Twenty Year Anniversary
Showing 1 - 11 of 11 RSS Feed

Files Date: 2018-07-20

Microsoft dnslint.exe DNS Tool Forced Drive-By Download
Posted Jul 20, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.

tags | exploit
MD5 | eb14060a0091ba68f6b96c6e9ef2fb25
Oracle Outside In 8.5.3 Denial Of Service
Posted Jul 20, 2018
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.

tags | advisory, denial of service, vulnerability
advisories | CVE-2018-2992, CVE-2018-3009, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3103, CVE-2018-3104
MD5 | 36619a213e7a84de872768446d7ee5f5
Oracle Outside In 8.5.3 Heap-Based Buffer Overflows / OOB Write
Posted Jul 20, 2018
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. An error within the "VwStreamRead()" function (vsdrw.dll) can be exploited to cause a heap-based buffer overflow. A boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. Another boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. An integer underflow error within the "VwStreamOpen()" function (vswk6.dll) can be exploited to cause an out-of-bounds write memory access. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2018-3010, CVE-2018-3092, CVE-2018-3099, CVE-2018-3102
MD5 | be326e466eb0e8b495861d5e98f468e7
LibRaw parse_minolta() Infinite Loop Denial Of Service
Posted Jul 20, 2018
Authored by Kasper Leigh Haabb | Site secunia.com

Secunia Research has discovered a vulnerability in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. The vulnerability is confirmed in version 0.18.10. Prior versions may also be affected.

tags | advisory, denial of service
advisories | CVE-2018-5813
MD5 | 7e314ad7bf65ac9b67e75cefd933e024
LibRaw 0.18.11 Denial Of Service
Posted Jul 20, 2018
Authored by Kasper Leigh Haabb | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) can be exploited to trigger a division by zero via specially crafted NOKIARAW file. The vulnerabilities are confirmed in version 0.18.11. Prior versions may also be affected.

tags | advisory, denial of service, overflow, vulnerability
systems | apple
advisories | CVE-2018-5804, CVE-2018-5815, CVE-2018-5816
MD5 | 6e78f4b1fcbe43e3fe25052ffe74b0e0
VMware Security Advisory 2018-0018
Posted Jul 20, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0018 - VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues.

tags | advisory
advisories | CVE-2018-6971, CVE-2018-6972
MD5 | a9cf1720b333c1dbbae97a03d5c288ef
Microsoft Security Bulletin Advisory Notification For July, 2018
Posted Jul 20, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on July 19, 2018.

tags | advisory
MD5 | b2d77d5e886753a894f997c728a17612
Microsoft Security Bulletin CVE Revision Increment For July, 2018
Posted Jul 20, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE updates for CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, and CVE-2018-8356.

tags | advisory
advisories | CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, CVE-2018-8356
MD5 | 6608a35eef49479847469a40ae07ee76
RSA Archer 6.x Cross Site Scripting / Authorization Bypass
Posted Jul 20, 2018
Authored by Francesca Perrone, Donato Onofri | Site emc.com

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

tags | advisory, remote, web, javascript, xss, bypass
advisories | CVE-2018-11059, CVE-2018-11060
MD5 | 574ac49865a7a3a381903494b92d19f8
National Instruments Linux Driver Remote Code Injection
Posted Jul 20, 2018
Authored by Enrico Weigelt

The National Instruments Linux driver package suffers from a remote code injection (software update) vulnerability.

tags | advisory, remote
systems | linux
MD5 | 1e28736b0d9553a7194f07575dca7de2
Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
Posted Jul 20, 2018
Authored by Denis Andzakovic

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-2933, CVE-2018-2998
MD5 | 8148b832465acbeccd85c4e873dbde29
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close