Twenty Year Anniversary
Showing 1 - 25 of 26 RSS Feed

Files Date: 2018-07-02

Ubuntu Security Notice USN-3698-1
Posted Jul 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3698-1 - It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-12154, CVE-2017-12193, CVE-2017-15265, CVE-2018-1130, CVE-2018-3665, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927, CVE-2018-7755, CVE-2018-7757
MD5 | 79e62f3c9db29224ec902903f92f2bff
Ubuntu Security Notice USN-3696-1
Posted Jul 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3696-1 - It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-13695, CVE-2017-18255, CVE-2017-18257, CVE-2018-1000204, CVE-2018-10021, CVE-2018-10087, CVE-2018-10124, CVE-2018-3665, CVE-2018-5814, CVE-2018-7755
MD5 | 85ebc7f68fdfd1ec62e89e89a7199622
Ubuntu Security Notice USN-3695-1
Posted Jul 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3695-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-11508, CVE-2018-7755
MD5 | 1ab8575ad708cdc9ce2f92f0db75ae9f
Ubuntu Security Notice USN-3695-2
Posted Jul 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3695-2 - USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1094, CVE-2018-10940, CVE-2018-1095, CVE-2018-11508, CVE-2018-7755
MD5 | 6208e9e136bfff7fc82ca98b30f85bda
Boxoft WAV To MP3 Converter 1.1 Buffer Overflow
Posted Jul 2, 2018
Authored by Robbie Corley, Shelby Pace | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.

tags | exploit, overflow, shellcode
advisories | CVE-2015-7243
MD5 | 0bc942aad9f54095c3d8e7923d60677c
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
Posted Jul 2, 2018
Authored by Secator, Michael Reizelman, Antonio

OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2018-9997, CVE-2018-9998
MD5 | b4faef1ad16b321741447e57a22a0b31
Microsoft Windows Kernel (win32k.sys) Local Denial Of Service
Posted Jul 2, 2018
Authored by Victor Portal Gonzalez

Microsoft Windows Kernel (win32k.sys) suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl.

tags | advisory, denial of service, kernel, local
systems | windows
MD5 | 3fd18ac6710b6c0e6ed7b3cfb9170e55
RSA Certificate Manager 6.9 Path Traversal
Posted Jul 2, 2018
Site emc.com

RSA Certificate Manager 6.9 contains a fix for a path traversal vulnerability that could potentially be exploited by malicious users to compromise the affected system. Affected versions include RSA Certificate Manager versions 6.9 build 560 through 6.9 build 564. Related CVE number: CVE-2018-11051.

tags | advisory
MD5 | cb86ed558d6ab052c2b1193c2d53c29d
openslp 2.0.0 Double Free
Posted Jul 2, 2018
Authored by Magnus Klaaborg Stubman

An issue was found in openslp version 2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's doubly-linked memory chunk list. An exploit in included in the advisory.

tags | exploit
MD5 | a26efcb8edc9f13d1ffd017078fe2782
NuCom NC-WR644GACV Unauthenticated Configuration File Download
Posted Jul 2, 2018
Authored by Zerial

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials.

tags | exploit, bypass
advisories | CVE-2018-8755
MD5 | d0d26445c9f9d4f847ac07a07af4fee3
D-Link DIR-890L A2 Improper Access Control
Posted Jul 2, 2018
Authored by Kevin Randall

An issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

tags | advisory, local, bypass
advisories | CVE-2018-12103
MD5 | 214b3494230a0438d386a6419d414c81
ntop-ng Authentication Bypass
Posted Jul 2, 2018
Authored by Ioannis Profetis

ntop-ng versions prior to 3.4.180617 suffer from a deterministic session ID vulnerability.

tags | exploit, bypass
advisories | CVE-2018-12520
MD5 | 04275f6faa506014249ae19f4b73f191
extjs getTip() Cross Site Scripting
Posted Jul 2, 2018
Authored by Daniel Fritsch

extjs versions prior to 6.6.0 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-8046
MD5 | 6918d7270bd31d8743adad33428062bc
WeChat Pay SDK XXE Injection
Posted Jul 2, 2018
Authored by Rose Jackcode

The WePay Chat SDK suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | d342061025f7c5d2655f550f549bb5da
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
Posted Jul 2, 2018
Authored by Okan Coskun

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.

tags | exploit, remote, arbitrary
advisories | CVE-2018-12571
MD5 | 7c32094ad0851d110b5ec08cfce5b793
EMC ECS S3 Authentication Bypass
Posted Jul 2, 2018
Site emc.com

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.

tags | advisory, remote, bypass
advisories | CVE-2018-11052
MD5 | 2e3f16624ae92fac275cc03abf77df09
Axis Cameras Authorization Bypass / Unrestricted Access / Command Injection
Posted Jul 2, 2018
Authored by Or Peles | Site blog.vdoo.com

Axis Cameras suffer from authorization bypass, unrestricted dbus access, command injection, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2018-10658, CVE-2018-10659, CVE-2018-10660, CVE-2018-10661, CVE-2018-10662, CVE-2018-10663, CVE-2018-10664
MD5 | b1d6f502e4097765fade4203769a08af
Linux/x86 Execve /bin/cat /etc/passwd Shellcode
Posted Jul 2, 2018
Authored by Anurag Srivastava

37 bytes small Linux/x86 execve /bin/cat /etc/passwd shellcode.

tags | x86, shellcode
systems | linux
MD5 | 4d27f629e415202443486cfadf82494b
DAMICMS 6.0.0 Cross Site Request Forgery
Posted Jul 2, 2018
Authored by bay0net

DAMICMS version 6.0.0 suffers from an add administrator cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e3829f2034d656b4cbfaf68599c29175
Dolibarr ERP CRM 7.0.3 Code Injection
Posted Jul 2, 2018
Authored by om3rcitak

Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | c3c0b8993ddf32695f9afefe4a832269
Core FTP LE 2.2 Buffer Overflow
Posted Jul 2, 2018
Authored by Berk Cem Goksel

Core FTP LE version 2.2 buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-12113
MD5 | 9374afe7a9fa94be48ccc3512a486640
SIPp 3.6 Buffer Overflow
Posted Jul 2, 2018
Authored by Fakhri Zulkifli

SIPp version 3.6 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | b50a8cb40949c174c4227658dffa2e3e
Delta Industrial Automation COMMGR 1.08 Buffer Overflow
Posted Jul 2, 2018
Authored by t4rkd3vilz

Delta Industrial Automation COMMGR version 1.08 stack buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-10594
MD5 | 380f500e42ef7dd79ad79b6d26aee890
Geutebruck simple_loglistjs.cgi Remote Command Execution
Posted Jul 2, 2018
Authored by Davy Douhine, Nicolas Mattiocco | Site metasploit.com

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.

tags | exploit, arbitrary, cgi, root
advisories | CVE-2018-7520
MD5 | 3c493d70dda3e9875442ed78bc1db5d8
VMware NSX SD-WAN Edge Command Injection
Posted Jul 2, 2018
Authored by Section 8, Brian Sullivan

VMware NSX SD-WAN Edge versions prior to 3.1.2 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-6961
MD5 | d65b5e9c3ccdd176823a67edceffbaab
Page 1 of 2
Back12Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close