Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-05-01

Red Hat Security Advisory 2018-1235-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1235-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
MD5 | b9d1ef27a741ac9e2b9b7fb934bbfe68
macOS Double mach_port_deallocate In kextd
Posted May 1, 2018
Authored by Google Security Research, ianbeer

macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.

tags | exploit
advisories | CVE-2018-4139
MD5 | 3ed950f3129994df12395fa85baf3812
macOS/iOS ReportCrash Mach Port Replacement
Posted May 1, 2018
Authored by Google Security Research, ianbeer

macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.

tags | exploit
systems | cisco, ios
advisories | CVE-2018-4206
MD5 | afd5e9434d99e4e48e8d1ec634a2c115
Linux RNG Flaws
Posted May 1, 2018
Authored by Google Security Research, jannh

There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot.

tags | exploit
advisories | CVE-2018-1108
MD5 | 93e3958beacb3afdef525c4ced0c559b
SourceTree For Windows Argument Injection
Posted May 1, 2018
Site atlassian.com

SourceTree for Windows versions prior to 2.5.5.0 suffer from an argument injection vulnerability via Mercurial tag names.

tags | advisory
systems | windows
advisories | CVE-2018-5226
MD5 | cd0bb2b6372bc9c1141ca2d3c6033f3a
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
MD5 | 35af2b53d57b81fe5f7927312787ad3f
xdebug Unauthenticated OS Command Execution
Posted May 1, 2018
Authored by Mumbai, Shaksham Jaiswal, Ricter Zheng | Site metasploit.com

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

tags | exploit, web, arbitrary, php
MD5 | f41618034e1f76ddd17f42794e9dc6c3
Red Hat Security Advisory 2018-1231-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1231-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include an improper path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
MD5 | 53c040ad0e2e9c156f24086ef61c72a7
Debian Security Advisory 4186-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4186-1 - It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

tags | advisory, web
systems | linux, debian
advisories | CVE-2018-1000164
MD5 | fa0fbddffa00a407fa0bb9f6c837cd1e
Debian Security Advisory 4185-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4185-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | 5671a7d29a470a3d6ff207a9cb9ca89c
Metasploit msfd Remote Code Execution Via Browser
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.

tags | exploit, web, javascript, tcp
systems | windows
MD5 | 9424518a3a5f452ec2a431c5b398c292
Debian Security Advisory 4184-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4184-1 - Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-14448, CVE-2017-14450, CVE-2017-2887, CVE-2018-3837, CVE-2018-3838, CVE-2018-3839
MD5 | 35d719a54f7c00bb7862d3ab1a60ef92
Metasploit msfd Remote Code Execution
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege escalation. In that case, port forwarding on the compromised host can be used. Code execution is achieved with the msfconsole command: irb -e 'CODE'.

tags | exploit, remote, local, tcp, code execution
MD5 | 21ee676f717921fe2b762176515eb4cd
Red Hat Security Advisory 2018-1229-01
Posted May 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1229-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1102
MD5 | 452e409675ca17f72a8d191d01f817c9
WordPress Responsive Cookie Consent 1.7 / 1.6 / 1.5 Cross Site Scripting
Posted May 1, 2018
Authored by B0UG

WordPress Responsive Cookie Consent versions 1.5, 1.6, and 1.7 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10309
MD5 | 7058fdd80bf3d3a8aa6a7a069936d20c
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close