< Back to JetLib.com

jetlib.sec

« Expand/Collapse

Recent items

Skip to page: 1 2 3 4 ... 882

March 19, 2019
14:11
VBScript VbsErase Memory Corruption
» ‎ Packet Storm Security Recent Files

There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
Tags:

14:11
VBScript VbsErase Memory Corruption
» ‎ Packet Storm Security Misc. Files

There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
Tags:

14:10
GNU Privacy Guard 2.2.14
» ‎ Packet Storm Security Recent Files

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Tags:

14:10
GNU Privacy Guard 2.2.14
» ‎ Packet Storm Security Tools

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Tags:

14:10
GNU Privacy Guard 2.2.14
» ‎ Packet Storm Security Misc. Files

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Tags:

13:54
JFrog Artifactory Pro 6.5.9 Signature Validation
» ‎ Packet Storm Security Exploits

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
Tags:

13:54
JFrog Artifactory Pro 6.5.9 Signature Validation
» ‎ Packet Storm Security Recent Files

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
Tags:

13:54
JFrog Artifactory Pro 6.5.9 Signature Validation
» ‎ Packet Storm Security Misc. Files

The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
Tags:

13:53
Slackware Security Advisory - libssh2 Updates
» ‎ Packet Storm Security Advisories

Slackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.
Tags:

13:53
Slackware Security Advisory - libssh2 Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.
Tags:

13:53
Slackware Security Advisory - libssh2 Updates
» ‎ Packet Storm Security Misc. Files

Slackware Security Advisory - New libssh2 packages are available for Slackware 14.2 and -current to fix security issues.
Tags:

13:53
Debian Security Advisory 4409-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
Tags:

13:53
Debian Security Advisory 4409-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
Tags:

13:53
Debian Security Advisory 4409-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
Tags:

13:53
Red Hat Security Advisory 2019-0600-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.
Tags:

13:53
Red Hat Security Advisory 2019-0600-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.
Tags:

13:53
Red Hat Security Advisory 2019-0600-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-0600-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a deserialization vulnerability.
Tags:

13:53
Gentoo Linux Security Advisory 201903-15
» ‎ Packet Storm Security Advisories

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
Tags:

13:53
Gentoo Linux Security Advisory 201903-15
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
Tags:

13:53
Gentoo Linux Security Advisory 201903-15
» ‎ Packet Storm Security Misc. Files

Gentoo Linux Security Advisory 201903-15 - Multiple vulnerabilities have been found in NTP, the worst of which could result in the remote execution of arbitrary code. Versions less than 4.2.8_p13 are affected.
Tags:

13:32
Chrome StoragePartitionService Double-Destruction Race
» ‎ Packet Storm Security Exploits

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.
Tags:

13:32
Chrome StoragePartitionService Double-Destruction Race
» ‎ Packet Storm Security Recent Files

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.
Tags:

13:32
Chrome StoragePartitionService Double-Destruction Race
» ‎ Packet Storm Security Misc. Files

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.
Tags:

13:00
A Classy USB Knob For The Discerning Computerist
» ‎ Hack a Day

The keyboard and mouse are great, we’re big fans. But for some tasks, such as seeking around in audio and video files, a rotary encoder is a more intuitive way to get the job done. [VincentMakes] liked the idea of having a knob he could turn to adjust his system …read more

Tags: peripherals hacks

12:32
Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML
» ‎ Packet Storm Security Exploits

MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn't check other VBScript CLSIDs which allow a web page to bypass the security zone policy.
Tags:

12:32
Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML
» ‎ Packet Storm Security Recent Files

MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn't check other VBScript CLSIDs which allow a web page to bypass the security zone policy.
Tags:

12:32
Microsoft Windows IE11 VBScript Execution Policy Bypass In MSHTML
» ‎ Packet Storm Security Misc. Files

MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn't check other VBScript CLSIDs which allow a web page to bypass the security zone policy.
Tags:

12:14
#0daytoday #exacqVision 9.8 Unquoted Service Path Privilege Escalation Vulnerability [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #exacqVision 9.8 Unquoted Service Path Privilege Escalation Vulnerability [#0day #Exploit]
Tags:
11:52
#0daytoday #Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL #Bypass and Metaprogramming #RCE Ex [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL #Bypass and Metaprogramming #RCE Ex [#0day #Exploit]
Tags:
11:52
#0daytoday #Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Expl [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Expl [#0day #Exploit]
Tags:
11:52
#0daytoday #MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Vulnerability [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Vulnerability [#0day #Exploit]
Tags:
11:51
#0daytoday #Gila CMS 1.9.1 - Cross-Site Scripting Vulnerability CVE-2019-9647 [webapps #exploits #Vulnerability #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Gila CMS 1.9.1 - Cross-Site Scripting Vulnerability CVE-2019-9647 [webapps #exploits #Vulnerability #0day #Exploit]
Tags:

11:32
Chrome MidiManagerWin Use-After-Free
» ‎ Packet Storm Security Exploits

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.
Tags:

11:32
Chrome MidiManagerWin Use-After-Free
» ‎ Packet Storm Security Recent Files

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.
Tags:

11:32
Chrome MidiManagerWin Use-After-Free
» ‎ Packet Storm Security Misc. Files

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.
Tags:

11:30
DIY Six Channel Arduino RC Transmitter
» ‎ Hack a Day

It’s wasn’t so long ago that RC transmitters, at least ones worth owning, were expensive pieces of gear. Even more recently than that, the idea of an RC transmitter running an open source firmware would have been considered a pipe dream. Yet today buying cheap imported transmitters and flashing a …read more

Tags: arduino hacks

11:22
Chrome FileSystemOperationRunner Use-After-Free
» ‎ Packet Storm Security Exploits

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.
Tags:

11:22
Chrome FileSystemOperationRunner Use-After-Free
» ‎ Packet Storm Security Recent Files

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.
Tags:

11:22
Chrome FileSystemOperationRunner Use-After-Free
» ‎ Packet Storm Security Misc. Files

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.
Tags:

11:02
Advanced Host Monitor 11.92 Beta Local Buffer Overflow
» ‎ Packet Storm Security Exploits

Advanced Host Monitor version 11.92 Beta suffers from a buffer overflow vulnerability.
Tags:

11:02
Advanced Host Monitor 11.92 Beta Local Buffer Overflow
» ‎ Packet Storm Security Recent Files

Advanced Host Monitor version 11.92 Beta suffers from a buffer overflow vulnerability.
Tags:

11:02
Advanced Host Monitor 11.92 Beta Local Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Advanced Host Monitor version 11.92 Beta suffers from a buffer overflow vulnerability.
Tags:

10:51
CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error
» ‎ Full Disclosure

Posted by Timo Lindfors on Mar 19
CVE-2018-19971: JFrog Artifactory Pro SAML SSO signature validation error
-------------------------------------------------------------------------

Affected products
=================

The SAML SSO addon in Artifactory 6.5.9 is vulnerable.
The SAML SSO addon in Artifactory 6.5.13 is NOT vulnerable.

