what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-07-12

Linux/x86 chmod 666 /etc/passwd / /etc/shadow Shellcode
Posted Jul 12, 2019
Authored by Xavier Invers Fornells

61 bytes small Linux/x86 chmod 666 /etc/passwd and chmod 666 /etc/shadow shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 4ec34454d2a15a5707726a311258a81f29cac15bb8923a1070f411e5d6e08437
Ubuntu Security Notice USN-4054-1
Posted Jul 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss, csrf
systems | linux, ubuntu
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
SHA-256 | efed5f9ddc3684e7f863dc8438c5a72e1a0114838f1748ce7426e214fd501234
Debian Security Advisory 4480-1
Posted Jul 12, 2019
Site debian.org

Debian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.

advisories | CVE-2019-10192, CVE-2019-10193
SHA-256 | 65dd8cba6f290b367d6f7ca9efcb0cd49d4224ec758499a300c2b6b8b4471acb
Xymon useradm Command Execution
Posted Jul 12, 2019
Authored by Brendan Coles, Markus Krell | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.

tags | exploit, web, arbitrary
systems | linux, debian
advisories | CVE-2016-2056
SHA-256 | 56921faf23d84d68f64c70045561cd00f989f797c3579b3de87eae4139a3e53c
Debian Security Advisory 4480-1
Posted Jul 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-10192, CVE-2019-10193
SHA-256 | 65dd8cba6f290b367d6f7ca9efcb0cd49d4224ec758499a300c2b6b8b4471acb
Debian Security Advisory 4479-1
Posted Jul 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.

tags | advisory, web, denial of service, arbitrary, spoof, xss, info disclosure, csrf
systems | linux, debian
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
SHA-256 | 4787823e0c09d05400e7a707e0726a8e7e912bf644dadb7904a67a608c966456
Red Hat Security Advisory 2019-1763-01
Posted Jul 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1763-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811
SHA-256 | 8816b0144ad4343383afa8284e26adb7629a9a83576574f817a6bf1a2e2913fb
Asterisk Project Security Advisory - AST-2019-003
Posted Jul 12, 2019
Authored by Joshua Colp, Francesco Castellano | Site asterisk.org

Asterisk Project Security Advisory - When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.

tags | advisory
advisories | CVE-2019-13161
SHA-256 | 246c916e8473ad9977ca8cf7ccf517b1947e0129d38290e5c1324a1d4ffccacd
Asterisk Project Security Advisory - AST-2019-002
Posted Jul 12, 2019
Authored by George Joseph, Gil Richard | Site asterisk.org

Asterisk Project Security Advisory - A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.

tags | advisory
advisories | CVE-2019-12827
SHA-256 | 010df218382c8c6f9a78c9061e3536194945ef6df1d39848696e8e06f23b6f47
Sitecore 9.0 Rev 171002 Cross Site Scripting
Posted Jul 12, 2019
Authored by Owais Mehtab

Sitecore version 9.0 rev 171002 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-13493
SHA-256 | fa20a9066f47b1efc386dca15a6e3fb0366d3cd110e4414a6fab320e3653acfc
SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow
Posted Jul 12, 2019
Authored by xerubus

SNMPc Enterprise Edition versions 9 and 10 suffer from a mapping filename buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-13494
SHA-256 | a29935022d759a5b2f2621adbfd4116ff7aa170f62f6681df37596aed50afd8d
Scapy Packet Manipulation Tool 2.4.3rc3
Posted Jul 12, 2019
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: Release candidate 3 for 2.4.3. Various updates.
tags | tool, scanner, python
systems | unix
SHA-256 | 36b4bd05f74b13aecbbe249253b3caf4bfced05de979e67c543155242257670a
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Posted Jul 12, 2019
Authored by Ishaq Mohammed

Jenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10349
SHA-256 | cd5ffe501243df3312d0721d5cd596bee99b0e8d2898b76aa16162fd57fb796c
Microsoft Font Subsetting DLL ComputeFormat4CmapData Heap Corruption
Posted Jul 12, 2019
Authored by Google Security Research, mjurczyk

There is a Microsoft Font Subsetting DLL heap corruption vulnerability in ComputeFormat4CmapData.

tags | exploit
SHA-256 | 88c8f33972cfdf8c4a1abf07e27de14c8a881010277ba8de5406bd72df2dced1
WorldClient 14 Cross Site Request Forgery
Posted Jul 12, 2019
Authored by Prithwish Pal

WorldClient version 14 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-17792
SHA-256 | 26f8179ebb21291ca13dd54bf46c9fdf6a1050b8228236dafcfe97f24efa2eff
Microsoft DirectWrite / AFDKO OpenType Stack Corruption
Posted Jul 12, 2019
Authored by Google Security Research, mjurczyk

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling while processing CFF blend DICT operator.

tags | exploit
advisories | CVE-2019-1123
SHA-256 | 4fcf434e418ec4b78b4c2d63832210327781ed08e528c125015656abfd99f10d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close