what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-05-09

Mantis manage_proj_page PHP Code Execution
Posted May 9, 2018
Authored by EgiX, Lars Sorenson | Site metasploit.com

Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.

tags | exploit, remote, php, code execution
advisories | CVE-2008-4687
SHA-256 | bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbeb
Ubuntu Security Notice USN-3643-2
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | 2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908
Red Hat Security Advisory 2018-1367-01
Posted May 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1367-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4944
SHA-256 | 6746edefeda3dc5f46a3a988882fb23abb9a39be3320b013002753b5735b331b
Ubuntu Security Notice USN-3643-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194
t2'18 Call For Papers
Posted May 9, 2018
Site t2.fi

The t2'18 Call For Papers has been announced. It will take place October 25th through the 26th, 2018 in Helsinki, Finland.

tags | paper, conference
SHA-256 | d86ebebe30e3915de42951a12bd66a55fcf5fcb4bd942d990994fe5547c3f4a8
Ubuntu Security Notice USN-3642-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3642-1 - Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-1059
SHA-256 | 08e6165a0e06d26de942f15ce22ab0662f9668980fd003df685f4033c97fca69
Red Hat Security Advisory 2018-1364-01
Posted May 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1364-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a ns-slapd crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-1089
SHA-256 | d05b2c0a4545572bcf49fef48379e3e9d41eeaaa1fec555d0fe178253ec17339
Microsoft Windows FxCop 12 XXE Injection
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.

tags | exploit, local
systems | windows
SHA-256 | 529e37622cb8b9a8c7ff1df46c0f23167d4d261569eec1722cd310507eb17b47
Easy Hosting Control Panel 0.37.12.b Unverified Password Change
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.

tags | exploit
advisories | CVE-2018-6617
SHA-256 | 6b9c2fb76cb2b2e1b5b400414e61b2bf2bf5bfced4755d05b2ca17ff0c94490c
Easy Hosting Control Panel 0.37.12.b Clear-Text Password Storage
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a clear-text password storage vulnerability.

tags | exploit
advisories | CVE-2018-6618
SHA-256 | 1c215b802e217d75ea942c972e7bec45f141b5f896ddc956d47e80412dacf3da
Easy Hosting Control Panel 0.37.12.b Insecure Cryptography
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from an insecure cryptography vulnerability.

tags | exploit
advisories | CVE-2018-6619
SHA-256 | 687d246182ae3672c456fe67465befb2213e45306ceba378cd7184753e4c3db7
Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2018-6458
SHA-256 | ddd48bb3bcd858b591a5ba8418dc05789be98692830c6205c8a540e4ad205676
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Cookie Theft
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to steal the cookie.

tags | exploit, xss
advisories | CVE-2018-6362
SHA-256 | 61246ca67241380fbb3cf68fbfbd65cd27a9c327ff9125e7f8cd3a8234b67333
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Add FTP Account
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to add a backdoor FTP account.

tags | exploit, xss
advisories | CVE-2018-6361
SHA-256 | efa2eac7432c41578c130f45589ae285362ea92d776fd1be1470c47380d3c2e7
Kernel Live Patch Security Notice LSN-0038-1
Posted May 9, 2018
Authored by Benjamin M. Romer

On May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.

tags | advisory, kernel
systems | linux
advisories | CVE-2018-1087, CVE-2018-8897
SHA-256 | 0ed9608f57e15a5b058be5eb06c92f72ea884cf0e997d30b7285a27811e380ab
Debian Security Advisory 4196-1
Posted May 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-1087, CVE-2018-8897
SHA-256 | 93cc48d260bc7594d1b33464cbeae85c8108f7abd086bf698c5a407b0654ccb2
Linux/x86 TCP/9443 Bindshell Shellcode
Posted May 9, 2018
Authored by Amine Kanane

113 bytes small Linux/x86 bindshell forking null-free shellcode for TCP/9443.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | b04bdb837a2ff84a3bb3deb229558fd9c8358cdbe9ec0a081b72bdfe56b0bf9f
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close