exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2018-01-06

Gespage 7.4.8 Cross Site Scripting
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-7998
SHA-256 | 61ed56b868b851bca85d2f6fb99510969316fac0e949f20b0928b7659f72ee1d
Gespage 7.4.8 SQL Injection
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-7997
SHA-256 | 6d137114955f25ce87b8b94569e800383a043662dc7525e2d8c18da8d86bd226
WordPress WpJobBoard 4.4.4 SQL Injection
Posted Jan 6, 2018
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

WordPress WpJobBoard plugin version 4.4.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1ad8f3e9c19237b7a1a23acf6f486a686a67310e217ee84b533893309b576dad
BarcodeWiz ActiveX Control Buffer Overflow
Posted Jan 6, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-5221
SHA-256 | 6101e91a84aee00fafb0cebb5718a2df43f7b5c55b823edf4cf69caa14768177
Cisco IOS SNMP Remote Code Execution
Posted Jan 6, 2018
Authored by Artem Kondratenko

Cisco IOS SNMP service remote code execution exploit.

tags | exploit, remote, code execution
systems | cisco, ios
advisories | CVE-2017-6736
SHA-256 | 9f964db2a690372711f23da711b9a272698adce51482c42bd5d5bf13e43c9e2e
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
Posted Jan 6, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall SonicOS NSA Web Firewall is susceptible to cross site scripting attacks due to a filter bypass vulnerability.

tags | exploit, web, xss, bypass
SHA-256 | 3507e3d5b4bc08673e12b00d92092bb6f5e83e2e37becd1ba7e381c53773dc7a
Microsoft Security Bulletin CVE Revision Increment For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary lists major revision increments for over a dozen CVEs that have been addressed.

tags | advisory
advisories | CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0818
SHA-256 | 5848181ca8df9846260988604002ca7b59b0a857b7d4dedf4caeae500c687777
CommuniGatePro 6.2 Missing XIMSS Tag Validation
Posted Jan 6, 2018
Authored by Boumediene Kaddour

CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack.

tags | exploit, spoof, protocol
advisories | CVE-2018-3815
SHA-256 | f00dd778406df51480f7ccd47316461503035264e6731c7aaf2d183f393ef558
Microsoft Security Bulletin Advisory Update For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.

tags | advisory
SHA-256 | 61f21b4684aae1306cab75a28f2554304e259dd0812218a7ad9b893747166bb9
Red Hat Security Advisory 2018-0045-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0045-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | 542165fcbc34e63f411ff45275cf2a305c1482b55a4c39c669a96905ca9bb7ae
Red Hat Security Advisory 2018-0050-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0050-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | b95605692f7b25786d00413c6c9dd199666547a858e1e6952cf74c8aef06e317
Red Hat Security Advisory 2018-0044-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0044-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | f162d6e28a79a44d3ab4b74a24e8fc533392ffec8883c41a04ba59dae7822549
Red Hat Security Advisory 2018-0047-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0047-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | c9bdd48d31a83c5e417e40f1f0f48a0c7de2b8893451283aa802fd841446a505
Red Hat Security Advisory 2018-0046-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0046-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 03a18dc0520cdf7f899a8c1faad5f613b49ad125f3bd3385397c8d4bacfc0c16
Red Hat Security Advisory 2018-0048-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0048-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 705f4597d424711f752d6af3ce73fe92465d93657358f1c536c65c490e149942
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
SHA-256 | 0ed258fac8391ebdb3640c895289db1d7c69d495280ee9f65578004df6a1089d
Red Hat Security Advisory 2018-0055-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0055-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 1dc2d570f6e39530e3b71c3992eb37eb773f55bc83bd4de3e785b7f238df418a
Red Hat Security Advisory 2018-0060-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0060-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | eb4cb967e3bd39df8ab174cfdaac6e25f9d10b5f1addfce72a7bd095c53ba283
Red Hat Security Advisory 2018-0059-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0059-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | ec966cfeac8c44af04e41d56d84b535d0b426600dba5e64836a9aa8e83789a6f
Red Hat Security Advisory 2018-0057-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0057-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 8b8b96e613d40f0b01fb4c473729d659023ae9332c29f5f373cb9c801ad62bef
Red Hat Security Advisory 2018-0056-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0056-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | bec0dcde995ef78c7411cad794bd79a9f687140c9b36f458f777fd505e4986fb
Red Hat Security Advisory 2018-0058-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0058-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | e2ac28baa05215fcea2f737548d780c399aff722edee29f4b38cfca82246e3de
Red Hat Security Advisory 2018-0054-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0054-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 3ad8cc966fe74dd6364eb3d890407f43290bdacc392105c5d5b5f279fd3d720e
Red Hat Security Advisory 2018-0053-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0053-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 5ea27878a3dfeb7d3c74d5fc8d56caa06962275010ce4ba5a5c1d7917eb39452
Red Hat Security Advisory 2018-0051-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0051-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following package has been upgraded to a later upstream version: rhevm-setup-plugins. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
SHA-256 | 855742f8f4cb15af227e6919243c31a7a3c72a1350a97ccfc123bc7a5c1e10d0
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close