exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2018-04-19

Ubuntu Security Notice USN-3628-2
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-2 - USN-3628-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
SHA-256 | b97eef64acda8f70ac874f053e082d5142efeacf22be47d9cfa82d52b78aea64
Ubuntu Security Notice USN-3628-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-1 - Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
SHA-256 | 2b906fe54f8dc8733e2e48459df788f7e92245ff6eede0444543bfe996334f6d
Ubuntu Security Notice USN-3627-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3627-1 - Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
SHA-256 | 0003185aef4aed0ee0f79ef7b8f8e057cba6234b38944be6624baead979ec72e
Seagate Media Server SRN21C Cross Site Scripting
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffers from a persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e781553767030bf98f0d576bce042a246fa79981a84c0cfb754a87a6669dfce7
Seagate Media Server Path Traversal
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 5ef896e7b37cb5ccba017088977b813090cb4b99b1764b4ea351316ab3dd7a44
Seagate Personal Cloud SRN21C Arbitrary File Move
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 allows for moving of arbitrary files.

tags | exploit, arbitrary
SHA-256 | c10b30b886d514c80a6e95c583657ad577f538056af82102f47d7c966c1721fd
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 19, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.

tags | advisory
advisories | CVE-2018-1037
SHA-256 | 67f82a1876aa156150a7467663f85a7653e7785886519ee8ad4d47577ccc56db
Stegano 0.8.5
Posted Apr 19, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed an encoding problem which occurred on Windows during the installation of the module.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | af26659ba175b39284a2e0bb8fbfd5989779445524ab6aef258ff7fb2ec0f2cb
Ansvif 1.9.1
Posted Apr 19, 2018
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This version is a bugfix release that includes lots of error handling.
tags | tool, fuzzer
systems | unix
SHA-256 | 11210463d7d354962165bf3887b2384b20d757d1e57785e6996cdb17c9a257d9
Linux x86 TCP Port 1337 Bindshell Shellcode
Posted Apr 19, 2018
Authored by Anurag Srivastava

92 bytes small Linux x86 tcp/1337 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | 835acf809be1380ac656b9b529139a3473867cc3cefdbf9059dc70bc2b6827d4
Microsoft Windows WLDP CLSID Policy .NET COM Instantiation UMCI Bypass
Posted Apr 19, 2018
Authored by James Forshaw, Google Security Research

The enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
systems | windows
SHA-256 | 6472ee6172948afddeda0672cf9b60975d9a244ee152920a06d2b4c956e58bbf
Slackware Security Advisory - gd Updates
Posted Apr 19, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gd packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-6362, CVE-2017-7890
SHA-256 | 86ee3d5531e8cde7c3307d3b31bdfee75b677158c29f40f0859bc58b0eee5eea
Digital Guardian Management Console 7.1.2.0015 XXE Injection
Posted Apr 19, 2018
Authored by Pawel Gocyla

Digital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2018-10175
SHA-256 | 7cec0fd3e8efd19ae243d045d84667f65746f0c3315377e8314d97b5817a1fc7
Digital Guardian Management Console 7.1.2.0015 Server Side Request Forgery
Posted Apr 19, 2018
Authored by Pawel Gocyla

Digital Guardian Management Console version 7.1.2.0015 suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2018-10174
SHA-256 | f1b0b22b704b5604dddfeb0b710a6726a23262722923f328e058f820cb584add
Lutron Quantum 3.2.243 Information Disclosure
Posted Apr 19, 2018
Authored by David Castro

Lutron Quantum versions 2.0 through 3.2.243 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 6328339a48c0fa2a65575ff54b997e175b5acc99ddbc3b76945e34e07a2fad96
WordPress Caldera Forms 1.5.9.1 Cross Site Scripting
Posted Apr 19, 2018
Authored by Federico Scalco

WordPress Caldera Forms plugin version 1.5.9.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7747
SHA-256 | 5ba544e8afc1bd3b2ce994ab5600e72cb1ca79a17152a722178a125e25528c4e
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 19, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1035.

tags | advisory
advisories | CVE-2018-1035
SHA-256 | f4acc3da4f77a4a78872a6c2a54dc7190ec69bda8788cb5eb7c8a24535d28999
Facebook Graph Groups Crosswalk User Metadata Mapping Weakness
Posted Apr 19, 2018
Authored by Todor Donev

Facebook Graph groups crosswalk user's metadata mapping weakness demo proof of concept script.

tags | exploit, proof of concept
SHA-256 | 2fec004a3acc305a371175f91db5554d47f38b1459d46aea1e5a5eeda02760fb
Joomla JS Jobs 1.2.0 Cross Site Request Forgery
Posted Apr 19, 2018
Authored by Sureshbabu Narvaneni

Joomla JS Jobs component version 1.2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7567b0061def93cea876d101656abf7f8c7e7f1e0377907414e206e95519fad6
Geist WatchDog Console 3.2.2 XSS / XML Injection / Insecure Permissions
Posted Apr 19, 2018
Authored by bzyo

Geist WatchDog Console version 3.2.2 suffers from cross site scripting, XML external entity injection, and insecure file permission vulnerabilities.

tags | exploit, vulnerability, xss, xxe
advisories | CVE-2018-10077, CVE-2018-10078, CVE-2018-10079
SHA-256 | d918f241ee6c7025f29ccf1f1cb519560eb23c715777ff59995bc0cdf7a81280
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close