Twenty Year Anniversary
Showing 1 - 25 of 36 RSS Feed

Files Date: 2018-04-24

Debian Security Advisory 4179-1
Posted Apr 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4179-1 - This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).

tags | advisory, kernel
systems | linux, debian
MD5 | f6b58c5678eeaa3119a721e13de26997
Building A Simple Proxy Fuzzer For THe MQTT Protocol Using The Polymorph Framework
Posted Apr 24, 2018
Authored by Santiago Hernandez Ramos

Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.

tags | paper, protocol, fuzzer
MD5 | 9eca60d90eccec483d8294bf95607a9b
Red Hat Security Advisory 2018-1224-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1224-01 - PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-1106
MD5 | a1f0456f417285ec014bbfb5a743efe6
Allok Video To DVD Burner 2.6.1217 Buffer Overflow
Posted Apr 24, 2018
Authored by T3jv1l

Allok Video to DVD Burner version 2.6.1217 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | e84f653d9e0c186e3e46ae373cd23250
WordPress Woo Import Export 1.0 Arbitrary File Deletion
Posted Apr 24, 2018
Authored by Lenon Leite

WordPress Woo Import Export plugin version 1.0 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
MD5 | 93eb0614801caff53e9b984f9ae70470
Easy File Sharing Web Server 7.2 UserID Buffer Overflow
Posted Apr 24, 2018
Authored by Hashim Jawad

Easy File Sharing Web Server version 7.2 UserID remote buffer overflow exploit with DEP bypass.

tags | exploit, remote, web, overflow
advisories | CVE-2018-9059
MD5 | e650294e754a40ce8cacde9c9332bdb0
VLC Media Player/Kodi/PopcornTime Memory Corruption
Posted Apr 24, 2018
Authored by SivertPL

VLC Media Player/Kodi/PopcornTime versions prior to 2.2.5 Red Chimera memory corruption proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2017-8311
MD5 | 76999fc96e50dee4590b7015afd5908e
Bridging The Gap Between SIPR And NIPR Using KVM Switches
Posted Apr 24, 2018
Authored by debug.net

This paper documents a minor but somewhat easy way to compromise air gapped systems that share a kvm.

tags | paper
MD5 | dc6b2a5f7beae67e10dd8d98be983b41
Zyxel ZyWALL ZLD 4.30 Cross Site Scripting
Posted Apr 24, 2018
Authored by T. Weber | Site sec-consult.com

Zyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4ff1882ff71af9364621432c7b64502c
WSO2 Identity Server 5.3.0 Cross Site Scripting
Posted Apr 24, 2018
Authored by W. Schober | Site sec-consult.com

WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-8716
MD5 | e590388e507455de144b008b44f5c441
Red Hat Security Advisory 2018-1213-02
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 66effb3d212b94a7d5ef3d7b03018bb4
Ubuntu Security Notice USN-3633-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3633-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-16995
MD5 | cd1aaf13ff30c3ce6907068a0d37963f
Ubuntu Security Notice USN-3632-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-15129, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-8043
MD5 | 5397a8ba2d3c666978177acc78b70114
Ubuntu Security Notice USN-3631-2
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3631-2 - USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-13305, CVE-2017-16538, CVE-2018-1000004, CVE-2018-5750, CVE-2018-7566
MD5 | c4dd401b60a639a9f0744656fd3a38e6
Ubuntu Security Notice USN-3631-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3631-1 - It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13305, CVE-2017-16538, CVE-2018-1000004, CVE-2018-5750, CVE-2018-7566
MD5 | 6a4a387029da1343c93b40b5b9648c5b
Ubuntu Security Notice USN-3630-2
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3630-2 - USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-8043
MD5 | 3fa25615cd959407ed98d61763e57087
Ubuntu Security Notice USN-3630-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3630-1 - It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-8043
MD5 | e288769b9317316ee28688732bf95ae9
Linux/x86 Setuid Shell Shellcode
Posted Apr 24, 2018
Authored by absolomb

74 bytes small Linux/x86 cp /bin/sh /tmp/sh; chmod +s /tmp/sh shellcode.

tags | x86, shellcode
systems | linux
MD5 | 3ddc9eeb64e408e1b68c86ecbad57577
WordPress UK Cookie Consent 2.3.9 Cross Site Scripting
Posted Apr 24, 2018
Authored by B0UG

WordPress UK Cookie Consent plugin version 2.3.9 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10310
MD5 | b7003e3b4751da53cff83098d6cfb89a
Wuzhi CMS 4.1.0 Cross Site Request Forgery
Posted Apr 24, 2018
Authored by jiguang

Wuzhi CMS version 4.1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-10312
MD5 | 71d278802fe48ec4b4dec56e195d9494
Gentoo Linux Security Advisory 201804-22
Posted Apr 24, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-22 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.117 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-6085, CVE-2018-6086, CVE-2018-6087, CVE-2018-6088, CVE-2018-6089, CVE-2018-6090, CVE-2018-6091, CVE-2018-6092, CVE-2018-6093, CVE-2018-6094, CVE-2018-6095, CVE-2018-6096, CVE-2018-6097, CVE-2018-6098, CVE-2018-6099, CVE-2018-6100, CVE-2018-6101, CVE-2018-6102, CVE-2018-6103, CVE-2018-6104, CVE-2018-6105, CVE-2018-6106, CVE-2018-6107, CVE-2018-6108, CVE-2018-6109, CVE-2018-6110, CVE-2018-6111, CVE-2018-6112
MD5 | 511838cf23e6450b13068734ac86866b
Ubuntu Security Notice USN-3629-1
Posted Apr 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3629-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.22. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, CVE-2018-2762, CVE-2018-2766, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, CVE-2018-2775, CVE-2018-2776, CVE-2018-2777, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, CVE-2018-2816, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839
MD5 | d12b83d5008ce89be40bd55e8ff99809
MyBB Threads To Link 1.3 Cross Site Scripting
Posted Apr 24, 2018
Authored by 0xB9

MyBB Threads to Link plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 052cff4e12c3774b51fd0b1e0b5fde3c
Gentoo Linux Security Advisory 201804-21
Posted Apr 24, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-21 - A vulnerability has been found in librelp that may allow a remote attacker to execute arbitrary code. Versions less than 1.2.15 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-1000140
MD5 | 441da9390abb1e3d967aed3b3d89899a
Red Hat Security Advisory 2018-1200-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1200-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000156
MD5 | 4df6523dece120253a17691a49bf85b9
Page 1 of 2
Back12Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close