Other versions were not tested.

Background
==========

"Artifactory offers a SAML-based Single Sign-On service allowing
federated...

Tags:

10:33
Chrome ExtensionsGuestViewMessageFilter Data Race
» ‎ Packet Storm Security Exploits

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.
Tags:

10:33
Chrome ExtensionsGuestViewMessageFilter Data Race
» ‎ Packet Storm Security Recent Files

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.
Tags:

10:33
Chrome ExtensionsGuestViewMessageFilter Data Race
» ‎ Packet Storm Security Misc. Files

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.
Tags:

10:32
Abine Blur 7.8.24x Authentication Bypass
» ‎ Packet Storm Security Advisories

The Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.
Tags:

10:32
Abine Blur 7.8.24x Authentication Bypass
» ‎ Packet Storm Security Recent Files

The Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.
Tags:

10:32
Abine Blur 7.8.24x Authentication Bypass
» ‎ Packet Storm Security Misc. Files

The Password Manager Extension in Abine Blur versions 7.8.24x allows attackers to bypass the multi-factor authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. NOTE: this vulnerability exists because of a CVE-2018-7213 regression.
Tags:

10:28
2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481]
» ‎ Full Disclosure

Posted by (RS) Tyler Schroder via Fulldisclosure on Mar 19
=============================================

2FA & macOS Disk Encryption Bypass in Abine Blur 7.24*

=============================================

Topic: Abine Blur Password Manager Insecure Permissions

* Announced: 2019-03-18

* Credits: RS Tyler Schroder

* Affects: 7.8.242*

* Corrected: 2018-03-18

* Corrected V: 8.0.2478

* CVE Name: CVE-2019-6481

I. Background

Abine Blur is a...

Tags:
10:22
Re: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
» ‎ Full Disclosure

Posted by Henri Salo on Mar 19
Good research work Manuel. Keep up the good work! =)

In case of WordPress plugins your solution is not correct. This vulnerability
can be exploited even plugin is disabled. Plugin must be deleted in order to
mitigate this.

Tags:

10:01
Ask Hackaday: How Do You Draw Schematics?
» ‎ Hack a Day

The lingua franca of electronic design is the schematic. I can pick up a datasheet written in Chinese (a language I do not read or speak) and usually get a half-decent idea of what the part is all about from the drawings. Unfortunately, even as my design experience has grown …read more

Tags: Ask hackaday
9:01
This Weekend: Vintage Computer Festival Pacific Northwest
» ‎ Hack a Day

The most iconic parts of computer history come alive next weekend in Seattle during the Vintage Computer Festival Pacific Northwest. It’s all happening March 23rd and 24th at the Living Computers Museum+Labs.

VCF celebrates the great hardware that has sprung up during the technological march of the last fifty years. …read more

Tags: cons

8:55
eNdonesia Portal 8.7 Iframe Injection / SQL Injection
» ‎ Packet Storm Security Exploits

eNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

8:55
eNdonesia Portal 8.7 Iframe Injection / SQL Injection
» ‎ Packet Storm Security Recent Files

eNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

8:55
eNdonesia Portal 8.7 Iframe Injection / SQL Injection
» ‎ Packet Storm Security Misc. Files

eNdonesia Portal version 8.7 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

8:30
Venabili is the Delightful Keyboard You Can’t Buy
» ‎ Hack a Day

If you code or write a lot, you live or die with your keyboard. The Venabili web site calls Venabili “the delightful keyboard” which begs the question: what makes a keyboard delightful. The site continues:

“Venabili is a 40% mechanical, programmable, ergonomic and hackable computer keyboard.

Being a fully programmable
…read more

Tags: ARM

7:22
Netartmedia PHP Mall 4.1 SQL Injection
» ‎ Packet Storm Security Exploits

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.
Tags:

7:22
Netartmedia PHP Mall 4.1 SQL Injection
» ‎ Packet Storm Security Recent Files

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.
Tags:

7:22
Netartmedia PHP Mall 4.1 SQL Injection
» ‎ Packet Storm Security Misc. Files

Netartmedia PHP Mall version 4.1 suffers from a remote SQL injection vulnerability.
Tags:

7:17
Vladimir Putin Signs Sweeping Internet Censorship Bills
» ‎ Packet Storm Security Headlines

Vladimir Putin Signs Sweeping Internet Censorship Bills
Tags: headlinegovernmentrussiacensorship
7:17
Huge Aluminium Plants Hit By Cyber Attack
» ‎ Packet Storm Security Headlines

Huge Aluminium Plants Hit By Cyber Attack
Tags: headlinemalwarescada
7:17
EU Government Websites Infested With Third Party Adtech Scripts
» ‎ Packet Storm Security Headlines

EU Government Websites Infested With Third Party Adtech Scripts
Tags: headlinegovernmentprivacydata lossspyware
7:17
PuTTY SSH Client Gets Patched After RSA Key Exchange Memory Vuln Spotted
» ‎ Packet Storm Security Headlines

PuTTY SSH Client Gets Patched After RSA Key Exchange Memory Vuln Spotted
Tags: headlineprivacyflawpatchcryptography

