exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-05-01

Red Hat Security Advisory 2018-1235-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1235-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
SHA-256 | d4389ff99978d7c5f9b988f2c837a103388a061ab00a07c9bddbf91b11145e35
macOS Double mach_port_deallocate In kextd
Posted May 1, 2018
Authored by Google Security Research, Ian Beer

macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.

tags | exploit
advisories | CVE-2018-4139
SHA-256 | 3ddb3eed2c7396dd51ab0e7ff9f7a7b3a4392e5bd040e466a63d30befb46062a
macOS/iOS ReportCrash Mach Port Replacement
Posted May 1, 2018
Authored by Google Security Research, Ian Beer

macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.

tags | exploit
systems | cisco, ios
advisories | CVE-2018-4206
SHA-256 | 2cd4e635bdd91862b3c2bfd770e7f8bd4e4eca619058739936bbf85ce351d526
Linux RNG Flaws
Posted May 1, 2018
Authored by Jann Horn, Google Security Research

There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot.

tags | exploit
advisories | CVE-2018-1108
SHA-256 | 41bc2ae3426effa1ed930226dd44577a803172d383adac4215a479f019df9422
SourceTree For Windows Argument Injection
Posted May 1, 2018
Site atlassian.com

SourceTree for Windows versions prior to 2.5.5.0 suffer from an argument injection vulnerability via Mercurial tag names.

tags | advisory
systems | windows
advisories | CVE-2018-5226
SHA-256 | 2b5b7eb1bcdb0a9f7cb455ea33f78b2265b5309e537a781993644d5e923ec9cb
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
SHA-256 | 16307c2a076e6eedaa5e405c5a3f96d724981d8afd372bf9e6385efaff3fb94f
xdebug Unauthenticated OS Command Execution
Posted May 1, 2018
Authored by Mumbai, Shaksham Jaiswal, Ricter Zheng | Site metasploit.com

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

tags | exploit, web, arbitrary, php
SHA-256 | a94a19cfaf669742a83aa9ced9e5f3db211d2e4e73a6dab97341c79d196c8536
Red Hat Security Advisory 2018-1231-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1231-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include an improper path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
SHA-256 | 1e7d3c302f733cb79e9c2357529d9d2c0883d0af287784ce033a52c9f2e003cb
Debian Security Advisory 4186-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4186-1 - It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

tags | advisory, web
systems | linux, debian
advisories | CVE-2018-1000164
SHA-256 | a1b247830a9eeaf020ed67529b835738e82d75b38c2d3592d56e2ebd4954a365
Debian Security Advisory 4185-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4185-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
SHA-256 | 4b50e9d98efd4b23a87cb5dbfd928c095176bb7fb220d433ff5d2a7e1b55123a
Metasploit msfd Remote Code Execution Via Browser
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.

tags | exploit, web, javascript, tcp
systems | windows
SHA-256 | 2283d21a12adcde1dea6e6565afc46a8aa7c6a4fd20f6bfac31c37d5d71ee15d
Debian Security Advisory 4184-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4184-1 - Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-14448, CVE-2017-14450, CVE-2017-2887, CVE-2018-3837, CVE-2018-3838, CVE-2018-3839
SHA-256 | 759bbb6bf0bf5bef7267fa1dee058e05a7581edfd381241e7193df67d0643cdb
Metasploit msfd Remote Code Execution
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege escalation. In that case, port forwarding on the compromised host can be used. Code execution is achieved with the msfconsole command: irb -e 'CODE'.

tags | exploit, remote, local, tcp, code execution
SHA-256 | 6bccc2cde5d85bcb357aadc94add34850f268af7b41e4e2cf8b65a54a15af6cc
Red Hat Security Advisory 2018-1229-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1229-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
SHA-256 | 742805308726e233aec40d69826ac2b628303bdf73a313da2ca4356da9736098
WordPress Responsive Cookie Consent 1.7 / 1.6 / 1.5 Cross Site Scripting
Posted May 1, 2018
Authored by B0UG

WordPress Responsive Cookie Consent versions 1.5, 1.6, and 1.7 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10309
SHA-256 | 384eb5a5a15c2dc1c9b4202fa3511206c0ecf08d5292bbe8d20e4d4163668611
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close