ClipBucket versions prior to 4.0.0 Release 4902 suffer from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
5f01efc19d73b84eb391886d4efcadc7HP Security Bulletin HPESBHF03826 1 - A security vulnerability in HPE Integrated Lights-Out 3 (iLO 3) allows remote Denial of Service (DoS). Revision 1 of this advisory.
c56a899cce863475c8fa1639c39cb897Red Hat Security Advisory 2018-0369-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: openstack-nova, python-novaclient.
cd7106719babe2e3386a0ce0aea1860dRed Hat Security Advisory 2018-0368-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.
4bc88efb847e3134ba965a7eaac570c6Sony Playstation 4 (PS4) 5.01 through 5.04 webkit code execution proof of concept exploit.
a43934fa8d5e7b94f0eaaf0e4f5fb50fActivePDF Toolkit versions prior to 8.1.0 suffer from multiple code execution vulnerabilities.
63ce9599e9a3f793133d10673c89b97bSchool Management Script version 3.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d390ad349e460d35d8493fd77e7a9e2dJoomla! K2 component version 2.8.0 suffers from an arbitrary file download vulnerability.
9d3f07059f7aca5bd9656309768aa984Sony Playstation 4 (PS4) versions 4.07 up to but not including 4.55 bpf local kernel code execution proof of concept exploit.
559cc86e3a21ec5fe15bbb6df9150f23Microsoft Windows versions 8.1 and 2012 R2 SMB denial of service exploit.
2bfe01792d14bfc3f8a4bbfad81b0a4cConcrete5 versions prior to 8.3.0 suffers from enumeration vulnerabilities.
7a65a55335a7d87c3dd77d770640d6deMyBB My Arcade plugin version 1.3 suffers from a cross site scripting vulnerability.
db17a1a287de15c1f89c6789e1cf6e44Schools Alert Management Script version 2.0.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5561cbf81e24d93f4a84037f9c7eb310In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.
7cd36446c3b5c0ae450fed8ca0fc7661GetGo Download Manager version 5.3.0.2712 SEH buffer overflow exploit.
0dbe01dfc17f246308b60318b96df631Red Hat Security Advisory 2018-0349-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.
acc95604b82a84e4f399a57bb863fb7eRed Hat Security Advisory 2018-0352-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
e0cdeb1987517362e8cd35b7df3056c5Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5.
1a1dfa782be396603fb5a78ae823f41eAsterisk running chan_pjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0.
e162142628fbfb5ba18a1ab13f113be7Ubuntu Security Notice 3584-1 - Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code.
0a5ec8a052d4762e3e8d7d30c9d77f5cRed Hat Security Advisory 2018-0351-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
943d11eff96cef665eeb7134e2a080d9Red Hat Security Advisory 2018-0350-01 - The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution.
e9bc1efaea17dedddb77265c803136d2Asterisk version 15.2.0 running chan_pjsip suffers from an SDP message related denial of service vulnerability.
873b23fd0ed9845d55e6420887487decAsterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.
323b863197d2d23bab8781c4b5ccc8ccTorrent file parsing in libtransmission suffers from overflow vulnerabilities.
04af27b8c3d0769c9ab52678f28df4a4
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed