what you don't know can hurt you

Recent Files

Files RSS Feed
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Mar 26, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
Apple Security Advisory 2019-3-25-6
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-6 - iCloud for Windows 7.11 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, xss
systems | windows, apple, 7
Apple Security Advisory 2019-3-25-1
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-1 - iOS 12.2 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, xss
systems | apple, ios
Apple Security Advisory 2019-3-25-5
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-5 - iTunes 12.9.4 for Windows is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, xss
systems | windows, apple
Apple Security Advisory 2019-3-25-3
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-3 - tvOS 12.2 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

tags | advisory, overflow, vulnerability, code execution, xss
systems | apple
Apple Security Advisory 2019-3-25-4
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-4 - Safari 12.1 is now available and addresses code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
Apple Security Advisory 2019-3-25-7
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-7 - Xcode 10.2 is now available and addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
Apple Security Advisory 2019-3-25-2
Posted Mar 26, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-3-25-2 - macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses buffer overflow, bypass, and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
Red Hat Security Advisory 2019-0641-01
Posted Mar 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0641-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2019-0638-01
Posted Mar 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0638-01 - Openwsman is a project intended to provide an open source implementation of the Web Services Management specification and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Issues addressed include an arbitrary file disclosure vulnerability.

tags | advisory, web, arbitrary, protocol
systems | linux, redhat
Red Hat Security Advisory 2019-0640-01
Posted Mar 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0640-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP30. Issues addressed include a buffer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
ABUS Secvest Remote Control Denial Of Service
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote
ABUS Secvest Remote Control Eavesdropping Issue
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote, protocol
Ubuntu Security Notice USN-3919-1
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
Ubuntu Security Notice USN-3918-2
Posted Mar 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-2 - USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
VMware Host VMX Process COM Class Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.

tags | exploit, arbitrary, registry
systems | windows
VMware Host VMX Process Impersonation Hijack Privilege Escalation
Posted Mar 25, 2019
Authored by James Forshaw, Google Security Research

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2.

tags | exploit
systems | windows
ABUS Secvest 3.01.01 Insecure Algorithm
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.

tags | advisory, remote, protocol
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
Debian Security Advisory 4416-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4416-1 - It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
Debian Security Advisory 4417-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
Debian Security Advisory 4415-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.

tags | advisory, web, arbitrary, local
systems | linux, debian
Debian Security Advisory 4414-1
Posted Mar 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.

tags | advisory
systems | linux, debian
Slackware Security Advisory - mozilla-firefox Updates
Posted Mar 25, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
Jettweb PHP Hazir Haber Sitesi Scripti 3 SQL Injection
Posted Mar 25, 2019
Authored by Ahmet Umit Bayram

Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
View Older Files →

Recent News

News RSS Feed
Critical Flaw Revealed In Facebook Fizz TLS Project
Posted Mar 23, 2019

tags | headline, flaw, facebook, social, cryptography
Researchers Find 36 New Security Flaws In LTE Protocol
Posted Mar 23, 2019

tags | headline, privacy, phone, flaw
FEMA Leaks Bank Details For 2.3 Million Survivors
Posted Mar 23, 2019

tags | headline, government, privacy, bank, usa, data loss
Mueller Report Is Just The Start Of A New Russia Showdown
Posted Mar 23, 2019

tags | headline, government, usa, russia, fraud, spyware, fbi
Hackers Take Down Safari, VMware, And Oracle At Pwn2Own
Posted Mar 22, 2019

tags | headline, hacker, flaw, oracle, apple, conference
Early Cambridge Analytica Fears Revealed
Posted Mar 22, 2019

tags | headline, government, privacy, data loss, fraud, facebook
FB Stored Hundreds Of Millions Of Passwords Unprotected
Posted Mar 22, 2019

tags | headline, privacy, data loss, password, facebook, social
Critical Flaw Lets Hackers Control Lifesaving Devices Implanted Inside Patients
Posted Mar 22, 2019

tags | headline, hacker, flaw
Facial Recognition Takes Off At Airports. Privacy Experts Want It Grounded.
Posted Mar 21, 2019

tags | headline, government, privacy, usa, terror
Korea Spycam Porn: 1,600 Fall Victim And Four Men Arrested
Posted Mar 21, 2019

tags | headline, privacy, fraud, korea
View More News →

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    14 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    17 Files
  • 23
    Mar 23rd
    1 Files
  • 24
    Mar 24th
    1 Files
  • 25
    Mar 25th
    16 Files
  • 26
    Mar 26th
    11 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close