what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-04-02

OpenSSH 7.7p1
Posted Apr 2, 2018
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
SHA-256 | d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
Debian Security Advisory 4163-1
Posted Apr 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4163-1 - It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-0492
SHA-256 | 3fece1677cfb826015a103052e62ca45ac5a9ceb696632f41906192942570f50
Ubuntu Security Notice USN-3614-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.

tags | advisory, java, remote, spoof
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 65f8a0d0aab5a2c6072e2706dcbe72635130ec35592468e4424476e34701f86f
Ubuntu Security Notice USN-3613-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3613-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 928013bd5e1ee1d64cc4573070b7f35cde515ccf144ffe9f8098bc389a7993d3
Kernel Live Patch Security Notice LSN-0036-1
Posted Apr 2, 2018
Authored by Benjamin M. Romer

Wi-Fi Protected Access (WPA and WPA2) allows re-installation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-13080, CVE-2017-16995
SHA-256 | 3fde9377ed3b41ddea90371b60b3d05b2204d2683198fbcab8cd5b1e3776aaa3
ShoprLynx 9.2.3 Insecure File Permissions
Posted Apr 2, 2018
Authored by LiquidWorm | Site zeroscience.mk

ShoprLynx version 9.2.3 suffers from an insecure file permissions vulnerability.

tags | exploit
SHA-256 | e362c0fdeab4aa963f6d3d8e506c6aab6089a896ea133ec97cb690904febaace
OpenCMS 10.5.3 Cross Site Request Forgery
Posted Apr 2, 2018
Authored by Sureshbabu Narvaneni

OpenCMS version 10.5.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-8811
SHA-256 | 84469fe852f9d6f4971d524232b31b0a4cba522491047c40d096c683fb691aea
OpenCMS 10.5.3 Cross Site Scripting
Posted Apr 2, 2018
Authored by Sureshbabu Narvaneni

OpenCMS version 10.5.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-8815
SHA-256 | 4f095bb724fa8f4604f38b620e3786cd239c7da362337cb2c9ee97b610f5e404
Packet Storm New Exploits For March, 2018
Posted Apr 2, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 149 exploits added to Packet Storm in March, 2018.

tags | exploit
SHA-256 | 71771db4bbf6cafbfb21fb4a9ecf8f271a0382abab4130979bb2a238430a3c2c
Secutech RiS-11/RiS-22/RiS-33 5.07.52_es_FRI01 Remote DNS Changer
Posted Apr 2, 2018
Authored by Todor Donev

Secutech RiS-11/RiS-22/RiS-33 version 5.07.52_es_FRI01 remote DNS changer proof of concept exploit.

tags | exploit, remote, proof of concept
SHA-256 | 66b4d40310e015f02050ba629ca94d214670eab09db9aec79b5f331b07ba3234
Ubuntu Security Notice USN-3587-2
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3587-2 - USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-14461, CVE-2017-15130
SHA-256 | c1f6d6e6682487d0c9dcfa66fa41c4337fa8d5078553630d242b82e7cbd1dc0d
Debian Security Advisory 4160-1
Posted Apr 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4160-1 - It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.

tags | advisory, denial of service, arbitrary
systems | linux, windows, debian
advisories | CVE-2018-8754
SHA-256 | 9eaa66293fda7fa8042a915427c6ee38ac9809f1c6a5a55487cf94548b5b9f7a
ifchk 1.1.0
Posted Apr 2, 2018
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 94a86b57df925c74b1a5b9955b8844d13c666e34bcd266915a8d7858206c495b
Chameleon Mini Smartcard Emulator Iceman Fork Rebooted Blue GUI 1.1
Posted Apr 2, 2018
Authored by Christian Herrmann | Site github.com

This is a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.

Changes: Multiple new features added including user-friendly dump file management and improved GUI layout.
tags | tool
systems | unix
SHA-256 | fc5f907db7dcd23c2e6445c581a2f27b7cef8a195847fe0d6c060e93892e6cc0
WampServer 3.1.2 Cross Site Request Forgery
Posted Apr 2, 2018
Authored by Vipin Chaudhary

WampServer version 3.1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-8817
SHA-256 | a61fd8d4b853201a8bbcbab7fb2f6882611630adb4c48116300c0c51b0e7bf12
WebLog Expert Enterprise 9.4 Privilege Escalation
Posted Apr 2, 2018
Authored by bzyo

WebLog Expert Enterprise version 9.4 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 3346dbee613df2f8df502bbfbd82ef8b54562fd90c2c7aa62a6f03b938b6b862
IBM Virtual Security Operations Center (VSOC) Cross Site Scripting
Posted Apr 2, 2018
Authored by Kushal Jaisingh

IBM Virtual Security Operations Center (VSOC) suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7c759331e428cec81e550f4a974a9bfce4235b230901e6a5f088e75e3bb78851
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close