6d60a1898440a2078b3e3d
Dell EMC VNX2 Family OS Command Injection
Posted Feb 5, 2019
Authored by Dell Product Security Incident Response Team | Site dellemc.com

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudoers, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

tags | advisory, arbitrary, local, root
advisories | CVE-2019-3704
SHA-256 | 8b5e1fd9a35d270ca6343964f334e12ca3745a32f7221231dcc6a0b1feb3acaf
WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection
Posted Feb 5, 2019
Authored by Tim Coen

WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2019-9567, CVE-2019-9568
SHA-256 | d0066137175e8a51ae0f44e2aab4c91a5b689148a43106735176794766c4af7e
Ubuntu Security Notice USN-3881-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-1 - It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
SHA-256 | 81303d55c739f8568896780709c6a639e81aad971c982094aa53db5d0c65afcf
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
Posted Feb 5, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

OSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 8a86e1c888e889e80fd729c0b736244eff54c47bdb299aa960e521037448b570
Red Hat Security Advisory 2019-0275-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0275-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a crash condition.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-20615
SHA-256 | b9c8271df299a7793c1153f0a5cfabd6a01afe5c1302129ec0dc31c90466ee60
Debian Security Advisory 4384-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-6977, CVE-2019-6978
SHA-256 | 185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1b
Ubuntu Security Notice USN-3880-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-2 - USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
SHA-256 | e41eef2f8971b874412e48efd5c8d3f92c9b207977f7cf0a4850da5a80335941
Cisco ISE 2.4.0 XSS / Remote Code Execution
Posted Feb 5, 2019
Authored by Pedro Ribeiro, Dominik Czarnota | Site agileinfosec.co.uk

Cisco Identity Services Engine (ISE) version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided.

tags | exploit, java, remote, code execution, xss
systems | cisco
advisories | CVE-2017-5641, CVE-2018-15440
SHA-256 | 58a983e96b653b64c6753866753ad6fb8ddf6684d26a6ed872f1db56982a7a9f
WordPress WP User Manager 2.0.8 Shell Upload
Posted Feb 5, 2019
Authored by Mr Winst0n

WordPress WP User Manager plugin version 2.0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 29162abcafb73313a966a55d39cfff677f411c94013cab4909f5813bb48da06f
SQLMAP - Automatic SQL Injection Tool 1.3.2
Posted Feb 5, 2019
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates. Implemented support for automatic decoding of page content through detected charset. Added new tampering scripts avoiding popular WAF/IPS mechanisms. May other additions and fixes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 2dccff07b918dac1473f83041c5de4252160e30ec03cf5803288915b91cf65a9
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Posted Feb 5, 2019
Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.

SHA-256 | 1db6ba222abdc5b082764fa5d805d7d6336472632f2f59592bfd7d86a9258d80
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, arbitrary, root, vulnerability, code execution
SHA-256 | f03903593417ad9a2984c1d4dc761bf950c8af14033e2f1aafe9fbc68e21c9c1
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.

tags | exploit, arbitrary
SHA-256 | 1db6ba222abdc5b082764fa5d805d7d6336472632f2f59592bfd7d86a9258d80
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
SHA-256 | f2967595e1e95761f686df141eb557998c5b986b33ad1404aa89b858c95ac284
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera M2.1.6 suffers from an unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
SHA-256 | a60699b7fda8c265f0b238d844b504669d3d4fcd54ded192a975b2a34bc0386f
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.

tags | exploit, remote, arbitrary, cgi, root, code execution
SHA-256 | 7ece4c01e8a0626b1675f616f6834eda99a5d6c9df3da5ad87248e5df5a38acb
devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | ef85c57f56409245d558b8ef33c2fd67c217b4996cab0cd01b97e45870edf390
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
Posted Feb 5, 2019
Authored by Stefan Petrushevski | Site zeroscience.mk

devolo dLAN Cockpit version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | e2ba777c979d93db830ef17b9d5e3b9022f0a6e9f57d0584c41dbda1e007db65
Qkr! With MasterPass Man-In-The-Middle
Posted Feb 5, 2019
Authored by David Coomber

Qkr! with MasterPass suffers from an SSL man-in-the-middle vulnerability. Version 5.0.8 addresses this issue.

tags | advisory
advisories | CVE-2019-6702
SHA-256 | 05797b1faff6dafab46b3c8075ceaa2fc5193c578b6b52cde2f50b384a64f33d
Ubuntu Security Notice USN-3880-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3880-1 - It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568
SHA-256 | eb0ada9fcea297efc352c24bdd5ddeae3d18ba54e2e99898677029db73d54cb5
Ubuntu Security Notice USN-3871-3
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3871-3 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10883, CVE-2018-14625, CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407, CVE-2018-9516
SHA-256 | 1041b56c301afb52ce67b7fd6cc20810a44176e8fb1e082b236d07915a47660a
Ubuntu Security Notice USN-3879-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3879-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, CVE-2018-19824, CVE-2018-20169
SHA-256 | d4c5943e106e709ebaf8cb958548047219fd51242e4b6e55b8450bdf25835215
Ubuntu Security Notice USN-3878-1
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3878-1 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-19854
SHA-256 | 53443e7ab73989a11fa42178ed663148853ae0460bc906e43bd330b74c010761
Ubuntu Security Notice USN-3879-2
Posted Feb 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3879-2 - USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, CVE-2018-19824, CVE-2018-20169
SHA-256 | 3b2d16cc10420bfae074ab35fc894aa0b16179de5f3354dcf218acf4d1e689f7
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close