what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-03-15

MikroTik RouterOS SMB Buffer Overflow
Posted Mar 15, 2018
Authored by Core Security Technologies, Juan Caillava, Maximiliano Vidal | Site coresecurity.com

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.

tags | exploit, remote, overflow, code execution
advisories | CVE-2018-7445
SHA-256 | f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Spring Data REST PATCH Request Remote Code Execution
Posted Mar 15, 2018
Authored by Antonio Francesco Sardella

Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-8046
SHA-256 | d1731be7e3c13eb181dffc18934b90d84ba2b0e795604b2cfbfe2829c85a1b0b
APT2 - An Automated Penetration Testing Toolkit 1.0
Posted Mar 15, 2018
Authored by MooseDojo | Site github.com

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

Changes: BlackHatAsia release.
tags | tool
systems | unix
SHA-256 | 7aa300429d6a0b709fbdadb7330886fba8194cbdeb3edf634379736834433398
Ubuntu Security Notice USN-3598-1
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3598-1 - Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122
SHA-256 | 5fbb1400645b61a044fca73ca639b2de1ff2a14cc946b3e01c95040b0d3af675
Red Hat Security Advisory 2018-0528-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0528-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-1000385
SHA-256 | 372a0abd076134eead331d3655baa5f73e9be7f5fdf3e7d32cc05c357e4a3f50
Red Hat Security Advisory 2018-0527-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0527-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | 5a57b6946c0c19743f5c8d622733aebe1a42b551e4aaa2cd85bda3e5b6cd6a9e
Debian Security Advisory 4138-1
Posted Mar 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

tags | advisory, remote, arbitrary, crypto, vulnerability
systems | linux, debian
advisories | CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
SHA-256 | 000142b4cb683ae87066a75057971417443fdc878266c68a19d146be3da88496
Red Hat Security Advisory 2018-0526-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0526-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | 1a11fea385f9134b845bdf721789f9cbcaa49e8f8d4b21f8ba21e3038d7f72f9
Ubuntu Security Notice USN-3597-2
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-2 - USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 23bc8db95216b5246352497682682f4334b47b5deb970a8e3701b66d7f9c1884
Ubuntu Security Notice USN-3597-1
Posted Mar 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3597-1 - USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | c1fff708893a2dfbc7b008429e3f314327f8a64ad5bdb9422d8f18fe0aeeb3c5
Red Hat Security Advisory 2018-0522-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0522-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.10, 1.1.7, and 2.0.6. These correspond to the March 2018 security release by .NET Core upstream projects. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0875
SHA-256 | 268ba877eaa55e61c645a4abf497035c60e9eb57e3da49097d7ca1b13c2860b5
Red Hat Security Advisory 2018-0521-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0521-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 7ae5584ed48fb8fe5feace735645093fc305fc5409fc9f6a5cbe1d76430117c6
Red Hat Security Advisory 2018-0520-01
Posted Mar 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0520-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.113. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4919, CVE-2018-4920
SHA-256 | edc41967a187b73428ac34bc9958665da2ee5c2a28308d89b467455931a88a2d
Slackware Security Advisory - curl Updates
Posted Mar 15, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122
SHA-256 | 4e58b48ccc1dd179e7f77394b3fa9ab462094736fe090ebe9f7204b3174c7c96
Debian Security Advisory 4139-1
Posted Mar 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4139-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, web, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145
SHA-256 | a318f7ba3e4cea81d40e5a7bdc2c5215d3dc61bdb1cf5f4069fa0e9ec49d8091
VMware Security Advisory 2018-0008
Posted Mar 15, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0008 - Workstation and Fusion updates address a denial-of-service vulnerability.

tags | advisory
advisories | CVE-2018-6957
SHA-256 | c855fd3691af711f8a3438892cf670fdb873ba8ef7d5da21aa41f285a327f6ce
Android DRM Services Buffer Overflow
Posted Mar 15, 2018
Authored by Tamir Zahavi-Brunner

Android DRM services suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-13253
SHA-256 | efb1ce2739b233f90481dfd1618352f64557499ae57c7214a0748615c4651e39
WordPress Duplicator 1.2.32 Cross Site Scripting
Posted Mar 15, 2018
Authored by Stefan Broeder

WordPress Duplicator plugin version 1.2.32 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7543
SHA-256 | 402da38fca9c526b8fd552f7d50a017de799a50817b3f8996377dc7d62465f4d
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close