what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2019-11-15

Faraday 3.9.3
Posted Nov 15, 2019
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed unicode error when exporting vulns to CSV. Added vuln attributes to CSV. Fixed hostname parsing and add external ID to Qualys plugin.
tags | tool, rootkit
systems | unix
SHA-256 | ebdc5e55d3ddb75e805e16f7f15ec82c6fbf3f0bbc5e9b5df8c6c8290f0dc6c3
FreeRadius 3.0.19 Logrotate Privilege Escalation
Posted Nov 15, 2019
Authored by Wolfgang Hotwagner

FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use.

tags | exploit
advisories | CVE-2019-10143
SHA-256 | b1530adb048264dc55962092b5838c2dd92892b9cb06e495e7eec72711ab01ef
Raritan CommandCenter Secure Gateway Cross Site Scripting
Posted Nov 15, 2019
Authored by Okan Coskun, Alp Hisim

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fb82d6a6a5fcfdb0c98c5ca5755246bc0e4e73ea60db5fe5cfd714ae4a41030d
Raritan CommandCenter Secure Gateway XML Injection
Posted Nov 15, 2019
Authored by Okan Coskun, Faruk Unal

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from an XML external entity injection vulnerability. A remote unauthenticated attacker may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts by using this vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2018-20687
SHA-256 | d36bb1d62f7027f3eb89783eaa7976f6ef38f3f825ebed9433772ee4d2a64e59
TP-Link Archer VR300 1 Cross Site Scripting
Posted Nov 15, 2019
Authored by Okan Coskun, Halil Ari

TP-Link Archer VR300 version 1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d755fac29b30e955d8e053dc02aa5c6042f6a62b5bc904c57f5242de99873035
WordPress Social Photo Gallery 1.0 Remote Code Execution
Posted Nov 15, 2019
Authored by Prestigia Seguridad

WordPress Social Gallery plugin version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-14467
SHA-256 | bbe844100afc7fc347c3541effe85c9a4537bc9b409cfe30a235d907352a6c5e
c0c0n 2020 Call For Papers
Posted Nov 15, 2019
Site is-ra.org

The c0c0n 2020 Middle East call for papers has been announced. It will take place June 15th through the 18th, 2020 at the St. Regis in Abu Dhabi.

tags | paper, conference
SHA-256 | be01899210382405d9d5da8b0e0fed33327e4fd0108067490e6f176ae60e4cec
Centraleyezer Shell Upload
Posted Nov 15, 2019
Authored by Omayr Zanata

Centraleyezer suffers from a remote shell upload vulnerability.

tags | advisory, remote, shell, file upload
advisories | CVE-2019-12271
SHA-256 | bc09fddb5d076496f0d59495eef17f0532cc279c9de1f6f8b7f3efba56124ba8
Kamerka 2.0
Posted Nov 15, 2019
Authored by woj-ciech

Kamerka is an OSINT tool that builds an interactive map of cameras, printers, tweets, and photos leveraging Flickr, Instagram, Shodan, and Twitter.

tags | tool
systems | unix
SHA-256 | 88a3fe6de6a1c3017fe9a78646ade0fa944a4da08f3a6ef686ccd4fc0f5c708a
iOS mediaserverd Integer Overflow Sandbox Escape
Posted Nov 15, 2019
Authored by Google Security Research, Ian Beer

iOS suffers from a sandbox escape vulnerability due to an integer overflow in mediaserverd.

tags | exploit, overflow
systems | ios
SHA-256 | 2b4a9f24dc9fb9fa02db02c8a4e93a710241e3d12f49d9ae097344a6df912908
Red Hat Security Advisory 2019-3892-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2017-15095, CVE-2017-17485, CVE-2018-1000850, CVE-2018-11307, CVE-2018-1131, CVE-2018-11775, CVE-2018-11796, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-8009, CVE-2018-8034, CVE-2019-0201, CVE-2019-0204, CVE-2019-10173, CVE-2019-14860, CVE-2019-16869, CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
SHA-256 | d033b077fbe5857e973c9773a4c3ebbcdddde8391b77c6d861aa36baf37bde9f
Ubuntu Security Notice USN-4194-1
Posted Nov 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4194-1 - Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-3466
SHA-256 | 49e9162083c95fde49d6cabf5e1324a20ce51e5f237f4ac4b89994beb11fc306
Red Hat Security Advisory 2019-3890-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3890-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14869
SHA-256 | 58ec058b8047ee0b0d0f8f0f056d3b3821ac2c69406e95aed3edae8d848446a2
Ubuntu Security Notice USN-4193-1
Posted Nov 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4193-1 - Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14869
SHA-256 | e4b5e355b02180c8af5057b89aa4d74148e0c2a725d6ea57faf2278975e06a71
Red Hat Security Advisory 2019-3888-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3888-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14869
SHA-256 | 0bc732a6ed8b9ae3ced97fe444effa027c0a0845e450e26198df2d74b5a0b169
Red Hat Security Advisory 2019-3889-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3889-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write vulnerability was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 84f73c26bb629a1bbaeb8cd241c7633beff29735b63cd8382c4bd754a003a7d0
Red Hat Security Advisory 2019-3887-01
Posted Nov 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3887-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An arbitrary kernel memory write vulnerability was addressed.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2019-0155
SHA-256 | 9ab632ed83bbabd23d67d2fd5c9c984382c8bc06cc07fd1d01578bb99eb07cd0
Shrew Soft VPN Client 2.2.2 Unquoted Service Path
Posted Nov 15, 2019
Authored by D.Goedecke

Shrew Soft VPN Client version 2.2.2 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 135678976944a39c4dbe26959a6578f3305757c2dd1d93b888dd1b35cd1aa468
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close