7:02
Gila CMS 1.9.1 Cross Site Scripting
» ‎ Packet Storm Security Exploits

Gila CMS version 1.9.1 suffers from a cross site scripting vulnerability.
Tags:
7:02
Netartmedia Event Portal 2.0 SQL Injection
» ‎ Packet Storm Security Exploits

Netartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability.
Tags:

7:02
Gila CMS 1.9.1 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Gila CMS version 1.9.1 suffers from a cross site scripting vulnerability.
Tags:
7:02
Netartmedia Event Portal 2.0 SQL Injection
» ‎ Packet Storm Security Recent Files

Netartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability.
Tags:

7:02
Gila CMS 1.9.1 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Gila CMS version 1.9.1 suffers from a cross site scripting vulnerability.
Tags:
7:02
Netartmedia Event Portal 2.0 SQL Injection
» ‎ Packet Storm Security Misc. Files

Netartmedia Event Portal version 2.0 suffers from a remote SQL injection vulnerability.
Tags:

7:00
The CD Is 40, The CD Is Dead
» ‎ Hack a Day

The Compact Disc is 40 years old, and for those of us who remember its introduction it still has that sparkle of a high-tech item even as it slides into oblivion at the hands of streaming music services.

If we could define a moment at which consumers moved from analogue …read more

Tags: digital audio hacks

6:33
Netartmedia Real Estate Portal 5.0 SQL Injection
» ‎ Packet Storm Security Exploits

Netartmedia Real Estate Portal version 5.0 suffers from a remote SQL injection vulnerability.
Tags:

6:33
Netartmedia Real Estate Portal 5.0 SQL Injection
» ‎ Packet Storm Security Recent Files

Netartmedia Real Estate Portal version 5.0 suffers from a remote SQL injection vulnerability.
Tags:

6:33
Netartmedia Real Estate Portal 5.0 SQL Injection
» ‎ Packet Storm Security Misc. Files

Netartmedia Real Estate Portal version 5.0 suffers from a remote SQL injection vulnerability.
Tags:

6:30
MyBB Upcoming Events 1.32 Cross Site Scripting
» ‎ Packet Storm Security Exploits

MyBB Upcoming Events plugin version 1.32 suffers from a cross site scripting vulnerability.
Tags:

6:30
MyBB Upcoming Events 1.32 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

MyBB Upcoming Events plugin version 1.32 suffers from a cross site scripting vulnerability.
Tags:

6:30
MyBB Upcoming Events 1.32 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

MyBB Upcoming Events plugin version 1.32 suffers from a cross site scripting vulnerability.
Tags:

4:00
Retired Rideshare Scooter Skips the Reverse Engineering to Ride Again
» ‎ Hack a Day

[Adam Zeloof] (legally) obtained a retired electric scooter and documented how it worked and how he got it working again. The scooter had a past life as a pay-to-ride electric vehicle and “$1 TO START” is still visible on the grip tape. It could be paid for and unlocked with …read more

Tags: teardown

2:41
[slackware-security] libssh2 (SSA:2019-077-01)
» ‎ Bugtraq

Posted by Slackware Security Team on Mar 19
[slackware-security] libssh2 (SSA:2019-077-01)

New libssh2 packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded.
Fixed several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855...

Tags:
2:38
[SECURITY] [DSA 4409-1] neutron security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Mar 19
-------------------------------------------------------------------------
Debian Security Advisory DSA-4409-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : neutron
CVE ID : CVE-2019-9735

Erik Olof Gunnar...

Tags:

1:00
Mining Bitcoin on the ESP32 For Fun, Definitely Not Profit
» ‎ Hack a Day

Bitcoin’s great, if you sold at the end of 2017. If you’re still holding, your opinion might be a little more sour. The cost to compete in the great hashing race continues to rise while cryptocurrency values remain underwhelming. While getting involved at the top end is prohibitively expensive, you …read more

Tags: classic hacks

0:00
Vuln: Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3180 Remote Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3180 Remote Security Vulnerability
Tags:
0:00
Vuln: Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities
Tags:
0:00
Vuln: Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
Tags:
0:00
Vuln: Oracle Web Cache CVE-2019-2438 Remote Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Web Cache CVE-2019-2438 Remote Security Vulnerability
Tags:

March 18, 2019
22:00
FPGA NES Looks Sharp On Perfboard
» ‎ Hack a Day

FPGAs are wonderful things, packed with logic cells that can be reconfigured as your heart desires. They excel at signal processing, anything requiring speed, and recreating vintage hardware. In that vein, [Jon Thomasson] decided to bring back the original Nintendo Entertainment System, in perfboard form.

The build uses a Spartan …read more

Tags: fpga
19:00
You’re Listening To Quantum Radio
» ‎ Hack a Day

Researchers at Delft University of Technology have created a detector that enables the detection of a single photon’s worth of radio frequency energy. The chip is only 10 mm square and the team plans to use it to explore the relationship of mass and gravity to quantum theory.

The chip …read more

Tags: news

17:53
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
Tags:

17:53
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
Tags:

17:53
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
Tags:

16:44
Ubuntu Security Notice USN-3906-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Tags:

16:44
Ubuntu Security Notice USN-3906-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Tags:

16:44
Ubuntu Security Notice USN-3906-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
Tags:

16:02
Red Hat Security Advisory 2019-0597-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.
Tags:

16:02
Red Hat Security Advisory 2019-0597-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.
Tags:

16:02
Red Hat Security Advisory 2019-0597-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.
Tags:

16:00
Hands-On: New Nvidia Jetson Nano is More Power In A Smaller Form Factor
» ‎ Hack a Day

Today, Nvidia released their next generation of small but powerful modules for embedded AI. It’s the Nvidia Jetson Nano, and it’s smaller, cheaper, and more maker-friendly than anything they’ve put out before.

