Twenty Year Anniversary
Showing 1 - 14 of 14 RSS Feed

Files Date: 2018-04-13

Dell EMC ViPR Controller Information Exposure
Posted Apr 13, 2018
Site emc.com

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.

tags | advisory, denial of service
systems | linux
advisories | CVE-2018-1240
MD5 | 992df8898aa5f64ef943c973fdbfb630
Red Hat Security Advisory 2018-1119-01
Posted Apr 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
MD5 | 97c46db1b7ffc040e97c629c2eacc01c
Ubuntu Security Notice USN-3621-2
Posted Apr 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076
MD5 | 57f2b3916aee211add479cb8a0f21e74
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.

tags | advisory
advisories | CVE-2018-1037
MD5 | d849542e466fa2029f4baafccd269c5f
Smashing Smart Contracts
Posted Apr 13, 2018
Authored by Bernhard Mueller

This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.

tags | paper
MD5 | 689b059f5f52ffa4211e9e02e8310af5
Drupal Drupalgeddon2 Remote Code Execution Ruby Port
Posted Apr 13, 2018
Authored by Hans Topo

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.

tags | exploit, remote, code execution, proof of concept, ruby
advisories | CVE-2018-7600
MD5 | 4d773afb5cb3f718d378c710534bcb27
KETAMINE: SecureRandom() Weakness
Posted Apr 13, 2018

A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.

tags | advisory, javascript
MD5 | 893d474d121cd29fb6bb8f8f0d4d294c
Drupal Drupalgeddon2 Remote Code Execution
Posted Apr 13, 2018
Authored by Vitalii Rudnykh

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-7600
MD5 | b2dc76bf877508945ce84372e88f3422
XSSer Penetration Testing Tool 1.7-2
Posted Apr 13, 2018
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Fixed SSL. Updated search engines. Various other updates and fixes.
tags | tool, scanner
systems | unix
MD5 | 86cfb5f7fa0e0b0bd34f11ea026b474d
HP Security Bulletin MFSBGN03802 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 1e97454b4f308933230d0c0de9745194
HP Security Bulletin MFSBGN03803 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03803 1 - A potential security vulnerability has been identified in Micro Focus UCMDB. The vulnerability could be remotely exploited to Local Escalation of Privilege. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2018-6491
MD5 | 288a5d5657c749166f1cc5710c608eeb
MikroTik 6.41.4 Denial Of Service
Posted Apr 13, 2018
Authored by Hosein Askari

MikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2018-10070
MD5 | e3b2dcdbb7ffa4eb4625fb0a60e4fdc6
Appear TV XC Hardware Maintenance Centre Directory Traversal
Posted Apr 13, 2018
Authored by IS Threat Team

Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7539
MD5 | 1c1b1d52d1d18ad5702c3a09e4ccf1f4
Strong Password Generator Biased Randomness
Posted Apr 13, 2018
Authored by Sean Buckley

Chrome's "Strong Password Generator" extension suffers from a weakness with password generation.

tags | advisory
MD5 | 5e29388124a726e14711a14f4531c0ab
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close