Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-06-08

Slackware Security Advisory - gnupg2 Updates
Posted Jun 8, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-12020
MD5 | dcd3c89e67645bad6c930734f319fb50
Debian Security Advisory 4224-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12020
MD5 | f5973ec905525583de23dde81261f20a
Debian Security Advisory 4220-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-6126
MD5 | 34f809c7056ae15863580c0c5e59f50b
Debian Security Advisory 4221-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

tags | advisory
systems | linux, debian
advisories | CVE-2018-7225
MD5 | b668ecf77da8dd39c9441c42729dccf6
XiongMai uc-httpd 1.0.0 Buffer Overflow
Posted Jun 8, 2018
Authored by Andrew Watson

XiongMai uc-httpd version 1.0.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10088
MD5 | 7b87f4eb5b80827de291ae3fc2feb821
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
Posted Jun 8, 2018
Authored by Martin Heiland

OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.

tags | exploit, spoof, vulnerability, xss
advisories | CVE-2017-17062, CVE-2018-5751, CVE-2018-5752, CVE-2018-5753, CVE-2018-5754, CVE-2018-5755, CVE-2018-5756
MD5 | 17c9e0a5fb461f27f24ee61b974f87d2
libfsntfs 20180420 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

tags | exploit, remote, denial of service, info disclosure
advisories | CVE-2018-11727, CVE-2018-11728, CVE-2018-11729, CVE-2018-11730, CVE-2018-11731
MD5 | 6132da62fdca584c80ea9437df68f9c9
libmobi 0.3 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

tags | exploit, remote, denial of service, overflow, info disclosure
advisories | CVE-2018-11724, CVE-2018-11725, CVE-2018-11726
MD5 | 537e3b6c23c3eea6ae41edbdf93d5eb0
libpff 2018-04-28 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.

tags | exploit, remote, overflow, info disclosure
advisories | CVE-2018-11723
MD5 | 8efc665587cacf8ea6dace06cba8a2a2
GNU Privacy Guard 2.2.8
Posted Jun 8, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Updated Russian translation. Multiple bug fixes and code improvements added.
tags | tool, encryption
MD5 | 0db6d8ec569e260435a7d2bfb2ecfe5c
Debian Security Advisory 4219-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

tags | advisory, java, denial of service, arbitrary, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079
MD5 | 7d3ba91bea7cc4af627f93c7f93e2120
STMicroelectronics DVB Chipset Reverse Engineering
Posted Jun 8, 2018
Authored by Adam Gowdiak | Site security-explorations.com

This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.

tags | exploit
MD5 | a5d20c1e900110611b12feb7de976edb
OfficeScan XG 11.0 Unauthorized Change Prevention Bypass
Posted Jun 8, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

OfficeScan XG version 11.0 suffers from an unauthorized change prevention bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-10507
MD5 | e3ce9faee8d067f82b6d929d3dff7cda
Gnome Web (Epiphany) Denial Of Service
Posted Jun 8, 2018
Authored by ldpreload

Gnome Web (Epiphany) versions prior to 3.28.2.1 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | d3c2ffda37aa1d92f713a3b69dc9056a
Joomla 2.4.0 Gridbox Cross Site Scripting
Posted Jun 8, 2018
Authored by Yavuz Atlas

Joomla versions 2.4.0 and below suffer from a cross site scripting vulnerability in the Gridbox extension.

tags | exploit, xss
advisories | CVE-2018-11690
MD5 | a67e61410dc53b192fa83ce0ba67d2d0
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
Posted Jun 8, 2018
Authored by EdTech Secure

The ClassLink OneClick browser extension and the ClassLink Agent are vulnerable to universal cross site scripting and remote code execution.

tags | exploit, remote, code execution, xss
MD5 | e8835af6f7679093a0b4696ac326601b
ESPN Cross Site Scripting
Posted Jun 8, 2018
Authored by Ismail Doe

ESPN's CDN suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cb6c8b895a34118ac66e8eb571793e21
Red Hat Security Advisory 2018-1812-01
Posted Jun 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1812-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include deserialization, insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | 1d254b7e93a47338803be926e0f6afdf
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close