The Jetson Nano follows the Jetson TX1, the TX2, and the Jetson AGX Xavier, all very capable platforms, …read more

Tags: featured

13:02
exacqVision 9.8 Unquoted Service Path Privilege Escalation
» ‎ Packet Storm Security Exploits

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Tags:

13:02
exacqVision 9.8 Unquoted Service Path Privilege Escalation
» ‎ Packet Storm Security Recent Files

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Tags:

13:02
exacqVision 9.8 Unquoted Service Path Privilege Escalation
» ‎ Packet Storm Security Misc. Files

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Tags:

13:00
Social Media Jacket Puts Your Likes On Your Sleeve
» ‎ Hack a Day

The great irony of the social media revolution is that it’s not very social at all. Users browse through people’s pictures in the middle of the night while laying in bed, and tap out their approval with all the emotion of clearing their spam folder. Many boast of hundreds or …read more

Tags: arduino hacks

12:32
Microsoft Windows Binary Planting
» ‎ Packet Storm Security Recent Files

This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.
Tags:

12:32
Microsoft Windows Binary Planting
» ‎ Packet Storm Security Misc. Files

This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.
Tags:

11:32
Debian Security Advisory 4408-1
» ‎ Packet Storm Security Advisories

Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
Tags:

11:32
Debian Security Advisory 4408-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
Tags:

11:32
Debian Security Advisory 4408-1
» ‎ Packet Storm Security Misc. Files

Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
Tags:

11:02
Red Hat Security Advisory 2019-0593-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.
Tags:

11:02
Red Hat Security Advisory 2019-0593-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.
Tags:

11:02
Red Hat Security Advisory 2019-0593-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.
Tags:

10:44
Ubuntu Security Notice USN-3911-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Tags:

10:44
Ubuntu Security Notice USN-3911-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Tags:

10:44
Ubuntu Security Notice USN-3911-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Tags:

10:36
#0daytoday #TheCarProject v2 - Multiple SQL Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #TheCarProject v2 - Multiple SQL Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
Tags:

10:32
Red Hat Security Advisory 2019-0580-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.
Tags:

10:32
Red Hat Security Advisory 2019-0580-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.
Tags:

10:32
Red Hat Security Advisory 2019-0580-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.
Tags:

10:32
#0daytoday #BMC Patrol Agent - Privilege Escalation Cmd Execution Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #BMC Patrol Agent - Privilege Escalation Cmd Execution Exploit [remote #exploits #0day #Exploit]
Tags:

10:22
Red Hat Security Advisory 2019-0590-01
» ‎ Packet Storm Security Advisories

Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
Tags:

10:22
Red Hat Security Advisory 2019-0590-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
Tags:

10:22
Red Hat Security Advisory 2019-0590-01
» ‎ Packet Storm Security Misc. Files

Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
Tags:

10:01
Es’hail-2: Hams Get Their First Geosynchronous Repeater
» ‎ Hack a Day

In the radio business, getting the high ground is key to covering as much territory from as few installations as possible. Anything that has a high profile, from a big municipal water tank to a roadside billboard to a remote hilltop, will likely be bristling with antennas, and different services …read more

Tags: engineering
9:00
Hack Chat: The Home Machine Shop with Quinn Dunki
» ‎ Hack a Day

Join us Wednesday at noon Pacific time for the Home Machine Shop Hack Chat!

Even if you haven’t been here for very long, you’ll probably recognize Quinn Dunki as Hackaday’s resident consulting machinist. Quinn recently did a great series of articles on the “King of Machine Tools”, the lathe, covering …read more

Tags: hackaday Columns
8:30
How To Interface Sega Controllers, And Make Them Wireless
» ‎ Hack a Day

The Sega Genesis, or Mega Drive as it was known outside North America, was a popular console for the simple fact that Sega did what Nintendidn’t. Anachronistic marketing jokes aside, it brought fast scrolling 16-bit games to a home console platform and won many fans over the years. You may …read more

Tags: classic hacks

8:20
libseccomp Incorrect Compilation Of Arithmetic Comparisons
» ‎ Packet Storm Security Exploits

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.
Tags:

8:20
libseccomp Incorrect Compilation Of Arithmetic Comparisons
» ‎ Packet Storm Security Recent Files

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.
Tags:

8:20
libseccomp Incorrect Compilation Of Arithmetic Comparisons
» ‎ Packet Storm Security Misc. Files

libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.
Tags:

7:48
Hacker Returns And Puts 26Mil User Records For Sale On The Dark Web
» ‎ Packet Storm Security Headlines

Hacker Returns And Puts 26Mil User Records For Sale On The Dark Web
Tags: headlinehackerprivacydata lossfraudidentity theft
7:48
Lenovo Patches Intel Firmware Flaws In Multiple Product Lines
» ‎ Packet Storm Security Headlines

Lenovo Patches Intel Firmware Flaws In Multiple Product Lines
Tags: headlineflawpatchintel
7:48
How Hackers Pulled Off A $20 Million Bank Heist
» ‎ Packet Storm Security Headlines

How Hackers Pulled Off A $20 Million Bank Heist
Tags: headlinehackerbankcybercrimekoreamexico
7:48
Facial Recognition 101: Your Face Is Your New Fingerprint
» ‎ Packet Storm Security Headlines

Facial Recognition 101: Your Face Is Your New Fingerprint
Tags: headlinepasswordscience

7:44
Gitea 1.7.3 HTML Injection
» ‎ Packet Storm Security Exploits

Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.
Tags:

7:44
Gitea 1.7.3 HTML Injection
» ‎ Packet Storm Security Recent Files

Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.
Tags:

7:44
Gitea 1.7.3 HTML Injection
» ‎ Packet Storm Security Misc. Files

Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.
Tags:

7:00
Hitchhiking to the Moon for Fun and Profit
» ‎ Hack a Day

On February 22nd, a Falcon rocket lifted off from Cape Canaveral carrying the Indonesian communications satellite Nusantara Satu. While the satellite was the primary payload for the mission, as is common on the Falcon 9, the rocket had a couple of stowaways. These secondary payloads are generally experiments or …read more

Tags: current Events
4:00
Origami Gripper Is Great For Soft And Heavy Objects
» ‎ Hack a Day

Robotic arms are fascinating devices, capable of immense speed and precision when carrying out their tasks. They’re also capable of carrying great loads, and a full-sized industrial robot in operation at maximum pace is a sight to behold. However, while it’s simple to design grippers to move strong metal objects, …read more

Tags: robots hacks

3:38
#0daytoday #WinRAR 5.61 - Path Traversal Exploit CVE-2018-20250 [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #WinRAR 5.61 - Path Traversal Exploit CVE-2018-20250 [remote #exploits #0day #Exploit]
Tags:

1:00
Forbes Says The Raspberry Pi Is Big Business
» ‎ Hack a Day

Not that it’s something the average Hackaday reader is unaware of, but the Raspberry Pi is a rather popular device. While we don’t have hard numbers to back it up (extra credit for anyone who wishes to crunch the numbers), it certainly seems a day doesn’t go by that there …read more

Tags: raspberry

0:00
Vuln: Django CVE-2019-6975 Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Django CVE-2019-6975 Denial of Service Vulnerability
Tags:
0:00
Vuln: Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Java SE CVE-2018-2973 Remote Security Vulnerability
Tags:
0:00
Vuln: IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
Tags:
0:00
Vuln: IBM Spectrum Scale CVE-2018-1723 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Spectrum Scale CVE-2018-1723 Information Disclosure Vulnerability
Tags:
0:00
Vuln: Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
Tags:
0:00
Vuln: RSA Archer GRC Platform CVE-2019-3716 Local Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

RSA Archer GRC Platform CVE-2019-3716 Local Information Disclosure Vulnerability
Tags:
0:00
Vuln: Microsoft Azure Linux Guest Agent CVE-2019-0804 Local Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Azure Linux Guest Agent CVE-2019-0804 Local Information Disclosure Vulnerability
Tags:
0:00
Vuln: PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities
Tags:

March 17, 2019
22:00
A 3D Printed Blooming Rose For (Next) Valentines Day
» ‎ Hack a Day

Inspiration runs on its own schedule: great ideas don’t always arrive in a timely manner. Such was the case with [Daren Schwenke]’s notion for creating a 3D-printed blooming rose for his valentine, a plan which came about on February 13. Inspired by [Jiří Praus]’s animated wireframe tulip, [Daren] figured he …read more

Tags: printer hacks

21:22
TheCarProject 2 SQL Injection
» ‎ Packet Storm Security Exploits

TheCarProject version 2 suffers from a remote SQL injection vulnerability.
Tags:

21:22
TheCarProject 2 SQL Injection
» ‎ Packet Storm Security Recent Files

TheCarProject version 2 suffers from a remote SQL injection vulnerability.
Tags:

21:22
TheCarProject 2 SQL Injection
» ‎ Packet Storm Security Misc. Files

TheCarProject version 2 suffers from a remote SQL injection vulnerability.
Tags:

20:41
Gitea 1.7.3 stored HTML injection (XSS)
» ‎ Bugtraq

Posted by Anti Räis on Mar 17
Gitea 1.7.3 stored HTML injection (XSS)
#######################################

Information
===========

Name: Gitea 1.7.0 - 1.7.3 stored HTML injection
Software: Gitea - a self-hosted Git service
Homepage: https://gitea.io/
Vulnerability: stored HTML injection
Affected: 1.7.0 - 1.7.3
Tested: 1.7.2, 1.7.3
Fixed: 1.7.4
Prerequisites: edit repository settings
Severity: low
CVE: NA

Credit:...

Tags:
20:38
[SECURITY] [DSA 4408-1] liblivemedia security update
» ‎ Bugtraq

Posted by Moritz Muehlenhoff on Mar 17
-------------------------------------------------------------------------
Debian Security Advisory DSA-4408-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : liblivemedia
CVE ID : CVE-2019-6256 CVE-2019-7314...

Tags:

20:33
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service
» ‎ Packet Storm Security Exploits

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.
Tags:

20:33
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service
» ‎ Packet Storm Security Recent Files

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.
Tags:

20:33
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service
» ‎ Packet Storm Security Misc. Files

WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.
Tags:

19:22
WinMPG Video Convert 9.3.5 Denial Of Service
» ‎ Packet Storm Security Exploits

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
Tags:

19:22
WinMPG Video Convert 9.3.5 Denial Of Service
» ‎ Packet Storm Security Recent Files

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
Tags:

19:22
WinMPG Video Convert 9.3.5 Denial Of Service
» ‎ Packet Storm Security Misc. Files

WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
Tags:

19:00
EBay Modules And Custom PCBs Make A Plug And Play Ham Transceiver
» ‎ Hack a Day

Many of us have fond memories of our introduction to electronics through the “200-in-1” sets that Radio Shack once sold, or even the more recent “Snap Circuits”-style kits. Most of eventually us move beyond these kits to design our circuits; still, there’s something to be said for modular designs. This …read more

Tags: Wireless hacks

18:11
WordPress FormCraft 2.0 CSRF / Shell Upload
» ‎ Packet Storm Security Exploits

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
Tags:

18:11
WordPress FormCraft 2.0 CSRF / Shell Upload
» ‎ Packet Storm Security Recent Files

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
Tags:

18:11
WordPress FormCraft 2.0 CSRF / Shell Upload
» ‎ Packet Storm Security Misc. Files

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
Tags:

16:00
Hackaday Links: March 17, 2019
» ‎ Hack a Day

There’s now an official Raspberry Pi keyboard and mouse. The mouse is a mouse clad in pink and white plastic, but the Pi keyboard has some stuff going for it. It’s small, which is what you want for a Pi keyboard, and it has a built-in USB hub. Even Apple …read more

Tags: hackaday Columns
13:00
Vintage Atari Becomes Modern Keyboard
» ‎ Hack a Day

The modern keyboard enthusiast is blessed with innumerable choices when it comes to typing hardware. There are keyboards designed specifically for gaming, fast typing, ergonomics, and all manner of other criteria. [iot4c] undertook their own build for no other reason than nostalgia – which sounds plenty fun to us.

