Twenty Year Anniversary
Showing 1 - 25 of 40 RSS Feed

Files Date: 2018-01-06

Gespage 7.4.8 Cross Site Scripting
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-7998
MD5 | 66f3d99a7e07c48ab4b4edbd0eab42df
Gespage 7.4.8 SQL Injection
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-7997
MD5 | e15279677f72561bb5c991e0efcc87d4
WordPress WpJobBoard 4.4.4 SQL Injection
Posted Jan 6, 2018
Site vulnerability-lab.com

WordPress WpJobBoard plugin version 4.4.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3fee0762cf15dddb829c9979f9a9fb06
BarcodeWiz ActiveX Control Buffer Overflow
Posted Jan 6, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-5221
MD5 | 5a6d87beda1eb2117a5a9eb2725e9ddb
Cisco IOS SNMP Remote Code Execution
Posted Jan 6, 2018
Authored by Artem Kondratenko

Cisco IOS SNMP service remote code execution exploit.

tags | exploit, remote, code execution
systems | cisco, ios
advisories | CVE-2017-6736
MD5 | 5f3951091331dd74f24502404f32ca06
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
Posted Jan 6, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall SonicOS NSA Web Firewall is susceptible to cross site scripting attacks due to a filter bypass vulnerability.

tags | exploit, web, xss, bypass
MD5 | e60fdb119e38a2aa6639b763600c6a00
Microsoft Security Bulletin CVE Revision Increment For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary lists major revision increments for over a dozen CVEs that have been addressed.

tags | advisory
advisories | CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0818
MD5 | ac616cbdb1562d8e8e5e7f79b4e713de
CommuniGatePro 6.2 Missing XIMSS Tag Validation
Posted Jan 6, 2018
Authored by Boumediene Kaddour

CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack.

tags | exploit, spoof, protocol
advisories | CVE-2018-3815
MD5 | 84fb8e61eb31978a4e21f108b7056c8a
Microsoft Security Bulletin Advisory Update For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.

tags | advisory
MD5 | 68be4c9405ca884267654cfd9e4cd99f
Red Hat Security Advisory 2018-0045-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0045-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
MD5 | 3801e285f83652bdee488c5ce194cc02
Red Hat Security Advisory 2018-0050-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0050-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 789b2782d492f7a08a2e27fc11fc7106
Red Hat Security Advisory 2018-0044-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0044-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
MD5 | b95040d4658759b267c133ea8e404b54
Red Hat Security Advisory 2018-0047-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0047-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
MD5 | 500aa112c12a47932d450136c8e2db95
Red Hat Security Advisory 2018-0046-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0046-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory, kernel
systems | linux, redhat
MD5 | 8e3ec63d1bfb93c35c5a4ab2eaf3f578
Red Hat Security Advisory 2018-0048-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0048-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | cb4e02997cfd9c2a1602dcb69cc58260
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
MD5 | 7515f6660d050f517b1107818beb00d4
Red Hat Security Advisory 2018-0055-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0055-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | b127eff3bcb9ed1a1ee664f7e788007f
Red Hat Security Advisory 2018-0060-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0060-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
MD5 | 3ee2400dab26829c3f91c2562cb84039
Red Hat Security Advisory 2018-0059-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0059-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
MD5 | 5ec0944600975f9814f6a56217b45704
Red Hat Security Advisory 2018-0057-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0057-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
MD5 | 895dcb8ba4ca0e0e040442de4c6c50ed
Red Hat Security Advisory 2018-0056-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0056-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
MD5 | cf477efec214722e954ec30a0e311884
Red Hat Security Advisory 2018-0058-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0058-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
MD5 | d7248ef0aa58cc14896b658964cc4a7c
Red Hat Security Advisory 2018-0054-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0054-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | 424ee15c3f7851572046aabe532ff649
Red Hat Security Advisory 2018-0053-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0053-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
MD5 | d89b6df9b3042f313bbd90e16953ed02
Red Hat Security Advisory 2018-0051-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0051-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following package has been upgraded to a later upstream version: rhevm-setup-plugins. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
MD5 | 91b23193ed79dab3bffb05023e592870
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    1 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close