what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-02-21

Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
SHA-256 | 891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6ab
Asterisk Project Security Advisory - AST-2018-001
Posted Feb 21, 2018
Authored by Joshua Colp, Sebastien Duthil | Site asterisk.org

Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.

tags | advisory, registry
advisories | CVE-2018-7285
SHA-256 | 7deda55a35acebe5f67e42485b2042572f1941ee107a31867433c7a487a737c0
Trend Micro Email Encryption Gateway XSS / Code Execution
Posted Feb 21, 2018
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224, CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230
SHA-256 | 5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428
Red Hat Security Advisory 2018-0342-01
Posted Feb 21, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-15095, CVE-2017-17485, CVE-2017-7525
SHA-256 | 6c43e18a6120401c278a1c45ec616eece4dffcb52a0c05c541f3dcf91ad4be85
EChat Server 3.1 CHAT.ghp Buffer Overflow
Posted Feb 21, 2018
Authored by Juan Sacco

EChat Server version 3.1 suffers from a buffer overflow vulnerability in CHAT.ghp.

tags | exploit, overflow
SHA-256 | 74be6f47092a3059526e778c79f81553fcaa34418b20c48a8eace6c18e743119
Ubuntu Security Notice USN-3580-1
Posted Feb 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | 5d5bf13f4bcbf073969de1f6ab2375fb2aa4970f1b1bea71c6df9d31307cca91
Ubuntu Security Notice USN-3579-1
Posted Feb 21, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3579-1 - It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6871
SHA-256 | f3872a1250abd74adc97da1e6a1fc8ace6d7d684e70810c2736f77ead5aba063
miSafes Mi-Cam Device Hijacking
Posted Feb 21, 2018
Authored by Mathias Frank | Site sec-consult.com

miSafes Mi-Cam remote video monitors suffer from broken session management, insecure direct object reference, password handling issues, and various other vulnerabilities.

tags | advisory, remote, vulnerability
SHA-256 | 75ef1d97e2a643cdb4ef6b7947420b6565944cb108220c9441f7b1a25a110dff
Navarino Infinity Blind SQL Injection / Session Fixation
Posted Feb 21, 2018
Authored by Vangelis Stykas

Navarino Infinity versions prior to 2.2 suffer from session fixation and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 50cedc41f213355cd0d39ab12b744492186d722f2834bfa6a6272fcfd6ed97de
Sharutils 4.15.2 Heap Buffer Overflow
Posted Feb 21, 2018
Authored by nafiez

Sharutils version 4.15.2 suffers from a heap buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 280838c181c2bfda278d7c81a7674ed5b906ed6718f80e1236ef56c5798f9624
Hashcat Advanced Password Recovery 4.1.0 Source Code
Posted Feb 21, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: Options added and removed. Many hash modes added. Various other fixes and improvements.
tags | tool, cracker
systems | unix
SHA-256 | bd23997153c5a8c8b35da3931ff74a808561399de3f3e07058ff4d2f8617119c
Hashcat Advanced Password Recovery 4.1.0 Binary Release
Posted Feb 21, 2018
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: Options added and removed. Many hash modes added. Various other fixes and improvements.
tags | tool, cracker
SHA-256 | 6edac8a411f013408e5113b2419b3fe1fb5ea996b6c2e27cd8d8e54b0776b112
Yab Quarx 2.4.3 Cross Site Scripting
Posted Feb 21, 2018
Authored by Preethi Koroth

Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-7274
SHA-256 | abaa566e269ce6a0c0ebc3dd4b496f8b728488c8a5ab96b45063c0739f393255
Monstra CMS 3.0.4 Code Execution
Posted Feb 21, 2018
Authored by Hashim Jawad

Monstra CMS versions 3.0.4 and below could suffer from a PHP7 remote code execution vulnerability if certain server conditions are met.

tags | exploit, remote, code execution
SHA-256 | 853acb2973915dbb0c78a76c516ac2881f35285e1e767a8b6982148964266a90
PureVPN 5.19.4.0 Privilege Escalation
Posted Feb 21, 2018
Authored by DefenseCode, Bosko Stankovic

PureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.

tags | advisory
SHA-256 | f01935ae5539d9a66d7d09ee0ec64486230558bc46f1e918ef59cf2148cdaa26
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close