An …read more

Tags: arduino hacks
10:00
Custom Calculator Rolls D20 So You Don’t Have To
» ‎ Hack a Day

There are a number of sticking points that can keep new players away from complex tabletop games such as Dungeons & Dragons. Some people are intimidated by the math involved, and of course others just can’t find enough friends who are willing to sit down and play D&D with …read more

Tags: games
7:00
Making A 1940s Radio Digital With Nixies
» ‎ Hack a Day

Classix Philly One Oh Seven Nine is your home for Philly soul right at the top of the dial, and now you know why this writer isn’t allowed on the Hackaday podcast. That phrase, ‘top of the dial’ doesn’t mean much these days because we all have radios with a …read more

Tags: radio hacks
4:00
Building A Magnetic Loop Antenna
» ‎ Hack a Day

Antennas come in many shapes and sizes, with a variety of characteristics making them more or less suitable for various applications. The average hacker with only a middling exposure to RF may be familiar with trace antennas, yagis and dipoles, but there’s a whole load more out there. [Eric Sorensen] …read more

Tags: radio hacks
1:00
A Lasercut ATX Case For Your Next Desktop Rig
» ‎ Hack a Day

Case modding exploded in the late 1990s, as computer enthusiasts the world over grew tired of the beige box and took matters into their own hands. The movement began with custom paints and finishes on existing cases, with competitions and bragging rights then taking over to further push the state …read more

Tags: computer hacks
March 16, 2019
22:00
Alma The Talking Dog Might Win Some Bar Bets
» ‎ Hack a Day

Students at the University of Illinois at Urbana-Champaign have a brain-computer interface that can measure brainwaves. What did they do with it? They gave it to Alma, a golden labrador, as you can see in the video below. The code and enough info to duplicate the electronics are on GitHub. …read more

Tags: arduino hacks

19:22
CSZ CMS 1.2.1 Arbitrary File Upload
» ‎ Packet Storm Security Exploits

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
Tags:

19:22
CSZ CMS 1.2.1 Arbitrary File Upload
» ‎ Packet Storm Security Recent Files

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
Tags:

19:22
CSZ CMS 1.2.1 Arbitrary File Upload
» ‎ Packet Storm Security Misc. Files

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
Tags:

19:00
The MiniITX Retro System
» ‎ Hack a Day

There are hundreds of modern, retrocomputing projects out there that put ancient CPUs and chips in a modern context. The Neon816 from [Lenore] is perhaps one of the most impressive projects like this we’ve seen. It’s a classic system in a modern form factor, with modern video output, mashed together …read more

Tags: classic hacks
16:00
The Enlightenment Turns Light And Noise Into Sound
» ‎ Hack a Day

We’re all familiar with the subtle sounds of electrical equipment present in daily life. There’s the high-pitched whine of a CRT, the mains hum of a poorly isolated audio amplifier, and the wailing screams of inductors. Typically these sounds go unnoticed unless something is malfunctioning or otherwise wrong. However, Quiet …read more

Tags: art
13:00
Printable Filament Spool Hub Skips the Bearings
» ‎ Hack a Day

When you really start fine-tuning your 3D printer, you might start to notice that even the smallest things can have a noticeable impact on your prints. An open window can cause enough of a draft to make your print peel up from the bed, and the slightly askew diameter of …read more

Tags: printer hacks

11:49
Beto O'Rourke's Secret Membership In The cDc
» ‎ Packet Storm Security Headlines

Beto O'Rourke's Secret Membership In The cDc
Tags: headlinehackergovernmentusa
11:49
Beto O'Rourke Has Serious Hacker Credentials
» ‎ Packet Storm Security Headlines

Beto O'Rourke Has Serious Hacker Credentials
Tags: headlinehackergovernmentusa
11:49
You're Now In A Timeline In Which A US Presidential Hopeful Was In A Legendary Hacker Group
» ‎ Packet Storm Security Headlines

You're Now In A Timeline In Which A US Presidential Hopeful Was In A Legendary Hacker Group
Tags: headlinehackergovernmentusa

10:26
[SYSS-2018-033]: Fujitsu Wireless Keyboard Set LX901 - Keystroke Injection Vulnerability
» ‎ Full Disclosure

Posted by Matthias Deeg on Mar 16
Advisory ID: SYSS-2018-033
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2018-10-19
Solution Date: -
Public Disclosure: 2019-03-15
CVE Reference: CVE-2019-9835
Author of Advisory: Matthias Deeg...

Tags:
10:22
SQL injection in joshcam/mysqli-database-class library
» ‎ Full Disclosure

Posted by Jaroslav Lobačevski on Mar 16
https://packagist.org/packages/joshcam/mysqli-database-class aka
https://github.com/ThingEngineer/PHP-MySQLi-Database-Class v2.9.2 is
vulnerable to SQL injection in functon Where() because of special
"forkaround" at line 971
<https://github.com/ThingEngineer/PHP-MySQLi-Database-Class/blob/eaf1f6cc387c8464ea6a9221fb308669beed3a63/MysqliDb.php#L971>

If $whereValue happens to be an array, key value is used as $operator to
build...

Tags:

10:00
Tweetbot Expresses Twitter Emotions
» ‎ Hack a Day

When reading textual communications, it can be difficult to accurately acertain emotional intent. Individual humans can be better or worse at this, with sometimes hilarious results when it goes wrong. Regardless, there’s nothing a human can do that a machine won’t eventually do better. For just this purpose, Tweetbot is …read more

Tags: robots hacks

9:52
IPv6 Security for IPv4 Engineers
» ‎ Full Disclosure

Posted by Fernando Gont on Mar 16
Folks,

It is often argued that IPv4 practices should be forgotten when
deploying IPv6, as after all IPv6 is a different protocol! But we think
years of IPv4 operational experience should be leveraged as much as
possible.

So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to
IPv6 security that is specifically aimed at IPv4 engineers and operators.

Rather than describing IPv6 in an isolated manner, it aims to re-use as
much of...

Tags:
9:51
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)
» ‎ Full Disclosure

Posted by David Coomber on Mar 16
Cisco Common Service Platform Collector - Hardcoded Credentials (CVE-2019-1723)

Tags:
9:51
[**UPDATED] Microsoft Windows .Reg File / Dialog Box Message Spoofing 0day
» ‎ Full Disclosure

Posted by hyp3rlinx on Mar 16
Added a few things I had previously left out that should have been
mentioned earlier.

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
A file with the .reg file extension is a Registration file used by the
Windows registry. These files can...

Tags:
9:50
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
» ‎ Full Disclosure

Posted by Manuel Garcia Cardenas on Mar 16
=============================================
MGC ALERT 2019-001
- Original release date: February 06, 2019
- Last revised: March 13, 2019
- Discovered by: Manuel García Cárdenas
- Severity: 7/10 (CVSS Base Score)
- CVE-ID: CVE-2019-9618
=============================================

I. VULNERABILITY
-------------------------
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

II. BACKGROUND
-------------------------...

Tags:

8:33
WordPress Releases 14 Fixes In Latest Security Updates
» ‎ Packet Storm Security Headlines

WordPress Releases 14 Fixes In Latest Security Updates
Tags: headlineflawpatchwordpress
8:33
Google May Face Investigation Over Antitrust, Privacy Issues
» ‎ Packet Storm Security Headlines

Google May Face Investigation Over Antitrust, Privacy Issues
Tags: headlinegovernmentprivacygoogle
8:32
Singapore Public Sector Reports Yet Another Security Lapse
» ‎ Packet Storm Security Headlines

Singapore Public Sector Reports Yet Another Security Lapse
Tags: headlinegovernmentprivacydata losssingapore

8:27
Ubuntu Security Notice USN-3910-1
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.
Tags:

8:27
Ubuntu Security Notice USN-3910-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.
Tags:

8:27
Ubuntu Security Notice USN-3910-1
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.
Tags:

8:27
Ubuntu Security Notice USN-3910-2
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.
Tags:

8:27
Ubuntu Security Notice USN-3910-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.
Tags:

8:27
Ubuntu Security Notice USN-3910-2
» ‎ Packet Storm Security Misc. Files

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.
Tags:

8:24
Beto O'Rourke Was Part Of The Cult Of The Dead Cow
» ‎ Packet Storm Security Headlines

Beto O'Rourke Was Part Of The Cult Of The Dead Cow
Tags: headlinehackergovernmentusa

7:00
A Soap Film Photography How-To
» ‎ Hack a Day

Blowing bubbles is a pastime enjoyed by young and old alike. The pleasant motion and swirling colors of the bubbles can be remarkably relaxing. With the right tools and techniques, it’s possible to take striking photos of these soap film phenomena, and that’s exactly what [Eric] and [Travis] did.

After …read more

Tags: digital cameras hacks

6:22
PHP MySQLi Database Class 2.9.2 SQL Injection
» ‎ Packet Storm Security Exploits

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
Tags:

6:22
PHP MySQLi Database Class 2.9.2 SQL Injection
» ‎ Packet Storm Security Recent Files

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
Tags:

6:22
PHP MySQLi Database Class 2.9.2 SQL Injection
» ‎ Packet Storm Security Misc. Files

PHP MySQLi Database Class version 2.9.2 which is from joshcam suffers from a remote SQL injection vulnerability.
Tags:

5:58
#0daytoday #WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit [dos #exploits #0day #Exploit]
Tags:

4:00
An Airbag Charge To Launch A Projectile
» ‎ Hack a Day

It’s not particularly easy to buy small explosive charges. At least, it’s not in the UK, from where [Turbo Conquering Mega Eagle] hails. But it is surprisingly easy to get your hands on one because most people drive around with one right in front of them in the form of …read more

Tags: weapons hacks
1:00
Spotting Scope Mount Makes for More Comfortable Target Scoring
» ‎ Hack a Day

One of the big bottlenecks in target shooting is the scoring process. Even if it’s not a serious match, it’s still important to know where holes have landed because it’s important feedback on technique and performance. One way to see hits on a target without leaving the firing line is …read more

Tags: tool hacks
March 15, 2019
22:00
Home Brewing Rig Gets A Particle Upgrade
» ‎ Hack a Day

Home brewing is a pastime that can be as much an art or a science as you make it, depending on your predilections. [Brandon Satrom] is one who leans very much towards the science side. There’s plenty that can be done to monitor and control a brew, and [Brandon] is …read more

Tags: classic hacks
19:00
Extracting Bismuth From Pepto Bismol
» ‎ Hack a Day

Bismuth is a very odd metal that you see in cosmetic pigments and as a replacement for lead, since it is less toxic. You will also see it — or an alloy — in fire sprinklers since it melts readily. However, the most common place you might encounter bismuth is …read more

Tags: chemistry hacks

17:12
#0daytoday #Webmin 1.900 Upload Authenticated Remote Command Execution Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Webmin 1.900 Upload Authenticated Remote Command Execution Exploit [remote #exploits #0day #Exploit]
Tags:
17:12
#0daytoday #BMC Patrol Agent Privilege Escalation / Command Execution Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #BMC Patrol Agent Privilege Escalation / Command Execution Exploit [remote #exploits #0day #Exploit]
Tags:

16:00
This Arduino Feeds The Dog
» ‎ Hack a Day

Part of the joy of owning a dog is feeding it. How often do you get to make another living being that happy? However, sometimes you can’t be there when your best friend is hungry. [El Taller De TD] built an auto dog feeder using an Arduino and stepper motor. …read more

Tags: arduino hacks

14:53
Webmin 1.900 Upload Authenticated Remote Command Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
Tags:

14:53
Webmin 1.900 Upload Authenticated Remote Command Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
Tags:

14:53
Webmin 1.900 Upload Authenticated Remote Command Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
Tags:

14:51
BMC Patrol Agent Privilege Escalation / Command Execution
» ‎ Packet Storm Security Exploits

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.
Tags:

14:51
BMC Patrol Agent Privilege Escalation / Command Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.
Tags:

14:51
BMC Patrol Agent Privilege Escalation / Command Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.
Tags:

14:43
Fujitsu LX901 GK900 Keystroke Injection
» ‎ Packet Storm Security Advisories

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).
Tags:

14:43
Fujitsu LX901 GK900 Keystroke Injection
» ‎ Packet Storm Security Recent Files

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).
Tags:

14:43
Fujitsu LX901 GK900 Keystroke Injection
» ‎ Packet Storm Security Misc. Files

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).
Tags:

14:41
VMware Security Advisory 2019-0003
» ‎ Packet Storm Security Advisories

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.
Tags:

14:41
VMware Security Advisory 2019-0003
» ‎ Packet Storm Security Recent Files

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.
Tags:

