Twenty Year Anniversary
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-04-04

Flawfinder 2.0.6
Posted Apr 4, 2018
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Small fixes. Updated cwe.mitre.org URLs to use https.
tags | tool
systems | unix
MD5 | ba8ad461c8b30c04dcade87f6c1857cf
Ubuntu Security Notice USN-3620-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-1 - It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332
MD5 | 92be1e1f7075a80057dfacd0385d5b15
Ubuntu Security Notice USN-3619-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129, CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807
MD5 | 4b540e0a4bb9cc36651e6f4f0e104441
PMS 0.42 Stack-Based Buffer Overflow
Posted Apr 4, 2018
Authored by Juan Sacco

PMS version 0.42 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 040caf5340322857b30d22ea4686e161
Ubuntu Security Notice USN-3617-3
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
MD5 | ed5fa39c4b9b0eef37fe4bb6bca68670
KeePass Simple Dictionary Password Enumerator
Posted Apr 4, 2018
Authored by Todor Donev

This is a simple perl script to perform dictionary attacks against the KeePass password manager.

tags | cracker, perl
MD5 | e2e787dabb8d179b58974a368b36d65f
Ubuntu Security Notice USN-3618-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-7225
MD5 | 2737863066439e52d3e9ef732a321ce1
FiberHome VDSL2 Modem HG 150-UB Login Bypass
Posted Apr 4, 2018
Authored by Noman Riffat

FiberHome VDSL2 Modem HG 150-UB suffers from a login bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-9248
MD5 | cc018f464eed5329f3febb11bd5f1fe7
FreeBSD Security Advisory - FreeBSD-SA-18:05.ipsec
Posted Apr 4, 2018
Authored by Maxime Villard | Site security.freebsd.org

FreeBSD Security Advisory - The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.

tags | advisory, remote, arbitrary
systems | freebsd
advisories | CVE-2018-6918
MD5 | d7bfefe5e014e4d4be99e8fd294dc2dc
FreeBSD Security Advisory - FreeBSD-SA-18:04.vt
Posted Apr 4, 2018
Authored by Dr Silvio Cesare of InfoSect | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Unprivileged users may be able to access privileged kernel data. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, overflow, arbitrary, kernel
systems | freebsd
advisories | CVE-2018-6917
MD5 | 95dfa2586849e8c84b5f22b2340cdc03
Microsoft Sharepoint 14.x Cross Site Scripting
Posted Apr 4, 2018
Authored by Mostafa Gharzi

Microsoft Sharepoint version 14.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a03ce9730e95243aa47abaea9ef193d2
Adobe Flash 28.0.0.137 Remote Code Execution
Posted Apr 4, 2018
Authored by SyFi

Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-4878
MD5 | d2fd29c4f918f11dabd7bb253cc87a3f
Sophos Endpoint Protection 10.7 Insecure Cryptography
Posted Apr 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.

tags | exploit
advisories | CVE-2018-9233
MD5 | 17d6f74a89bfb18403ee901bf2ed270d
Sophos Endpoint Protection 10.7 Tamper Protection Bypass
Posted Apr 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-4863
MD5 | 81f02a8434690f8501645852069a7be1
Debian Security Advisory 4165-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-8763, CVE-2018-8764
MD5 | a66e7ec3056ac8043de009300dea5eec
Debian Security Advisory 4164-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | fb946d3e3116932e603a89dd798a5449
MPEngine UnRAR Inherited Flaw
Posted Apr 4, 2018
Authored by Thomas Dullien, Google Security Research

Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code and has a vulnerability that has since been patched in newer versions of unrar.

tags | exploit
MD5 | 1d20cff34936c67b825e496b10f33391
Red Hat Security Advisory 2018-0627-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | 428bcf1a0a010f5a3ead3ec63c5029a5
Red Hat Security Advisory 2018-0628-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e1d67fdcd01f4ba9fb1c3c5049f971c3
Red Hat Security Advisory 2018-0630-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e3e4359b66403d866b5f8acee8ca0e16
Red Hat Security Advisory 2018-0629-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e4524e76320f4a722ea9570e595d4473
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close