what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2018-08-17

OpenSSL Toolkit 1.1.0i
Posted Aug 17, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed a client denial of service due to a large DH parameter addressed. Cache timing vulnerability fixed. Various other updates and fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0732, CVE-2018-0737
SHA-256 | ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Google Security Research, Felix Wilhelm

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
SHA-256 | a57c9bdaee536be75c911cbc36bfde9628b265d45ec11186e3c633aa95fb102c
Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.

tags | exploit
advisories | CVE-2018-8298
SHA-256 | f97ca7991e591cef05e7ed6feb1a7ced14a0b1f33f4e0b684d0bbfae83d9c790
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.

tags | exploit
SHA-256 | 4d7c1c0bd391258ccf4d2a6df0bbe9fce45d445b76d8eb5317891fd7fc1cfef5
Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.

tags | exploit
advisories | CVE-2018-8291
SHA-256 | 02a9af64a615a45ba93686901284c1ca585f8e53c27860a4cfcb2c7a25376b37
Microsoft Edge Chakra Parameter Scope Parsing Bug
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a parameter scope parsing bug.

tags | exploit
advisories | CVE-2018-8279
SHA-256 | a916e8ee259ed452ab0ef0b7d6f4f736a5c6609e52233de54ab3341897861228
Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.

tags | exploit, bypass
advisories | CVE-2018-8288
SHA-256 | fa2ba833d2e86afeca1956fc5c100501e728bc7ca7779f47078461ffbd346bab
Silver Peak EdgeConnect 8.1.4.9_65644 XSS / DoS / Disclosure / Traversal
Posted Aug 17, 2018
Authored by Denis Kolegov, Antony Nikolaev, Nikita Oleksov, Nikolay Tkachenko, Maxim Gorbunov, Sergey Gordeychick, Oleg Broslavsky

Silver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
SHA-256 | b42452437467664a92247a8da4abc4bab26c4a029cebeb2baf14a4b90f2bc2ec
Debian Security Advisory 4276-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.

tags | advisory, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2017-14650, CVE-2017-9773, CVE-2017-9774
SHA-256 | 5a91e4696a88ec6df60c812fd310ab5a29f0fe840e8ade3ed2ebda558fa04fe4
Debian Security Advisory 4275-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4275-1 - Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup.

tags | advisory
systems | linux, debian
advisories | CVE-2018-14432
SHA-256 | 2722a7a50b3df516beead367c9a8fdb85bc8fc6b0ed463e739d8468a039808d5
Debian Security Advisory 4274-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.

tags | advisory
systems | linux, debian
advisories | CVE-2018-3620, CVE-2018-3646
SHA-256 | 090e52f65938d37c9d400bbfae4c12bff0fad68fc7f006a27c5b57d8da365fcc
Debian Security Advisory 4273-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
SHA-256 | 3063db9bd745bdaeeb09124be4f84fda09413e2977b37ed6971840c6ddf5d2f3
Ubuntu Security Notice USN-3658-3
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1125
SHA-256 | a32a90f48926d3e6126d1244f916e94cebf95b7a6a2e7475e80023c4dc952f14
Red Hat Security Advisory 2018-2486-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-0718, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9598, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-6004, CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246, CVE-2018-0500
SHA-256 | 140c5c41e74ea3c15e65121e0032d6722516e2191125272a7af63151aff85e5d
Red Hat Security Advisory 2018-2482-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2482-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a container breakout vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10892
SHA-256 | 62402d4275a02e8054f684608b6f634e241a038754a74759288805f7895f2d8e
Red Hat Security Advisory 2018-2469-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8019, CVE-2018-8020
SHA-256 | 58233e3f4ecd9722a599c2120cf4861835f04bbae8478ae9b987c99057992e0e
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12911, CVE-2018-4263, CVE-2018-4267, CVE-2018-4278
SHA-256 | 45119b386ec1249752c118d988a4af26e77728f2aff90d9299f2cbcbc2021604
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
SHA-256 | 10c7a46516045ae2ad89d98e1e273b9ca69727a9da14ccba89173432684540ae
ADM 3.1.2RHG1 Remote Code Execution
Posted Aug 17, 2018
Authored by Kyle Lovett, Matthew Fulton

ADM versions 3.1.2RHG1 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11510
SHA-256 | 9a46e6052ab21077d8fb2a00c396c5a222221fa0ed30b081f7a21a733bacdd33
Mikrotik WinBox 6.42 Credential Disclosure
Posted Aug 17, 2018
Authored by Maxim Yefimenko

Mikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | facd664f6ae9c30c9f9f80e3755e975bbd10839dbf536c509f7c498a947844aa
CEWE Photoshow 6.3.4 Denial Of Service
Posted Aug 17, 2018
Authored by Gionathan Reale

CEWE Photoshow version 6.3.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | d72c8c951d63b0ee4bf8a4e7b94c8ec955f07b7ee21e7a2ddb55a20820e0eac1
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
Posted Aug 17, 2018
Authored by IRaNHaCK Security Team

WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 70e7b14338cee8434121d445a5d8df4306f3cbe0660cf766d5d1db94a92d44d7
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close