what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2018-06-12

glibc 'realpath()' Privilege Escalation
Posted Jun 12, 2018
Authored by halfdog, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library (glibc) version 2.26 and prior. This Metasploit module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath() and create a SUID root shell. The exploit has offsets for glibc versions 2.23-0ubuntu9 and 2.24-11+deb9u1. The target system must have unprivileged user namespaces enabled. This Metasploit module has been tested successfully on Ubuntu Linux 16.04.3 (x86_64) with glibc version 2.23-0ubuntu9; and Debian 9.0 (x86_64) with glibc version 2.24-11+deb9u1.

tags | exploit, shell, root
systems | linux, debian, ubuntu
advisories | CVE-2018-1000001
SHA-256 | 80545f11c3dbaf619131e029fba6bb2504458083b7b4795f41fd9210ad2c35da
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site metasploit.com

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
SHA-256 | 6b992abd6eb4488b1451744ac9a29b8cfc36bb9a4b8e764995041383204e8229
Ubuntu Security Notice USN-3682-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3682-1 - A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-6126
SHA-256 | 494f9b017be16951b96c87f973088ab519f111541e946ab28bd1de038e9136ed
Debian Security Advisory 4227-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4227-1 - Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-1002200
SHA-256 | d3c1914fa737a19cb224ebf254a1293a2fbcf359167e4cefcdf083b95a676440
WordPress Tooltipy 5.0 Cross Site Request Forgery
Posted Jun 12, 2018
Authored by Tom Adams

WordPress Tooltipy plugin version 5.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | c8f3750df4042e50ce773fbee50cec7873f62c34d26909645eb06b443dfe7052
WordPress Tooltipy 5.0 Cross Site Scripting
Posted Jun 12, 2018
Authored by Tom Adams

WordPress Tooltipy plugin version 5.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6eb4e52fcad8f00b82c4a47e651cb7194795e04d338435768fede1fe9077fca4
WordPress Redirection 2.7.3 Remote File Inclusion
Posted Jun 12, 2018
Authored by Glyn Wintle

WordPress Redirection plugin version 2.7.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 78aa1bc28075dd91582082ed629d324772fe2f1192d1e98ffcdc49abf6933f2f
Ubuntu Security Notice USN-3678-3
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-3 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | cd986165b71b4e1378a506b88fdc3586bf913dc90d9ee4980df28a9ccdd51d32
Microsoft Security Advisory Updates For June 12, 2018
Posted Jun 12, 2018
Site microsoft.com

This Microsoft advisory notification includes updates to advisories 4338110, 180012, and 180002.

tags | advisory
SHA-256 | 011c2460d0078c9c45ab1792e1c44c4c8ff1ead9d294f4c17d068ab3ee6a7e62
Microsoft Security Bulletin CVE Revision Increment For June, 2018
Posted Jun 12, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE updates for CVE-2018-0976, CVE-2018-1003, and CVE-2018-8136.

tags | advisory
advisories | CVE-2018-0976, CVE-2018-1003, CVE-2018-8136
SHA-256 | cd0dd5b1a61dc39797e47015fcbe3ecbb200494ddc561a8ea2617d0da5f71eeb
Microsoft Security Bulletin Updates For June 12, 2018
Posted Jun 12, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on June 12, 2018.

tags | advisory
SHA-256 | d3b4dc087730b3c8ec433d799eb5887f036617085942233c670062b9a94d0847
Canon PrintMe EFI Cross Site Scripting
Posted Jun 12, 2018
Authored by Huy Kha

Canon PrintMe EFI suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-12111
SHA-256 | 1cbf7ac2d4d346c2cbc6bfd3c11d137347327d0826f596f99c3e204c710fb95c
Debian Security Advisory 4226-1
Posted Jun 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4226-1 - Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12015
SHA-256 | e0d4b28c40b972342d85f4d9e267c2b56cb6f4a9f24f8c60c717404c361083f0
Ubuntu Security Notice USN-3681-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3681-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-1000445, CVE-2017-1000476, CVE-2017-10995, CVE-2017-11352, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12140, CVE-2017-12418, CVE-2017-12429, CVE-2017-12430, CVE-2017-12431, CVE-2017-12432, CVE-2017-12433, CVE-2017-12435, CVE-2017-12563, CVE-2017-12587, CVE-2017-12640, CVE-2017-12643, CVE-2017-12644, CVE-2017-12670, CVE-2017-12674, CVE-2017-12691, CVE-2017-12692
SHA-256 | 6182d1400639b09262f9bc1aa526b2067246d087644fc429fee5ee52971053be
WordPress WP Google Map 4.0.4 SQL Injection
Posted Jun 12, 2018
Authored by DefenseCode, Neven Biruski

WordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 47845a0de05723fa22908baa8f1387f03dc2b7a10302916bf08f5d96fc9dd027
Tinc Virtual Private Network Daemon 1.0.34
Posted Jun 12, 2018
Authored by Ivo Timmermans | Site tinc.nl.linux.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: Fixed a potential segmentation fault when connecting to an IPv6 peer via a proxy. Minor improvements made to the build system. Various other fixes.
tags | tool, encryption
systems | unix
SHA-256 | c03a9b61dedd452116dd9a8db231545ba08a7c96bce011e0cbd3cfd2c56dcfda
Red Hat Security Advisory 2018-1837-01
Posted Jun 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1837-01 - The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1002200
SHA-256 | ee3ffaa0d5cbc982763349c049fa7b83f3cb697d6aa52cf12b950d0a580f92f7
WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection
Posted Jun 12, 2018
Authored by DefenseCode, Neven Biruski

WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 94336025653173391ac5889e704bcfd91b865bf11182e68e4e9264480f585de8
Ubuntu Security Notice USN-3680-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3680-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-1064, CVE-2018-3639
SHA-256 | ff3fc4ce5b6f9d5fcf68d46f3c6240af4b1a6586e72085633f33674eab6a36bb
Red Hat Security Advisory 2018-1836-01
Posted Jun 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1836-01 - The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1002200
SHA-256 | 44860545987c2bda0584dc5b5b2c7f7dc7b5e84c8107536963397effe4e2eead
Red Hat Security Advisory 2018-1826-01
Posted Jun 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1826-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 4b381041ec2db87364de1a9d26aa6e7d3eade0b0b1b346b7c010eb99a7ccc47e
Ubuntu Security Notice USN-3678-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-2 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | a861ba565ba75730506975483096a29474b6446046659bf6e8bc9e3df22fa857
Ubuntu Security Notice USN-3678-1
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3678-1 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2018-10021, CVE-2018-1092, CVE-2018-8087
SHA-256 | e57ad84d6b9ea0b9108c4cf7c2d832048db4d2b4aed6a99107c3c23eb19672ed
Ubuntu Security Notice USN-3677-2
Posted Jun 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3677-2 - USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1068, CVE-2018-1092, CVE-2018-7492, CVE-2018-8087, CVE-2018-8781
SHA-256 | c1953b1b76f2fb20d0c04031dff7e5d9392ec2f294f04ffe2f9f4493d60089fc
Red Hat Security Advisory 2018-1833-01
Posted Jun 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1833-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.1 serves as a replacement for Red Hat JBoss Data Grid 7.2.0 and includes bug fixes and enhancements. You can find a link to the Release Notes that describe these bug fixes and enhancements in the References section of this erratum. Issues addressed include a deserialization vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1131
SHA-256 | 1e71d8bd747ccfad3ae2469493515df42c52ac5f89ae068b5699fe6c52b5f5b1
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close