Twenty Year Anniversary
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-06-11

Ubuntu Security Notice USN-3675-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-1 - Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-12020, CVE-2018-9234
MD5 | 8892b2e9f917af8dd1d4c8b056a3f11e
Asterisk Project Security Advisory - AST-2018-008
Posted Jun 11, 2018
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

tags | advisory
MD5 | 0d32ecb64f2f13ae1afa46c553ade032
Asterisk Project Security Advisory - AST-2018-007
Posted Jun 11, 2018
Authored by Sean Bright | Site asterisk.org

Asterisk Project Security Advisory - When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying to read the data stream. Thus rendering the system as unusable.

tags | advisory, tcp
MD5 | 128c0dfe088bcd61f964d066fe306cc1
Ubuntu Security Notice USN-3674-2
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-2 - USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
MD5 | 5559e14a261b2b1caff2653f93380832
Ubuntu Security Notice USN-3674-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the RDS protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
MD5 | 7580ee1c4975048c3bd3f4059fd6b003
VMware Security Advisory 2018-0015
Posted Jun 11, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2018-6968
MD5 | 53f0174658961594f804ce535c307bfc
Red Hat Security Advisory 2018-1824-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1824-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.113. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
MD5 | bd00b72f046ea26ab35c62b79c8be81f
Red Hat Security Advisory 2018-1825-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1825-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.79. Issues addressed include an incorrect handling of the CSP header.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6148
MD5 | a1c29eb17da946adec9d13431a55e6d3
Red Hat Security Advisory 2018-1820-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1820-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | f3265d3934ea0e480269e827b51970c2
Splunk 6.2.3 / 7.0.1 Information Disclosure
Posted Jun 11, 2018
Authored by KoF2002

Splunk versions 6.2.3 through 7.0.1 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-11409
MD5 | 404164fd30bf60e95bc74b23f1b9106f
userSpice 4.3.24 Username Enumeration
Posted Jun 11, 2018
Authored by Dolev Farhi

userSpice version 4.3.24 suffers from a username enumeration vulnerability.

tags | exploit
MD5 | 17be15fe8153f38e23cc6eb9a86bb0fb
userSpice 4.3.24 X-Forwarded-For Cross Site Scripting
Posted Jun 11, 2018
Authored by Dolev Farhi

userSpice version 4.3.24 suffers from an X-Forwarded-For cross site scripting vulnerability.

tags | exploit, xss
MD5 | f90ee22ae03760a89717e5646e6d5f92
Schools Alert Management Script Arbitrary File Delete
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-12053
MD5 | 6cc245a57e784529f9b7a0b8e525530c
Joomla Ek Rishta 2.10 SQL Injection
Posted Jun 11, 2018
Authored by 41!kh4224rDz

Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 78cb8cc542cecb8f3d59e370eaf40e86
Event Manager Admin Panel events_new.php SQL Injection
Posted Jun 11, 2018
Authored by telahdihapus

The Event Manager PHP Script admin panel suffers from a remote SQL injection vulnerability in events_new.php.

tags | exploit, remote, php, sql injection
MD5 | 83fb888284b894e89bd607800355654e
WordPress Pie Register Blind SQL Injection
Posted Jun 11, 2018
Authored by Manuel Garcia Cardenas

WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10969
MD5 | 859a1de17d4a60b5e2988304732db6e0
Schools Alert Management Scripts get_sec.php SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12052
MD5 | 047bfac8f40ffe2464f7a8fc57942ef2
Schools Alert Management Scripts Arbitrary File Read
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from an arbitrary file real vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-12054
MD5 | ebbd916045de80f68e5148aadf248e0f
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
Posted Jun 11, 2018
Authored by Mishra Dhiraj, Zubin Devnani, Hardik Mehta, Manuel Caballero

This Metasploit module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.

tags | exploit, denial of service
advisories | CVE-2018-11646
MD5 | 954689ae091fb2f143e2c327b7465e84
Schools Alert Management Script SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12055
MD5 | 3450fb18cbea09fe935a9724b8a4e0f1
Reverse Engineering - Simple Patching
Posted Jun 11, 2018
Authored by Haboob Team

Whitepaper called Reverse Engineering - Simple Patching. Written in Arabic.

tags | paper
MD5 | 68a7ae72fae2210e2a4d9ace43c125d5
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    24 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close