exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2019-02-06

Ubuntu Security Notice USN-3883-1
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10119, CVE-2018-10583, CVE-2018-16858
SHA-256 | 3590319206e9f994fc6427d7de0f5ff90c527befe59e8cf74e9ea0c9042ca778
Ubuntu Security Notice USN-3882-1
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
SHA-256 | 8730f1a95efb3ad9f330fd2c5e6d04c57d0239a933014e5309ef2e03007ce512
Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting
Posted Feb 6, 2019
Authored by Ozer Goker

Smoothwall Express version 3.1-SP4-polar-x86_64-update9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c5b15d19a2f8686b7ac757fc9a606f57aae44781a679d8b37cda7e2bcb21ca4b
FreeBSD Security Advisory - FreeBSD-SA-19:02.fd
Posted Feb 6, 2019
Authored by Peter Holm | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, kernel, local, root
systems | freebsd
advisories | CVE-2019-5596
SHA-256 | 855f095edd8dddc5d144dfb14428d131335a8466a40afb0a5c40cf8aee8b1767
FreeBSD Security Advisory - FreeBSD-SA-19:01.syscall
Posted Feb 6, 2019
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5595
SHA-256 | 236a816eea4311588ca36396d798417774e37912f40da745164d7609d6d42425
Debian Security Advisory 4385-1
Posted Feb 6, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.

tags | advisory, bypass
systems | linux, debian
advisories | CVE-2019-3814
SHA-256 | 6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33
River Past Audio Converter 7.7.16 Buffer Overflow
Posted Feb 6, 2019
Authored by Matteo Malvica

River Past Audio Converter version 7.7.16 buffer overflow SEH exploit.

tags | exploit, overflow
SHA-256 | 3719a0414392319cb88b60d4f36ea298ed46b68d879c1d4839d716282a54bd01
osCommerce 2.3.4.1 SQL Injection
Posted Feb 6, 2019
Authored by Mehmet Emiroglu

osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7f8db9f4e59304f4d92aaa0b162605bd0f19e024b7b035707a7068233624f758
WordPress YOP Poll 6.0.2 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress YOP Poll plugin version 6.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9914
SHA-256 | 6ce5b54aff4a8eac3fb2bd30e96e747b3ca49fdaeb6c68b860c1055e4e5cbac1
Ubuntu Security Notice USN-3881-2
Posted Feb 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-3814
SHA-256 | 1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526b
WordPress WP Live Chat 8.0.18 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9913
SHA-256 | 3c65dace4c32d5bb126aa011b151f596a00ebdef9522b9a5d705ba4cc01d15a9
WordPress wpGoogleMaps 7.10.41 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress wpGoogleMaps plugin version 7.10.41 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9912
SHA-256 | f839348b93ef6d68bb7fa55e3bc44b4563269eef679bb15b156c9865df902894
Skia Buffer Overflow
Posted Feb 6, 2019
Authored by Ivan Fratric, Google Security Research

Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 3a576a2a2e1e3f21c3c1af4f1257d137b7f010a80f1df3c8ddb7ca7a404aec6d
WordPress Social Networks Auto-Poster 4.2.7 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Social Networks Auto-Poster plugin version 4.2.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9911
SHA-256 | 131fb95529c8c295332376c3c639587c0c1bdb88d79767257773c33c5517a8b3
OpenMRS Platform Insecure Object Deserialization
Posted Feb 6, 2019
Authored by Bishop Fox

OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.

tags | exploit
advisories | CVE-2018-19276
SHA-256 | 9bf1c1fe0961989653634a152fe1a2263d4a1488abc16bf63c5f68b95b248603
WordPress KingComposer 2.7.6 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9910
SHA-256 | 70463eecc91264546a0667f547952464557785a98fd5161513136df55b04811a
WordPress Give 2.3.0 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9909
SHA-256 | ce3e8a04fae75df5ec50fe510a670381280f4159ff3a19cae2f7fb1e69c1d11d
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
Posted Feb 6, 2019
Authored by Yusuf Furkan

Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-7391
SHA-256 | 7e3f03a26f7f5517b57b3f61a2a52176b323d51206b8e0458c08ca72520f6a92
WordPress Font Organizer 2.1.1 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Font Organizer plugin version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9908
SHA-256 | 9d04b6f05bfa2febbf6a55a21c100165d435279f2ee32ef5182b3528a606e6ef
River Past Audio Converter 7.7.16 Denial Of Service
Posted Feb 6, 2019
Authored by Achilles

River Past Audio Converter version 7.7.16 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 53850925202915ffedf3ddfced1e2f2e75428d4cb7c1ed526e961d86c36179b0
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-9646
SHA-256 | 64c84aa453d6ebfbed2c8ac62d02d372dae688e4612e07e2beebf57ebe30e1ad
Device Monitoring Studio 8.10.00.8925 Denial Of Service
Posted Feb 6, 2019
Authored by Victor Mondragon

Device Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 5c277f3328ce1e7a1812b46620dc796a0eab49bcd849fe88b89607082d0e8377
WordPress Blog2Social 5.0.2 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9576
SHA-256 | 1164c4f3459b90f4f361cf7c366150917d4e8842d712ac45c41850a2392947ab
Linux/x86 Random Insertion Encoder / Decoder Shellcode Generator
Posted Feb 6, 2019
Authored by Aditya Chaudhary

Linux/x86 random insertion encoder and decoder shellcode generator.

tags | x86, shellcode
systems | linux
SHA-256 | 1c874cdca741bb9b1f5cb83bff6c4ba8db8cdc97becf03410749a4943debc7e3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close