Twenty Year Anniversary

Recent Files

Files RSS Feed
OpenSSL Toolkit 1.1.0i
Posted Aug 17, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed a client denial of service due to a large DH parameter addressed. Cache timing vulnerability fixed. Various other updates and fixes.
tags | tool, encryption, protocol
systems | unix
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Felix Wilhelm, Google Security Research

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.

tags | exploit
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.

tags | exploit
Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.

tags | exploit
Microsoft Edge Chakra Parameter Scope Parsing Bug
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a parameter scope parsing bug.

tags | exploit
Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.

tags | exploit, bypass
Silver Peak EdgeConnect 8.1.4.9_65644 XSS / DoS / Disclosure / Traversal
Posted Aug 17, 2018
Authored by Denis Kolegov, Antony Nikolaev, Nikita Oleksov, Nikolay Tkachenko, Maxim Gorbunov, Sergey Gordeychick, Oleg Broslavsky

Silver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
Debian Security Advisory 4276-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.

tags | advisory, arbitrary, php, vulnerability
systems | linux, debian
Debian Security Advisory 4275-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4275-1 - Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup.

tags | advisory
systems | linux, debian
Debian Security Advisory 4274-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.

tags | advisory
systems | linux, debian
Debian Security Advisory 4273-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".

tags | advisory
systems | linux, debian
Ubuntu Security Notice USN-3658-3
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
Red Hat Security Advisory 2018-2486-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2018-2482-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2482-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a container breakout vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2018-2469-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.

tags | advisory, java, web
systems | linux, redhat
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
ADM 3.1.2RHG1 Remote Code Execution
Posted Aug 17, 2018
Authored by Kyle Lovett, Matthew Fulton

ADM versions 3.1.2RHG1 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
Mikrotik WinBox 6.42 Credential Disclosure
Posted Aug 17, 2018
Authored by Maxim Yefimenko

Mikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.

tags | exploit, info disclosure
CEWE Photoshow 6.3.4 Denial Of Service
Posted Aug 17, 2018
Authored by Gionathan Reale

CEWE Photoshow version 6.3.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
Posted Aug 17, 2018
Authored by IRaNHaCK Security Team

WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
Microsoft Security Advisory Updates For August 15, 2018
Posted Aug 16, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on August 15, 2018.

tags | advisory
Microsoft Security Bulletin CVE Revision Increment For August, 2018
Posted Aug 16, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE updates for CVE-2018-8202 and CVE-2018-8284.

tags | advisory
Red Hat Security Advisory 2018-2439-01
Posted Aug 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2439-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a silly amount of unspecified vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
View Older Files →

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Recent News

News RSS Feed
Google Expands Bug Bounty To Include Fraud Protection Bypass
Posted Aug 16, 2018

tags | headline, fraud, flaw, google
Credit Card Skimmers Now Need To Fear The Reaper
Posted Aug 16, 2018

tags | headline, hacker, bank, cybercrime, fraud, conference
The Hackers Hunting Down Missing People
Posted Aug 16, 2018

tags | headline, hacker, privacy, conference
President Trump Relaxes US Cyber-Attack Rules
Posted Aug 16, 2018

tags | headline, government, usa, cyberwar, fbi, nsa, cia
Mystery Russian Satellite's Behavior Raises Alarm In US
Posted Aug 15, 2018

tags | headline, usa, russia, space, cyberwar, spyware
Adobe Fixes Critical Code Execution Flaws In Latest Patch Update
Posted Aug 15, 2018

tags | headline, flaw, adobe, patch
Instagram Hack Is Locking Hundreds Of Users Out Of Their Accounts
Posted Aug 15, 2018

tags | headline, hacker, denial of service, password, facebook
Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses
Posted Aug 15, 2018

tags | headline, flaw, cryptography, intel
Hackers Can Edit Policy Body Cam Footage Without Anybody Noticing
Posted Aug 15, 2018

tags | headline, hacker, government
Google Tracks Users Who Turn Off Location History
Posted Aug 15, 2018

tags | headline, privacy, google, spyware
View More News →

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close