14:41
VMware Security Advisory 2019-0003
» ‎ Packet Storm Security Misc. Files

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.
Tags:

14:39
VMware Security Advisory 2019-0002
» ‎ Packet Storm Security Advisories

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.
Tags:

14:39
VMware Security Advisory 2019-0002
» ‎ Packet Storm Security Recent Files

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.
Tags:

14:39
VMware Security Advisory 2019-0002
» ‎ Packet Storm Security Misc. Files

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.
Tags:

14:33
#0daytoday #Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
Tags:
14:33
#0daytoday #ICE HRM 23.0 - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #ICE HRM 23.0 - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
Tags:
14:33
#0daytoday #NetData 1.13.0 - HTML Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #NetData 1.13.0 - HTML Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]
Tags:

13:32
Moodle 3.4.1 Remote Code Execution
» ‎ Packet Storm Security Exploits

Moodle version 3.4.1 remote code execution exploit.
Tags:

13:32
Moodle 3.4.1 Remote Code Execution
» ‎ Packet Storm Security Recent Files

Moodle version 3.4.1 remote code execution exploit.
Tags:

13:32
Moodle 3.4.1 Remote Code Execution
» ‎ Packet Storm Security Misc. Files

Moodle version 3.4.1 remote code execution exploit.
Tags:

13:24
#0daytoday #CMSMadeSimple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #CMSMadeSimple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload Exploit [#0day #Exploit]
Tags:
13:24
#0daytoday #CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload Exploit [#0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload Exploit [#0day #Exploit]
Tags:
13:22
#0daytoday #MailCarrier 2.5.1 - MAIL FROM Buffer Overflow Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #MailCarrier 2.5.1 - MAIL FROM Buffer Overflow Exploit [remote #exploits #0day #Exploit]
Tags:
13:22
#0daytoday #Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit [remote #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit [remote #exploits #0day #Exploit]
Tags:
13:21
#0daytoday #Laundry CMS - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Laundry CMS - Multiple Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]
Tags:

13:00
Octavo Systems Shows Off With Deadbug Linux Computer
» ‎ Hack a Day

Once upon a time, small Linux-capable single board computers were novelties, but not anymore. Today we have a wide selection of them, many built around modules we could buy for our own projects. Some of the chipset suppliers behind these boards compete on cost, others find a niche to differentiate …read more

Tags: Hardware

11:58
#0daytoday #Moodle 3.4.1 - Remote Code Execution Exploit CVE-2018-1133 [webapps #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #Moodle 3.4.1 - Remote Code Execution Exploit CVE-2018-1133 [webapps #exploits #0day #Exploit]
Tags:

11:30
RetroPie NES Clock Tells You When it’s Game Time
» ‎ Hack a Day

We’ve all seen the 3D printed replicas of classic game consoles which house a Raspberry Pi; in fact, there’s a pretty good chance some of the people reading this post have one of their own. They’re a great way to add some classic gaming emulation to your entertainment center, especially …read more

Tags: nintendo hacks

11:22
Mail Carrier 2.5.1 Buffer Overflow
» ‎ Packet Storm Security Exploits

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.
Tags:

11:22
Mail Carrier 2.5.1 Buffer Overflow
» ‎ Packet Storm Security Recent Files

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.
Tags:

11:22
Mail Carrier 2.5.1 Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.
Tags:

11:19
#0daytoday #WinMPG Video Convert Local Dos Exploit [dos #exploits #0day #Exploit]
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

#0daytoday #WinMPG Video Convert Local Dos Exploit [dos #exploits #0day #Exploit]
Tags:

10:01
Mid-Winter Hacker Camp In Civilised Surroundings
» ‎ Hack a Day

Imagine a weekend of opulence in which you meet your companion at the railway station and whisk away across the continent in a 190mph express train for a relaxing couple of days enjoying the ambience of a luxury resort hotel in the fresh surroundings of a woodland in midwinter. Break …read more

Tags: cons
9:01
Hackaday Podcast Ep10 – XKCD Graphs, Turing Complete Meta Computers, False Finger Printing 3D Printers, and Jargon
» ‎ Hack a Day

Enclosure: [download]

Elliot Williams and Mike Szczys walk through the past week in hackerdom. There’s a new jargon quiz! Do you know what astrictive robotic prehension means? We look at the $50 Ham series, omni-wheeled pen plotting robots, a spectrum of LED hacks, LEGO CNC for chocolate rework, and grinding lenses with …read more

Tags: hackaday Columns
8:30
This Super Realistic LED Candle is Smoking Hot
» ‎ Hack a Day

Over the last few years, LED candles have become increasingly common; and for good reason. From a distance a decent LED candle is a pretty convincing facsimile for the real thing, providing a low flickering glow without that annoying risk of burning your house down. But there’s something to be …read more

Tags: led hacks

8:02
ICE HRM 23.0 SQL / Iframe Injection
» ‎ Packet Storm Security Exploits

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

8:02
ICE HRM 23.0 SQL / Iframe Injection
» ‎ Packet Storm Security Recent Files

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

8:02
ICE HRM 23.0 SQL / Iframe Injection
» ‎ Packet Storm Security Misc. Files

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.
Tags:

7:44
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
» ‎ Packet Storm Security Exploits

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
Tags:

7:44
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
» ‎ Packet Storm Security Recent Files

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
Tags:

7:44
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
» ‎ Packet Storm Security Misc. Files

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
Tags:

7:33
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
» ‎ Packet Storm Security Exploits

Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities.
Tags:

7:33
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
» ‎ Packet Storm Security Recent Files

Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities.
Tags:

Skip to page: 1 2 3 4 ... 882

Feeds

Recent items

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: peripherals hacks

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: arduino hacks

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: Ask hackaday

Tags: cons

Tags:

Tags:

Tags:

Tags: ARM

Tags:

Tags:

Tags:

Tags: headlinegovernmentrussiacensorship

Tags: headlinemalwarescada

Tags: headlinegovernmentprivacydata lossspyware

Tags: headlineprivacyflawpatchcryptography

Tags:

Tags:

Tags:

Tags:

Tags:

Tags:

Tags: digital audio hacks

Tags:

Tags: