Ubuntu Security Notice 3904-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU.
0a314e97dd0cdefd205a751678974b7d37fc096c5572956f57a5853e0f716107Oracle Weblogic Server deserialization remote command execution exploit with patch bypass.
837c2f0617dd4b3f41f05a46a57a7e73ab7bc936ea31caa66a3b2934f79ee87cRed Hat Security Advisory 2019-0474-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Issues addressed include a buffer overflow vulnerability.
417ad4f26d32b710a797cd2b8db0b2aa4e96c1bed16a3f20e9589af55962fdf0Kados R10 GreenBee suffers from a remote SQL injection vulnerability in the menu_lev1 parameter.
64bb389ef1691eace4236e3c9c3215017353375b48302fcc554ebc1bd48e8f77OrientDB version 3.0.17 GA Community Edition suffers from cross site request forgery and cross site scripting vulnerabilities.
8ba0d8eaf52b7cc302a0b7549e394c6c29eb8f95e19e2924a243a3e11a59712fThis Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.
712e61a13313ebb126b64c908b54585d5ae2d8054cbfe62c42977aa9f74c1068Red Hat Security Advisory 2019-0473-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP40. Issues addressed include a buffer overflow vulnerability.
a7d7aa7be4a337f46798a8f44a648d6aaf9a47adb077fe93c96c8e8058e0f22dAnyburn version 4.3 x86 "Copy disc to image file" buffer overflow SEH unicode exploit.
093efaf0e4484fa5ee3691f96a71fdfc76d836f48b33f9b0e592f75d34a8ad15The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the Sparkasse online service web-application.
42d53ff3e5deb653a5edb38b01a8cbe7d3ff0a34e775ab7bc920dfcbbfafaa0fLinux/x86 insertion encoder and decoder shellcode.
232a3ba577ebd0f1ab1c5e2f99d661e44cd0cb77813fb985d5c81b3e1fb9f5e4Red Hat Security Advisory 2019-0472-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Issues addressed include a buffer overflow vulnerability.
b98fc9eeb8744a490698307eb453d22ee3c80604a36e2db66476daa04f2c46e6phpBB version 3.2.3 remote code execution exploit.
0cb3b45f7b70123eef9c5329c77d3770187662efc48ff45321b363e06b6a7858Whitepaper called File transfer skills in the red team post penetration test.
d505ea952cbf8c03b697f70f16b5ed760eb06b330f80ee5d46f97011a37a446eWhitepaper called SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. This research was produced jointly between Worcester Polytechnic Institute and University of Lubeck. It has been noted that software mitigations tied to Spectre will not mitigate this newly identified issue.
bb3f36a1e44797d8ca7fcd7fcc02a3b109128d567aee6326977365c8b87b06f4This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution.
f1711c3320d7c4e9f80661d007057fb1b0b673f47fb51ec2968a821bc6aa8991This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary (often linked with an application) that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The command stager will write a payload binary to a temporary directory, make it executable, execute it in the background, and finally delete the executable. On most devices the su binary will pop-up a prompt on the device asking the user for permission.
7e3a5d53d1bbc99e917882f257f635961ce55cef2fc5751b97c279d3aed1f213Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
9fa2e8c51d173c74b0305f4f1e2a2d995755c22d2da0261c82f4f2a3f2185b6a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed