The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
56d11d9bd3d61b6edf7368636344ff72Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
40e0fc0c417670b30bccdf9097a9a547This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.
cbaf903a1f48babbbfdd55bd95607ccfQuest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
fa95a83ac5f5a79ab8497701933a0dc5PageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.
f546c86af37c8ecf22a4ff6e67b28d48TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.
1b77df6a795e8e20ad8f16e9b03958aaRed Hat Security Advisory 2018-1779-01 - Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Issues addressed include a deserialization vulnerability.
0948dc2b3ab5ef5de1187ae754f1d4bdNew STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
a856c03164de7ba7c99d58887aa40da0Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
65a109315e03b0c19b3e8846940cf2fdPHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.
d00ae116d2bf4184267f84bedd816657Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
4010dd1ed3cd225ed49a240fc59a47d5CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
387b49c32a6a09b2dbb4a8c47fbc3fadGrid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.
8d8b8bf5cf45f887aaa6526de8ac927dChitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.
01d3997d0b7256b35f025efec8244e34Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.
a576fba994d6ae7c1631a3475c0cc02cUbuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.
0c542d9aa0e59f4f0b5dae590c06df0bAXON PBX version 2.02 suffers from a cross site scripting vulnerability.
c7b7efaa05186b62f050f3c020baa340AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.
7513907aab36270c4e33dc6b00e1d9d4105 bytes small Linux/x86 bindshell shellcode that spawns on TCP/4444.
843af161ff8f5f667b5b1c61ca684affMicrosoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.
ae691da69a6f584e9d6f3d6f325cc89e32 bytes smalls Linux/ARM egghunter + /bin/sh shellcode.
620971f7d773b12daf101632c4d27f2e38 bytes small Linux/x86 egghunter + access() shellcode.
387772621eb89201ab1a444b0f1cfc2f
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed