exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-05-08

Ubuntu Security Notice USN-3971-1
Posted May 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3971-1 - Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting attacks. Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2019-11454, CVE-2019-11455
SHA-256 | 59df87c397347da7a08470d5538a62ec94fe38b4bb428fd192e85b173d298c35
Linux/x86 execve /bin/sh Shellcode
Posted May 8, 2019
Authored by Rajvardhan

20 bytes small Linux/x86 execve /bin/sh shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 31a2c43fd439c5d7bc541e9c1b71463958758c334d675cd7ab929cc856150d92
Lotus Domino 8.5.3 EXAMINE Stack Buffer Overflow
Posted May 8, 2019
Authored by Charles Truscott

Lotus Domino version 8.5.3 EXAMINE stack buffer overflow exploit with DEP and ASLR bypass. This is a working version of the NSA's EMPHASISMINE exploit.

tags | exploit, overflow
advisories | CVE-2017-1274
SHA-256 | 59befea17a3b6d734bfeddbc6a540eba7507f7d5048fb12835d4751acde3c387
Chrome 72.0.3626.119 FileReader Use-After-Free
Posted May 8, 2019
Authored by Clement LECIGNE, timwr, Istvan Kurucsai | Site metasploit.com

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.

tags | exploit, arbitrary, x86, javascript, shellcode
systems | windows
advisories | CVE-2019-5786
SHA-256 | 60039dc761905e4a2ed93286404ec19777dfd73ef434ef8a80431ab28e2ebbc1
D-Link DWL-2600AP Upgrade Firmware Command Injection
Posted May 8, 2019
Authored by Raki Ben Hamouda

D-Link DWL-2600AP suffers from an authentication OS command injection vulnerability via the upgrade firmware functionality.

tags | exploit
SHA-256 | 2b43ebd36262c907295458d0fbffb9ad9c579e3ca23e48f233d31f60a550e9f1
D-Link DWL-2600AP Save Configuration Command Injection
Posted May 8, 2019
Authored by Raki Ben Hamouda

D-Link DWL-2600AP suffers from an authentication OS command injection vulnerability via the save configuration functionality.

tags | exploit
SHA-256 | 0d25650c608f75fb59295c695a56713f2c323d2f971c6f6256459fa302310b3a
Red Hat Security Advisory 2019-1116-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1116-01 - OVMF is an EDK II based project to enable UEFI support for Virtual Machines. The ovmf package contains a sample 64-bit UEFI firmware for QEMU and KVM, including the edk2 package. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-12180
SHA-256 | 43f4f10f58faad85172e9739bdffb7d8aa480b8a8fcf2fa6620c86d59ece1bda
Ubuntu Security Notice USN-3970-1
Posted May 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3970-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-3839
SHA-256 | 552509d215e0eb4130a78ff300dd832d8847473f0907e12125e56da80c282b27
Red Hat Security Advisory 2019-1046-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1046-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed relate to a speculative execution vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 641d97d1f6dd3b4917b0928457d6f5445185b235d120f414bb77ea83f14f84fc
Red Hat Security Advisory 2019-1107-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1107-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14642, CVE-2018-14720, CVE-2018-14721, CVE-2019-3805, CVE-2019-3894
SHA-256 | 80d392549592df0d3648a41edbe6f03cb21e2f0e4cde93f299d3e5a09e087415
Red Hat Security Advisory 2019-1108-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1108-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14642, CVE-2018-14720, CVE-2018-14721, CVE-2019-3805, CVE-2019-3894
SHA-256 | 39ebf04e2cd56b743d8a3ff8fd6cdf412cf96ee2ea7d51c35b3077ac6f829854
Red Hat Security Advisory 2019-1106-01
Posted May 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1106-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14642, CVE-2018-14720, CVE-2018-14721, CVE-2019-3805, CVE-2019-3894
SHA-256 | 41d2db304156761fdbf12167d29fe1538e7185923616f68b356302ec873b1aaf
Debian Security Advisory 4438-1
Posted May 8, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4438-1 - Denis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-11365, CVE-2019-11366
SHA-256 | 19ad0b8f7ac480a316c9fb32992335c656459fd7a97c6bae813f7512d816be09
Extreme Sistemas CMS SQL Injection
Posted May 8, 2019
Authored by Felipe Andrian Peixoto

Extreme Sistemas CMS versions as of 2019/05/08 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1001d2a36f72f1f65ccbe6c24d2f3a5ce58450789d9876cfbadab510a6bd331b
WordPress Diarise 1.5.9 Local File Disclosure
Posted May 8, 2019
Authored by Felipe Andrian Peixoto

WordPress Diarise theme version 1.5.9 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | e9d7a272293b61c36c6eb6f9706f33b141e15fca5c0fcc01049b542fa9ebebde
MiniFtp parseconf_load_setting Buffer Overflow
Posted May 8, 2019
Authored by strider

MiniFtp suffers from a parseconf_load_setting buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 82ca8b5b40f1f6d1a12555d12fcada66722c069ddce73beb75e236b63b434383
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close