exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2019-11-14

FusionPBX Operator Panel exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles, Dustin Cobb | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11409
SHA-256 | 38468e6614fd2cb8667101b151bf487ee43e93ccd419b6ad4216f21cee042b1e
FusionPBX Command exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, shell, php
systems | linux, ubuntu
SHA-256 | 9ddc511633ca4524be66e468aa2349e7ebf43ba65883baed79761e3c37b3b7af
FreeSWITCH Event Socket Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).

tags | exploit, local, tcp
systems | linux, windows, ubuntu
SHA-256 | 2af6ba6d2dae98ab9fd3f1dbb8b8f6ec3e20238f5bef67966c656048edd77ffc
Ubuntu shiftfs refcount Underflow / Type Confusion
Posted Nov 14, 2019
Authored by Jann Horn, Google Security Research

Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.

tags | exploit, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-15793
SHA-256 | fc083eb6624e5af7dd882d1267361f52f304c19c1c96a185b84a12e9f221811d
Ubuntu Security Notice USN-4192-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4192-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-12974, CVE-2019-12978, CVE-2019-13295, CVE-2019-13304, CVE-2019-13308, CVE-2019-13391, CVE-2019-15140, CVE-2019-16711
SHA-256 | 2defdd96991ff03edfdcc1ed54efb2e70aac9afd1f1731ca699f45549177d957
Red Hat Security Advisory 2019-3883-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3883-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | d6b0312b84c1d25138e9ba5c37763c18a96f66d2ceb3e3d20368993fe5cd221d
Ubuntu Security Notice USN-4191-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4191-1 - It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Sergej Schumilo, Cornelius Aschermann and Simon Woerner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378, CVE-2019-15890
SHA-256 | aee81e66d46141ffe8a014607d051bd70b2b1232ee96bcb442a1838008da393b
Ubuntu Security Notice USN-4191-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4191-2 - USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378, CVE-2019-15890
SHA-256 | ae017f5886a9bd72e047c3db07423197155e2dbe1d4b843e052ead1516d83a3a
Ubuntu Security Notice USN-4186-3
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4186-3 - USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-16746, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666, CVE-2019-2215
SHA-256 | a22fb499a8eee3d48959f316cc92b99039174e4ec75ff93b2f12800519de703c
Red Hat Security Advisory 2019-3878-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3878-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 890605b78c79a69bdd14cd97414c0776fd7e4b1e425ebbc6845574bc247b430f
Ubuntu Security Notice USN-4185-3
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4185-3 - USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666
SHA-256 | 0943619d6246e8a0cdee4b5acfc1807d3c4914c36a38fbe8ded7be757a4e396b
Ubuntu Security Notice USN-4183-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4183-2 - USN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15791, CVE-2019-15792, CVE-2019-15793, CVE-2019-16746, CVE-2019-17666
SHA-256 | db78d28cd507d49176624aa1c886c5cf61d842620b9c273cac92d9c264a69321
Ubuntu Security Notice USN-4184-2
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4184-2 - USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

tags | advisory, x86, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135, CVE-2019-15098, CVE-2019-15791, CVE-2019-15792, CVE-2019-15793, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056, CVE-2019-17666
SHA-256 | b7e4f5cb2e7a1b61d8abbcf5d64a6bd1b12b10f64ec69db57292af5b7c023804
Red Hat Security Advisory 2019-3877-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3877-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 6434bec05e1334d050e6b8527e8895d289751f44eac634381d6a8704b437b67d
Red Hat Security Advisory 2019-3872-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 524810ebb56f475f231d82e9fb5f6a2461292b14d50c4cd18c64b8047cc622c1
Red Hat Security Advisory 2019-3770-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3770-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the oauth-server container image for Red Hat OpenShift Container Platform 4.2.4. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2019-3889
SHA-256 | 001a5cee0e0f4cf6e8d46ea7b73f748a53b6f5c84a23169350a0d4e02f381ba3
Red Hat Security Advisory 2019-3771-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3771-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the golang-github-prometheus-prometheus container image for Red Hat OpenShift Container Platform 4.2.4. A cross site scripting issue was addressed.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2019-10215
SHA-256 | 6cd003c924904751fa7e1e9c20e7a9196174aa179dd4eb3edbc60d067f2c2483
Red Hat Security Advisory 2019-3873-01
Posted Nov 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3873-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | fc2e085eb133d792f72b40208563ff42f927bd835f6e4b0b68de0d3f7bc16ae5
Ubuntu Security Notice USN-4190-1
Posted Nov 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4190-1 - It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-14498, CVE-2018-19664, CVE-2018-20330, CVE-2019-2201
SHA-256 | 4cf16dc0101a131dafca007e4d605c50be567c6122d9ec55f5bc2f8547768ac5
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
Posted Nov 14, 2019
Authored by Noman Riffat

Xfilesharing versions 2.5.1 and below suffer from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
advisories | CVE-2019-18951, CVE-2019-18952
SHA-256 | 16eaecb6c750d7e90a4058c28407241f37dbcaf9b7c7b2b1e799b21776afb5ec
oXygen XML Editor 21.1.1 XML Injection
Posted Nov 14, 2019
Authored by Pablo Santiago

oXygen XML Editor version 21.1.1 suffers from an XML external entity injection vulnerability.

tags | exploit
SHA-256 | ecf168f5280157ada4955304be9f8936cd276ddb9b875238d2065784e1a87a20
SMPlayer 19.5.0 Buffer Overflow / Denial Of Service
Posted Nov 14, 2019
Authored by Malav Vyas

SMPlayer version 19.5.0 suffers from a buffer overflow vulnerability that can trigger a denial of service condition.

tags | exploit, denial of service, overflow
SHA-256 | d2080d79b568f000262f147d44280502d68ba82583ba9ed9efaa56d401694b7f
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close