exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2018-07-30

Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution
Posted Jul 30, 2018
Authored by Benjamin Daniel Mussler, Touhid M.Shaikh | Site metasploit.com

Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

tags | exploit, php
advisories | CVE-2015-6000, CVE-2016-1713
SHA-256 | 0e5c78b52a8faacfdb2de57265661b6c719a85c4847298f55630458f64d9b2ed
Ubuntu Security Notice USN-3725-1
Posted Jul 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3725-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-2767, CVE-2018-3060, CVE-2018-3064, CVE-2018-3071
SHA-256 | bd7c82bd9b43d8302f1ba59e7e245d65ac06842703a6bb0d4e6379f2c8ff9fdc
Red Hat Security Advisory 2018-2289-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2289-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
SHA-256 | 89db1d255b2ebdecdf4e455112b4792eed9730114402ea293fd5d0b93896cade
Red Hat Security Advisory 2018-2290-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2290-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include an integer overflow.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-1000127
SHA-256 | 4e72de47595402af82b7742070e9de1468889fe6778ff71261bcae5655fa8597
Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control
Posted Jul 30, 2018
Authored by Tobias Glemser, Simon Winter | Site secuvera.de

Microsoft Wireless Display Adapter versions 2.0.8350 to 2.0.8372 suffer from command injection, broken access control, and evil twin attack vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-8306
SHA-256 | 12ac02f7b82abb950c50fc899c9ee75f0eb6c39678669493f3d3a29f178c6b13
EMC NetWorker Insecure Transit
Posted Jul 30, 2018
Site emc.com

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a clear-text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.

tags | advisory, remote, protocol
advisories | CVE-2018-11050
SHA-256 | b88245a3c30e47eecf7a2837426863c2649600bf0a874b7d50debeea19b25006
Red Hat Security Advisory 2018-2282-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2282-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and information leakage vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-4117, CVE-2018-6044, CVE-2018-6150, CVE-2018-6151, CVE-2018-6152, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176
SHA-256 | ca5766f6b9de8d71d945f0c80ca146b85298f67e058c051a145c1c10100e5988
Red Hat Security Advisory 2018-2284-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2284-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10897
SHA-256 | 88b27afe2aa19bbc48817cf9c7404ca008beb3f307e3205b174d9219766b8713
Red Hat Security Advisory 2018-2285-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2285-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10897
SHA-256 | be32cbe9654e9e32200354086a3bc6c21a5b1f829cfa2287fb8597d4458e027e
Red Hat Security Advisory 2018-2286-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2286-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2952
SHA-256 | d274be6d6ece344f0a707f546b44fdb63c8772eff44769765004f7df4c852b4a
Red Hat Security Advisory 2018-2283-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2283-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2952
SHA-256 | 15d9125195132ea4b872e91f3809c2bc02898b200dbd17af922ad3520923d39c
Debian Security Advisory 4257-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-10906
SHA-256 | 6ae379afa1bdb3daca80e53b902623ac0af07b819114316f385107c5a5c45863
Debian Security Advisory 4258-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4258-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-14395
SHA-256 | ac4d29a191b91b8377d86774f4f94d83e77e95e3518f503758d5d1efa7396b29
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Jul 30, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-3639
SHA-256 | af6fc158a858662e25882608104480c25fcc4d45a236f8081a633157c455f8c7
Gentoo Linux Security Advisory 201807-04
Posted Jul 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201807-4 - A heap-based buffer overflow in cURL might allow remote attackers to execute arbitrary code. Versions less than 7.61.0 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0500
SHA-256 | 0a2320b12f6346b6d6a07303de445c5e22e0dc8f7838dc4b90dd35b3b1eacfe1
Gentoo Linux Security Advisory 201807-03
Posted Jul 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201807-3 - Multiple vulnerabilities have been found in ZNC, the worst of which could result in privilege escalation. Versions less than 1.7.1-rc1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-14055, CVE-2018-14056
SHA-256 | 91fb9587b76cf7af39bf255f51d11ce5f6170df1fe7a9a3e8a017635623d2674
Charles Proxy 4.2 Local Root Privilege Escalation
Posted Jul 30, 2018
Authored by Mark Wadham

Charles Proxy version 4.2 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-15358
SHA-256 | 022b946b1409e26401b209a1aa852ad95f4591f9759d07971ea39abb73b53a73
fusermount Restriction Bypass
Posted Jul 30, 2018
Authored by Jann Horn, Google Security Research

It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.

tags | exploit
advisories | CVE-2018-10906
SHA-256 | f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586c
H2 Database 1.4.197 Information Disclosure
Posted Jul 30, 2018
Authored by owodelta

H2 Database version 1.4.197 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-14335
SHA-256 | 7841faedc6bfb56845db58f47690946b3a6272eac90086bb68a2620ab9cb2cc2
Microsoft Windows Kernel win32k!NtUserConsoleControl Denial Of Service
Posted Jul 30, 2018
Authored by Victor Portal Gonzalez

Microsoft Windows Kernel win32k!NtUserConsoleControl denial of service proof of concept exploit.

tags | exploit, denial of service, kernel, proof of concept
systems | windows
SHA-256 | 47e748a334f6f70e95518c223320b5c7d7cf8bda63d29793d1ec8a9e55c4154b
Allok MOV Converter 4.6.1217 Buffer Overflow
Posted Jul 30, 2018
Authored by Shubham Singh

Allok MOV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f044517576deac6ab5a1a13f6f5e6467e05afc881c175e184e7ebf9eb713f076
ipPulse 1.92 Denial Of Service
Posted Jul 30, 2018
Authored by Shubham Singh

ipPulse version 1.92 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 4a5a02e1b9f0a0103ee6a0477f471fc2ab102ac2f5994c9398773abb0311a0ea
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close