On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.
8bee2db391a04c548de7c3126b3c73a4On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.
8c8cfa8d06fb3178fe47edd96393a118On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token's security level leading to impersonating a non-AC anonymous token leading to privilege escalation.
ec5a514309e694f43622f9260cc4f20aWhen creating a new file on an NTFS drive it's possible to circumvent security checks for setting an arbitrary owner and mandatory label leading to a non-admin user setting those parts of the security descriptor with non-standard values which could result in further attacks resulting privilege escalation.
23055e91c47aae5d9ca3bd19f9708bbaDebian Linux Security Advisory 4083-1 - Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.
a45b8d30d6ca7026bed1a8599319f4b9VMware Security Advisory 2018-0005 - VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.
9626383bdd42e1ee3b4eb490bf37558cVMware Security Advisory 2018-0004.1 - VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest remediation for speculative execution issue.
6c3dad31211a37710cf7f3e35ceb8eb7112 bytes small Linux/ARM (Raspberry Pi) null-free shellcode that binds a shell to 0.0.0.0:4444/TCP.
80fbc5d27e17dc9e5bb4b1bf5f0abea2This Metasploit module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.
8d30c79823a88f61fd7afa9d88d0562eThis Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
a040c104d632cd4ba7549225102c8f38This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit
49412c9229ada92b55b3cbcd05d8eb54Red Hat Security Advisory 2018-0081-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content.
9a6c4db77e3ce332ec06e707d527c1b0Ubuntu Security Notice 3522-4 - USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.
d73ea7e2336ce4f12a3f81d3406dd552WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.
171fbf4af364b138825c12c2a1ba6464WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.
3ca8963a8f503e09a95c667231a768d8WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.
396bea3f46a47c839564e82ee3df2688WordPress MQ ReLinks plugin version 1.8 suffers from cross site scripting and open redirection vulnerabilities.
53ce06689dd3835a0618f5cfdf0f4cf4Joomla! Easydiscuss component versions prior to 4.0.21 suffer from a cross site scripting vulnerability.
a5ecebe3d594d56be239429ba067ef39Jungo Windriver version 12.5.1 suffers from a privilege escalation vulnerability.
67a0592b2d0d5d615ce9d10d56288a70Ubuntu Security Notice 3522-3 - USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. Various other issues were also addressed.
4d7b4ced69dbbe793b9334bd984fd703Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities.
8de246217ead9b7cbf6d0453d197f92bUbuntu Security Notice 3528-1 - It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
dc434c8e6d1bb07724a5d915b4e77117Ubuntu Security Notice 3527-1 - Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.
a4b97d44d7baaee22df4be21e098e115Ubuntu Security Notice 3523-3 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5d97b063cad48e5c8411fa2be179fa07Ubuntu Security Notice 3532-2 - USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
c5a3f8d746ddf39bee7abb6f9185111e
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed