Twenty Year Anniversary
Showing 1 - 24 of 24 RSS Feed

Files Date: 2018-01-18

cryptmount Filesystem Manager 5.2.4
Posted Jan 18, 2018
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Minor updates to documentation and debian packaging. Patched to support cryptsetup-2.x. Updated to automake-1.15.
tags | tool, kernel, encryption
systems | linux
MD5 | c2a3307ccb893369431f54830f8ad91f
Lynis Auditing Tool 2.6.0
Posted Jan 18, 2018
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Binary paths are now sorted. Greek language added. systemd detection improved. VirtualBox detection extended. Several code enhancements.
tags | tool, scanner
systems | unix
MD5 | d94540fc736879fc36a5aa32ffb09dbb
Primefaces 5.x Remote Code Execution
Posted Jan 18, 2018
Authored by Bjoern Schuette | Site metasploit.com

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

tags | exploit, remote, crypto, code execution
advisories | CVE-2017-1000486
MD5 | a290d8a9cb6552111c22dc331da1c4dc
Falco 0.9.0
Posted Jan 18, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Fixed driver incompatibility problems with some linux kernel versions that can disable pagefault tracepoints. Fixed OSX Build incompatibility with latest version of libcurl.
tags | tool, intrusion detection
systems | unix
MD5 | 8a3c23cdb8e05cb25272c1a6ea2c9067
glibc getcwd() Local Privilege Escalation
Posted Jan 18, 2018
Authored by halfdog

glibc suffers from a getcwd() local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-1000001
MD5 | e79c3ac4621ad3e8b1aa9ccefe2bfd86
GitStack 2.3.10 Remote Code Execution
Posted Jan 18, 2018
Authored by Kacper Szurek

GitStack version 2.3.10 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 6a2c421c9fca302ac949e344854f3553
Oracle JDeveloper IDE Directory Traversal
Posted Jan 18, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Oracle JDeveloper IDE suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-10273
MD5 | 547bcfa070ea60b42a0ee5d2efd530ed
Positive Hack Days VIII Call For Papers
Posted Jan 18, 2018
Site phdays.com

Call For Papers for Positive Hack Days VIII which will take place in Moscow, Russia.

tags | paper, conference
MD5 | f33e044f705a866fd08974fa00ad4de1
HP Security Bulletin HPESBHF03805 5
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03805 5 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 5 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | c7797b6d7641f2bbf214b3a82ed4ffd8
Slackware Security Advisory - bind Updates
Posted Jan 18, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-3145
MD5 | f6baf09da31a13a65a037473d8abe8ee
HP Security Bulletin HPESBMU03806 1
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03806 1 - A potential security vulnerability has been identified in HPE IceWall Products. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information or unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2017-8978
MD5 | 1be322cab5fa49b21c42972fda1ec71c
HP Security Bulletin HPSBGN02925 3
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02925 3 - Potential security vulnerabilities have been identified with HP IceWall SSO, IceWall File Manager and IceWall Federation Agent. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-4817, CVE-2013-4818, CVE-2013-4819, CVE-2013-4820
MD5 | 0c2f08d493a916274ac91b5727be2d7b
Debian Security Advisory 4090-1
Posted Jan 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4090-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions.

tags | advisory, remote, web, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2017-16510, CVE-2017-17091, CVE-2017-17092, CVE-2017-17093, CVE-2017-17094, CVE-2017-9066
MD5 | 2beda7d50eee1ab5df6eabf161548fba
Smiths Medical Medfusion 4000 DHCP Denial Of Service
Posted Jan 18, 2018
Authored by Scott Gayou

Smiths Medical Medfusion 4000 suffers from a dhcp related denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-12718
MD5 | 4c2f6fcef898c910b2256c9c3a7a1f4c
macOS 10.13 Kernel Memory Disclosure
Posted Jan 18, 2018
Authored by Google Security Research, ianbeer

macOS version 10.13 suffers from a kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability.

tags | exploit, kernel
advisories | CVE-2017-13878
MD5 | 64dd02ddcdb2646e983a2c6616d02c4a
Microsoft Edge Chakra JIT ImplicitCallFlags Update Bugs
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from multiple ImplicitCallFlags update bugs with RegExp.

tags | advisory
MD5 | c41a09cf405ff06d682f70d6a6758e71
Red Hat Security Advisory 2018-0095-01
Posted Jan 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0095-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | 2cd15f3e70ba139d291e291a0ad2e368
Ubuntu Security Notice USN-3536-1
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3536-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000001
MD5 | 8c4667c2973230ddb616da2d0fb05e48
Ubuntu Security Notice USN-3535-2
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3535-2 - USN-3535-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3145
MD5 | 16be36796713bd0ce125903a09864c07
Microsoft Edge Chakra AsmJSByteCodeGenerator::EmitCall Call Handling
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an AsmJSByteCodeGenerator::EmitCall call handling bug.

tags | exploit
advisories | CVE-2018-0780
MD5 | 1c7860ec256452b1d95a1e70975c4a35
Microsoft Edge Chakra JIT Loop Analysis Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a loop analysis bug that can perform an out-of-bounds write.

tags | exploit
advisories | CVE-2018-0777
MD5 | ff08702b950d0869cae0d738a90cb6ac
Microsoft Edge Chakra JIT Stack-To-Heap Copy Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a stack-to-heap copy bug.

tags | exploit
advisories | CVE-2018-0776
MD5 | 380e5767238c8dcf3ac7de7f26e6998c
Microsoft Edge Chakra Deferred Parsing
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Egde Chakra deferred parsing makes wrong scopes.

tags | exploit
advisories | CVE-2018-0775
MD5 | 8ebf986754c648c945c174f53fac15d2
Docker Sudo Privilege Escalation
Posted Jan 18, 2018
Authored by Pype

If a user has sudo permissions to /usr/bin/docker, it can be leveraged to escalated privileges to root.

tags | exploit, root
MD5 | 52de940cff9cf249313f9f59cec9e950
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    1 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close