exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2018-01-06

Gespage 7.4.8 Cross Site Scripting
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-7998
SHA-256 | 61ed56b868b851bca85d2f6fb99510969316fac0e949f20b0928b7659f72ee1d
Gespage 7.4.8 SQL Injection
Posted Jan 6, 2018
Authored by Mickael Karatekin

Gespage versions 7.4.8 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-7997
SHA-256 | 6d137114955f25ce87b8b94569e800383a043662dc7525e2d8c18da8d86bd226
WordPress WpJobBoard 4.4.4 SQL Injection
Posted Jan 6, 2018
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

WordPress WpJobBoard plugin version 4.4.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1ad8f3e9c19237b7a1a23acf6f486a686a67310e217ee84b533893309b576dad
BarcodeWiz ActiveX Control Buffer Overflow
Posted Jan 6, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-5221
SHA-256 | 6101e91a84aee00fafb0cebb5718a2df43f7b5c55b823edf4cf69caa14768177
Cisco IOS SNMP Remote Code Execution
Posted Jan 6, 2018
Authored by Artem Kondratenko

Cisco IOS SNMP service remote code execution exploit.

tags | exploit, remote, code execution
systems | cisco, ios
advisories | CVE-2017-6736
SHA-256 | 9f964db2a690372711f23da711b9a272698adce51482c42bd5d5bf13e43c9e2e
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
Posted Jan 6, 2018
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall SonicOS NSA Web Firewall is susceptible to cross site scripting attacks due to a filter bypass vulnerability.

tags | exploit, web, xss, bypass
SHA-256 | 3507e3d5b4bc08673e12b00d92092bb6f5e83e2e37becd1ba7e381c53773dc7a
Microsoft Security Bulletin CVE Revision Increment For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary lists major revision increments for over a dozen CVEs that have been addressed.

tags | advisory
advisories | CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0818
SHA-256 | 5848181ca8df9846260988604002ca7b59b0a857b7d4dedf4caeae500c687777
CommuniGatePro 6.2 Missing XIMSS Tag Validation
Posted Jan 6, 2018
Authored by Boumediene Kaddour

CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack.

tags | exploit, spoof, protocol
advisories | CVE-2018-3815
SHA-256 | f00dd778406df51480f7ccd47316461503035264e6731c7aaf2d183f393ef558
Microsoft Security Bulletin Advisory Update For January, 2018
Posted Jan 6, 2018
Site microsoft.com

This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.

tags | advisory
SHA-256 | 61f21b4684aae1306cab75a28f2554304e259dd0812218a7ad9b893747166bb9
Red Hat Security Advisory 2018-0045-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0045-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | 542165fcbc34e63f411ff45275cf2a305c1482b55a4c39c669a96905ca9bb7ae
Red Hat Security Advisory 2018-0050-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0050-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | b95605692f7b25786d00413c6c9dd199666547a858e1e6952cf74c8aef06e317
Red Hat Security Advisory 2018-0044-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0044-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | f162d6e28a79a44d3ab4b74a24e8fc533392ffec8883c41a04ba59dae7822549
Red Hat Security Advisory 2018-0047-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0047-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory
systems | linux, redhat
SHA-256 | c9bdd48d31a83c5e417e40f1f0f48a0c7de2b8893451283aa802fd841446a505
Red Hat Security Advisory 2018-0046-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0046-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 03a18dc0520cdf7f899a8c1faad5f613b49ad125f3bd3385397c8d4bacfc0c16
Red Hat Security Advisory 2018-0048-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0048-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 705f4597d424711f752d6af3ce73fe92465d93657358f1c536c65c490e149942
Ubuntu Security Notice USN-3516-1
Posted Jan 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3516-1 - It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions.

tags | advisory, web, javascript
systems | linux, ubuntu
advisories | CVE-2017-5753, CVE-2017-5754
SHA-256 | 0ed258fac8391ebdb3640c895289db1d7c69d495280ee9f65578004df6a1089d
Red Hat Security Advisory 2018-0055-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0055-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 1dc2d570f6e39530e3b71c3992eb37eb773f55bc83bd4de3e785b7f238df418a
Red Hat Security Advisory 2018-0060-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0060-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | eb4cb967e3bd39df8ab174cfdaac6e25f9d10b5f1addfce72a7bd095c53ba283
Red Hat Security Advisory 2018-0059-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0059-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | ec966cfeac8c44af04e41d56d84b535d0b426600dba5e64836a9aa8e83789a6f
Red Hat Security Advisory 2018-0057-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0057-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 8b8b96e613d40f0b01fb4c473729d659023ae9332c29f5f373cb9c801ad62bef
Red Hat Security Advisory 2018-0056-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0056-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | bec0dcde995ef78c7411cad794bd79a9f687140c9b36f458f777fd505e4986fb
Red Hat Security Advisory 2018-0058-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0058-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | e2ac28baa05215fcea2f737548d780c399aff722edee29f4b38cfca82246e3de
Red Hat Security Advisory 2018-0054-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0054-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 3ad8cc966fe74dd6364eb3d890407f43290bdacc392105c5d5b5f279fd3d720e
Red Hat Security Advisory 2018-0053-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0053-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 5ea27878a3dfeb7d3c74d5fc8d56caa06962275010ce4ba5a5c1d7917eb39452
Red Hat Security Advisory 2018-0051-01
Posted Jan 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0051-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following package has been upgraded to a later upstream version: rhevm-setup-plugins. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
SHA-256 | 855742f8f4cb15af227e6919243c31a7a3c72a1350a97ccfc123bc7a5c1e10d0
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close