Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed

CVE-2018-1257

Status Candidate

Overview

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Related Files

Red Hat Security Advisory 2018-3768-01
Posted Dec 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3768-01 - Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-5002, CVE-2016-5003, CVE-2017-12196, CVE-2018-12537, CVE-2018-1257, CVE-2018-1259, CVE-2018-1288, CVE-2018-1336, CVE-2018-8014, CVE-2018-8018, CVE-2018-8039, CVE-2018-8041
MD5 | 6379aa8994b8c9b0a411a17b70ade8a9
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
Posted Jul 2, 2018
Authored by Okan Coskun

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.

tags | exploit, remote, arbitrary
advisories | CVE-2018-12571
MD5 | 7c32094ad0851d110b5ec08cfce5b793
TP-Link TL-WR841N V13 Insecure Direct Object Reference
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vulnerability.

tags | exploit, bypass
advisories | CVE-2018-12575
MD5 | 37834a9f73c3857930c4f53e9735344e
TP-Link TL-WR841N V13 Command Injection
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from a blind command injection vulnerability.

tags | exploit
advisories | CVE-2018-12577
MD5 | 25067e303ff47629d127aab59afd2c69
TP-Link TL-WR841N V13 Cross Site Request Forgery
Posted Jun 28, 2018
Authored by Tim Coen

TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2018-12574
MD5 | 4f691c1bc47a0d96a8adc0d76ae88c96
Red Hat Security Advisory 2018-1809-01
Posted Jun 7, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1809-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.13 serves as a replacement for RHOAR Spring Boot 1.5.12, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1257, CVE-2018-1259, CVE-2018-1260
MD5 | 3a71a59b4993487c49e2172e7b6e7359
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close