Twenty Year Anniversary

Recent Files

Files RSS Feed
Ubuntu Security Notice USN-3816-2
Posted Nov 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-2 - USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, ubuntu
Ricoh myPrint Hardcoded Credentials / Information Disclosure
Posted Nov 20, 2018
Authored by Hodorsec

Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected.

tags | exploit, vulnerability, info disclosure
systems | windows
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-0801DU version 7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

tags | exploit, cgi, bypass
Microsoft Edge Chakra OP_Memset Type Confusion
Posted Nov 19, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra OP_Memset type confusion vulnerability.

tags | exploit
XMPlay 3.8.3 Denial Of Service
Posted Nov 18, 2018
Authored by s7acktrac3

XMPlay version 3.8.3 suffers from a denial of service vulnerability.

tags | exploit, denial of service
HTML Video Player 1.2.5 Buffer Overflow
Posted Nov 17, 2018
Authored by Kagan Capar

HTML Video Player version 1.2.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
Intel Rapid Storage Technology User Interface And Driver 15.9.0.1015 DLL Hijacking
Posted Nov 16, 2018
Authored by Stefan Kanthak

Intel Rapid Storage Technology User Interface and Driver version 15.9.0.1015 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
Budabot 4.0 Denial Of Service
Posted Nov 16, 2018
Authored by Ryan Delaney

Budabot versions 0.6 through 4.0 suffer from a denial of service vulnerability.

tags | exploit, denial of service
Easy Outlook Express Recovery 2.0 Denial Of Service
Posted Nov 16, 2018
Authored by Ihsan Sencan

Easy Outlook Express Recovery version 2.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
Ubuntu Security Notice USN-3824-1
Posted Nov 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
Mumsoft Easy Software 2.0 Denial Of Service
Posted Nov 16, 2018
Authored by Ihsan Sencan

Mumsoft Easy Software version 2.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
DomainMOD 4.11.01 Cross Site Scripting
Posted Nov 16, 2018
Authored by Dawood Ansar

DomainMOD versions 4.09.03 through 4.11.01 suffer from a cross site scripting vulnerability.

tags | exploit, xss
Helpdezk 1.1.1 Shell Upload
Posted Nov 16, 2018
Authored by Ihsan Sencan

Helpdezk version 1.1.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
Warranty Tracking System 11.06.3 SQL Injection
Posted Nov 16, 2018
Authored by Ihsan Sencan

Warranty Tracking System version 11.06.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
Kernel Live Patch Security Notice LSN-0045-1
Posted Nov 16, 2018
Authored by Benjamin M. Romer

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux
Everus.org 1.0.9 Second Factor Redirection
Posted Nov 16, 2018
Authored by Muhammad Shahbaz

The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.

tags | exploit, arbitrary
Linux Broken UID/GID Mapping
Posted Nov 16, 2018
Authored by Jann Horn, Google Security Research

Linux has a broken uid/gid mapping for nested user namespaces with greater than 5 ranges.

tags | exploit
systems | linux
Asterisk Project Security Advisory - AST-2018-010
Posted Nov 15, 2018
Authored by Jan Hoffmann | Site asterisk.org

Asterisk Project Security Advisory - There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker's request causes Asterisk to segfault and crash.

tags | advisory, overflow
PHP-Proxy 5.1.0 Local File Inclusion
Posted Nov 15, 2018
Authored by Ameer Pornillos

PHP-Proxy version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
Ubuntu Security Notice USN-3823-1
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3823-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
WordPress Ninja Forms 3.3.17 Cross Site Scripting
Posted Nov 15, 2018
Authored by MTK

WordPress Ninja Forms version 3.3.17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting
Posted Nov 15, 2018
Authored by Socket_0x03

WordPress Custom Frontend Login Registration Form plugin version 1.01 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
PHP Mass Mail 1.0 Shell Upload
Posted Nov 15, 2018
Authored by Ihsan Sencan

PHP Mass Mail version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
Red Hat Security Advisory 2018-3618-01
Posted Nov 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
View Older Files →

Recent News

News RSS Feed
Report: Charges Against Assange Relate To Russian Hacking
Posted Nov 17, 2018

tags | headline, government, usa, britain, russia, data loss, cyberwar
Amarillo City Workers PII Compromised
Posted Nov 17, 2018

tags | headline, government, usa, data loss
Blackberry In $1.4 Billion Deal To Buy Cylance
Posted Nov 17, 2018

tags | headline, blackberry
Emoji Attack Can Kill Skype For Business Chat
Posted Nov 17, 2018

tags | headline, microsoft, denial of service, skype
Justice Department Has Prepared Indictment Against Assange, Court Docs Reveal
Posted Nov 16, 2018

tags | headline, government, usa, britain, russia, data loss, cyberwar, spyware, military
John McAfee Found Liable For 2012 Death Of Belize Neighbor
Posted Nov 16, 2018

tags | headline, mcafee
How To Tell If Your Account Has Been Hacked
Posted Nov 16, 2018

tags | headline, hacker, google, yahoo, facebook, twitter
Russian Banks Hit By Major Phishing Attacks
Posted Nov 16, 2018

tags | headline, hacker, bank, russia, cybercrime, fraud, password, phish
One In Five Magecart Infected Stores Gets Reinfected Within Days
Posted Nov 15, 2018

tags | headline, malware, bank, cybercrime, fraud
Hi-Tech Watches Let Children Be Spied On
Posted Nov 15, 2018

tags | headline, privacy, flaw, spyware
View More News →

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close