Twenty Year Anniversary
Showing 1 - 25 of 377 RSS Feed

Files Date: 2018-07-01 to 2018-07-31

Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution
Posted Jul 30, 2018
Authored by Benjamin Daniel Mussler, Touhid M.Shaikh | Site metasploit.com

Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.

tags | exploit, php
advisories | CVE-2015-6000, CVE-2016-1713
MD5 | 72429cacd6f8d8507d950f72f13a44cd
Ubuntu Security Notice USN-3725-1
Posted Jul 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3725-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-2767, CVE-2018-3060, CVE-2018-3064, CVE-2018-3071
MD5 | 62a993774568d1bf05266b42f9da9fb9
Red Hat Security Advisory 2018-2289-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2289-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 4f5de6a9085a9c88e44314350bb7defb
Red Hat Security Advisory 2018-2290-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2290-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include an integer overflow.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-1000127
MD5 | c26aa9cb1f312c0d63fed70db09bddae
Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control
Posted Jul 30, 2018
Authored by Tobias Glemser, Simon Winter | Site secuvera.de

Microsoft Wireless Display Adapter versions 2.0.8350 to 2.0.8372 suffer from command injection, broken access control, and evil twin attack vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-8306
MD5 | 79b0670ec3acfc2b6e1824b11bd94e05
EMC NetWorker Insecure Transit
Posted Jul 30, 2018
Site emc.com

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a clear-text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.

tags | advisory, remote, protocol
advisories | CVE-2018-11050
MD5 | 8fa258c990062b421d7f2ccfc60ca833
Red Hat Security Advisory 2018-2282-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2282-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and information leakage vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-4117, CVE-2018-6044, CVE-2018-6150, CVE-2018-6151, CVE-2018-6152, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176
MD5 | ebe959506bce23a345eeeda9a2fcda81
Red Hat Security Advisory 2018-2284-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2284-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10897
MD5 | 45d2e395a8b0aad4dc5c6ff4652a8649
Red Hat Security Advisory 2018-2285-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2285-01 - The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10897
MD5 | 823f762b02ba8390aad6ffc0bae1fbfe
Red Hat Security Advisory 2018-2286-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2286-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2952
MD5 | b3ba56a1db611042993da9b1a9743b0f
Red Hat Security Advisory 2018-2283-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2283-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2952
MD5 | 907fa2857e3f019f7d5482b03814645e
Debian Security Advisory 4257-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-10906
MD5 | f932429bd8527a9205a47d92419b417a
Debian Security Advisory 4258-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4258-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-14395
MD5 | b29735aa0ee881fa568c841333c8a3cd
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Jul 30, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-3639
MD5 | d7ee2928b29a9f1ff336b8c72a357a59
Gentoo Linux Security Advisory 201807-04
Posted Jul 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201807-4 - A heap-based buffer overflow in cURL might allow remote attackers to execute arbitrary code. Versions less than 7.61.0 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0500
MD5 | d1eab4e145e6e1b33fc6fddb5dce05d5
Gentoo Linux Security Advisory 201807-03
Posted Jul 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201807-3 - Multiple vulnerabilities have been found in ZNC, the worst of which could result in privilege escalation. Versions less than 1.7.1-rc1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2018-14055, CVE-2018-14056
MD5 | 875bd82bb9479cd1df1a399538cc11bb
Charles Proxy 4.2 Local Root Privilege Escalation
Posted Jul 30, 2018
Authored by Mark Wadham

Charles Proxy version 4.2 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-15358
MD5 | 96d52f648a1dd6a9a475dd5d37ec6868
fusermount Restriction Bypass
Posted Jul 30, 2018
Authored by Jann Horn, Google Security Research

It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.

tags | exploit
advisories | CVE-2018-10906
MD5 | 9e10d920caa48857046e580c577e1ff4
H2 Database 1.4.197 Information Disclosure
Posted Jul 30, 2018
Authored by owodelta

H2 Database version 1.4.197 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-14335
MD5 | 8c87f441c10407247f7e65eceec1ee6d
Microsoft Windows Kernel win32k!NtUserConsoleControl Denial Of Service
Posted Jul 30, 2018
Authored by vportal

Microsoft Windows Kernel win32k!NtUserConsoleControl denial of service proof of concept exploit.

tags | exploit, denial of service, kernel, proof of concept
systems | windows
MD5 | baeebc065565ab91d6585025b4f98177
Allok MOV Converter 4.6.1217 Buffer Overflow
Posted Jul 30, 2018
Authored by Shubham Singh

Allok MOV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | d486d9122e1550d3d7d275716808a547
ipPulse 1.92 Denial Of Service
Posted Jul 30, 2018
Authored by Shubham Singh

ipPulse version 1.92 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 8561c270f0c8f4d97c126caf721be7c8
Responsive Filemanager 9.13.1 Server-Side Request Forgery
Posted Jul 29, 2018
Authored by Guia Brahim Fouad

Responsive Filemanager version 9.13.1 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2018-14728
MD5 | 9ea189ebe988e84ea737aadd00966199
ProjectSend R1053 SQL Injection
Posted Jul 28, 2018
Authored by Guia Brahim Fouad

ProjectSend version R1053 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e188d76af8d5bdbce988c0b31f144e58
Super CMS Blog Pro PHP Script 1.0 Cross Site Scripting
Posted Jul 28, 2018
Authored by Guia Brahim Fouad

Super CMS Blog Pro PHP Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 65c8fcb0181b7cc5639b9ffd8ad8014c
Page 1 of 16
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close