what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2019-04-16

Ubuntu Security Notice USN-3949-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3949-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2019-2422
SHA-256 | 2367ef3bff28dccb5fce02b2508e0d68e085e7266a6385c6f07453e73ba65e67
Ubuntu Security Notice USN-3948-1
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-11070, CVE-2019-8518, CVE-2019-8536, CVE-2019-8559
SHA-256 | 86e192d0f551cd83fe5734820e330afcab832fe7665ccf0c2aac1f465e9f215e
Red Hat Security Advisory 2019-0766-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.

tags | advisory, web, protocol, bypass
systems | linux, redhat
advisories | CVE-2019-3877, CVE-2019-3878
SHA-256 | 012f4ad04dfc61c3c09c658d481c74c8f64bfaf993d2963c62ffa6799022add7
Microsoft Windows LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver has a race condition in the LuafvPostReadWrite callback if delay virtualization has occurred during a read leading to the SECTION_OBJECT_POINTERS value being reset to the underlying file resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0836
SHA-256 | 1e8cd54d3c2d772976524e371c95b1d714210d40f0a02d7fb49facede63a5c9e
Microsoft Windows LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver can confuse the cache and memory manager to replace the contents of privileged file leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0805
SHA-256 | 2f0783d66d46e920f1e358cb270db27803dfe9308027b531f607dbab38974980
Microsoft Windows LUAFV NtSetCachedSigningLevel Device Guard Bypass
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0732
SHA-256 | 5e11646fa10b0479415382c2a97eb9d01f2462f9f48431fe8f465de293d45f36
Microsoft Windows LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0796
SHA-256 | 72c0e2e26c794f1e484bea3169422e90d36accc9e727f3f347fdeb0418dabcbc
Microsoft Windows LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver doesn't take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0731
SHA-256 | aa83f4bf9c9d7ac15d9c50d8e2eb520ebe906895d7841085259cbda854780e60
Microsoft Windows LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the LUAFV driver reuses the file's create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0730
SHA-256 | c6698b041f1966005a9d6cd5b1e2888b8cb194d1fd4f68b6863494c7a26ab4e6
Microsoft Windows CSRSS SxSSrv Cached Manifest Privilege Escalation
Posted Apr 16, 2019
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a system binary leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0735
SHA-256 | ad66ed46b7b1347ea52c8af3e54cce2e72fd812fa5124a8d4ad94efa3452229c
MailCarrier 2.51 RETR Buffer Overflow
Posted Apr 16, 2019
Authored by Dino Covotsos

MailCarrier version 2.51 POP3 RETR command remote SEH buffer overflow exploit.

tags | exploit, remote, overflow
advisories | CVE-2019-11395
SHA-256 | 369b8595dde8c9b12c3bf187b78d4d2a5d97de8c059235337dc95c461bb91375
Red Hat Security Advisory 2019-0765-01
Posted Apr 16, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0765-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2019-9636
SHA-256 | e2204bba42bf856629e8e3a8e3683ece88f4b58d35fb8ff0c14a30b1b41e5f58
Gentoo Linux Security Advisory 201904-15
Posted Apr 16, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-15 - A vulnerability in libTIFF could lead to a Denial of Service condition. Versions less than 4.0.10 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2018-18557
SHA-256 | 097c14af7c9924c19b9c7c25395c1047732dbeb1eabbaae2598c929474e8da87
Ubuntu Security Notice USN-3947-2
Posted Apr 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3947-2 - USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-11068
SHA-256 | 3e720ed3cabc26c15c50961a47bd9d2e89fe9c6ce7ad4a5073ad1db9778357dc
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
Posted Apr 16, 2019
Authored by Haboob Team

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-10945
SHA-256 | 53b8b3b18868765214204a82f2af5d3caa0c20dbe06f39856c11642e46e530b9
Zoho ManageEngine ADManager Plus 6.6 Privilege Escalation
Posted Apr 16, 2019
Authored by Digital Interruption

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-19374
SHA-256 | 7b90482fd6c4094ace9ce2306bb91955009fe7f37cb609a6f24b88500d25b784
Zyxel ZyWall Cross Site Scripting
Posted Apr 16, 2019
Authored by Aaron Bishop

ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9955
SHA-256 | 81540b3aa097eb20c487c7beb07f37000e14749f428121afdc08a3ecc9515357
PCHelpWare 2 1.0.0.5 Group Denial Of Service
Posted Apr 16, 2019
Authored by Alejandra Sanchez

PCHelpWare 2 version 1.0.0.5 Group denial of service exploit.

tags | exploit, denial of service
SHA-256 | b795b210e0d597f6d8ad0edbd230247a547a2113cb3d4b3b9c5641fa5580e324
AdminExpress 1.2.5 Denial Of Service
Posted Apr 16, 2019
Authored by Mucahit Ismail Aktas

AdminExpress version 1.2.5 suffers from a Folder Path denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | ca0d46946a6d528d2730acea7ac98647e979cdbed1bcce4a80fc135d90e8e99b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close