what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2019-04-23

Linux Siemens R3964 Line Discipline Missing Lock
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.

tags | exploit, kernel
systems | linux, ubuntu
SHA-256 | a396888582339ffe59796c61b8e3097b97ece3e13bcd1b03ad7f6bb0490ef36d
74CMS 5.0.1 Cross Site Request Forgery
Posted Apr 23, 2019
Authored by ax8

74CMS version 5.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-11374
SHA-256 | d7d9985001bc42cdc8a3336f061bc250f176b78c5f903ea85e19b6b6d7162312
Red Hat Security Advisory 2019-0857-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0857-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-3868
SHA-256 | 0ca7fc023124bc1f0da469e121be746b038c42793c79e53b6ee17612555d18ae
Linux Overflow Via FUSE
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

tags | exploit, overflow
systems | linux
SHA-256 | 8f223059c2e0c5c532eddc4777ac58f752854b9d67abeac1f06d8d9bf6855b94
ManageEngine Applications Manager 14.0 SQL Injection / Command Injection
Posted Apr 23, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.

tags | exploit, sql injection
advisories | CVE-2019-11469
SHA-256 | bb5aa065425ceff2e56e199ea57ee45786a565ab2e6b71aad1d4ada0423d0544
Red Hat Security Advisory 2019-0856-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0856-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-3868
SHA-256 | 2fe0221c5abd3000f802c46f9ec6b9c2bfecefe50b4dc70bf3ad843e75f7602e
Ross Video DashBoard 8.5.1 Insecure Permissions
Posted Apr 23, 2019
Authored by LiquidWorm | Site zeroscience.mk

Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

tags | exploit
SHA-256 | 4642022f2584ccb3cf7355909cc01e3b85b90ed0cbd2248a18aa61b52cac1ada
Red Hat Security Advisory 2019-0809-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0809-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-12180
SHA-256 | 772394788dead1c22f294f6055835f8bd5f1fde49aae997b2c8e0d9e58372018
Ubuntu Security Notice USN-3922-2
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-9022, CVE-2019-9640, CVE-2019-9675
SHA-256 | 9d3b8cd2d40a04c95f35a442f0571f69758a09f6914d994f262f6028e1f5726d
Red Hat Security Advisory 2019-0818-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-6974, CVE-2019-7221
SHA-256 | 427f88a5bf4bb111b281c387156542e436bd1b24b32e98bcda295d272e82b805
Red Hat Security Advisory 2019-0831-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0831-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include bypass, denial of service, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-13053, CVE-2018-13094, CVE-2018-14734, CVE-2018-17972, CVE-2018-18281, CVE-2018-18386, CVE-2018-18397, CVE-2019-9213
SHA-256 | 56ec339fc2da9ed44f9d103367a73097824980f319bfbd006adc8ae2256618d5
Ubuntu Security Notice USN-3952-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-16877, CVE-2018-16878, CVE-2019-3885
SHA-256 | ca81c7a9b99bb4639dea8d68f5f1b16b211d71222ecf68f6edb2f2d54027fbc1
Ubuntu Security Notice USN-3953-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11034
SHA-256 | 44836f2532fd5a24f1a39c489bf361912adf4e8801f77594c87f73c02f8ac3c9
Ubuntu Security Notice USN-3951-1
Posted Apr 23, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3951-1 - It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-10691
SHA-256 | 8b916334ad90f0489013c56012c02e1b53e5df958f92b7cc2cbe32119ee19c04
Red Hat Security Advisory 2019-0833-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-6974, CVE-2019-7221
SHA-256 | e14d7ebf1d627363be450e397294ed00af591dd9d8bcfa0a76501e348e42ddb2
Red Hat Security Advisory 2019-0832-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
SHA-256 | ef2cb7fdf777aebe2200db16bd613188acc9f2418c1afa6e9bd5772d57d56bcb
Red Hat Security Advisory 2019-0806-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0806-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-9636
SHA-256 | c206cf8145dc34a49b0f9e9293e5708f88a26c24e86c4b4557f50b051cc04259
Red Hat Security Advisory 2019-0796-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0796-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include database disclosure, denial of service, and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-5418, CVE-2019-5419
SHA-256 | 7b0abf23eaef6dbaecd5d1d1ec306c91e866820b9b88b17aa29456046bde3439
UliCMS 2019.2 / 2019.1 Cross Site Scripting
Posted Apr 23, 2019
Authored by Kagan Eglence

UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-11398
SHA-256 | 57f35f707cae3c622dd55e1b762a6c7f638aab5b4bc343b8d0a76361f29450ac
systemd Seat Verification Active Session Spoofing
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit.

tags | exploit, spoof
advisories | CVE-2019-3842
SHA-256 | efa1f343df5f4bc0df38f6d33e7cbd58c47f076df86f9ef3d5559612c36b0a32
Linux/ARM Password Protected Reverse TCP Shell Shellcode
Posted Apr 23, 2019
Authored by Alan Vivona

100 bytes small Linux/ARM password protected reverse TCP shell shellcode.

tags | shell, tcp, shellcode
systems | linux
SHA-256 | 9bf33e374e12b637159df9dbbfaec579d102f5a7e90543859ae1a4ac76542fc5
Msvod 10 Cross Site Request Forgery
Posted Apr 23, 2019
Authored by ax8

Msvod version 10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-11375
SHA-256 | 56e5a768b895efafc56b727ea919623669d0434f3064494301dd1a65dba66716
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close