Twenty Year Anniversary
Showing 1 - 17 of 17 RSS Feed

Files Date: 2018-05-09

Mantis manage_proj_page PHP Code Execution
Posted May 9, 2018
Authored by EgiX, Lars Sorenson | Site metasploit.com

Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.

tags | exploit, remote, php, code execution
advisories | CVE-2008-4687
MD5 | 1357cfcb1f87c0ce0787fbc307d1bb01
Ubuntu Security Notice USN-3643-2
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
MD5 | 88830325a9cffa4e4d8c7d1e3ed4f55e
Red Hat Security Advisory 2018-1367-01
Posted May 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1367-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4944
MD5 | b95a2412945add36ec7e6dcb234dfa13
Ubuntu Security Notice USN-3643-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
MD5 | b616005171ef8530b23e4f187e4abdfd
t2'18 Call For Papers
Posted May 9, 2018
Authored by //t2.fi | Site t2.fi

The t2'18 Call For Papers has been announced. It will take place October 25th through the 26th, 2018 in Helsinki, Finland.

tags | paper, conference
MD5 | df30ce4b46b221596a408d208f4749cc
Ubuntu Security Notice USN-3642-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3642-1 - Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-1059
MD5 | 59ce4fa456c0be9a1bb3f8cc80b24a20
Red Hat Security Advisory 2018-1364-01
Posted May 9, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1364-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a ns-slapd crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-1089
MD5 | 93da4a62de621951b32b347665c2b77d
Microsoft Windows FxCop 12 XXE Injection
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.

tags | exploit, local
systems | windows, 7, 10
MD5 | e4970e9fdb7dbc2ea52471b6d0a8c531
Easy Hosting Control Panel 0.37.12.b Unverified Password Change
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.

tags | exploit
advisories | CVE-2018-6617
MD5 | 791e45e8fcd14b89a834a308b18cccde
Easy Hosting Control Panel 0.37.12.b Clear-Text Password Storage
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a clear-text password storage vulnerability.

tags | exploit
advisories | CVE-2018-6618
MD5 | 6e7d491189d0efa9d471a5da0de2a069
Easy Hosting Control Panel 0.37.12.b Insecure Cryptography
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from an insecure cryptography vulnerability.

tags | exploit
advisories | CVE-2018-6619
MD5 | 2956ee490bcd7d4912aa51b2ecb60372
Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2018-6458
MD5 | 0a8f15401bb9cce8379d7f12c69069b1
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Cookie Theft
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to steal the cookie.

tags | exploit, xss
advisories | CVE-2018-6362
MD5 | f74bbe3371ad692d1039c540fe5a5060
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Add FTP Account
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to add a backdoor FTP account.

tags | exploit, xss
advisories | CVE-2018-6361
MD5 | 966a2022afa674527a1084c1d9a1eedf
Kernel Live Patch Security Notice LSN-0038-1
Posted May 9, 2018
Authored by Benjamin M. Romer

On May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.

tags | advisory, kernel
systems | linux
advisories | CVE-2018-1087, CVE-2018-8897
MD5 | 2fffde47d47abae2cb1a8834a15b901f
Debian Security Advisory 4196-1
Posted May 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-1087, CVE-2018-8897
MD5 | 9b8a4b9bc03f27c6ba86c8131ab8bebe
Linux/x86 TCP/9443 Bindshell Shellcode
Posted May 9, 2018
Authored by Amine Kanane

113 bytes small Linux/x86 bindshell forking null-free shellcode for TCP/9443.

tags | x86, tcp, shellcode
systems | linux
MD5 | 1d7c353245f7ee1d017285c4d7912ba9
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    24 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close