Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
9b87ff400a365997e33259495ae6c199Red Hat Security Advisory 2018-2572-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.4 AMC after February 28, 2019.
e04aaf249c5879fc3dd2c2c508c7edb3Ubuntu Security Notice 3756-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
0beb2e2ffd5d058e98df53cffa756afbSchneider Electric BMX P34 CPU B suffers from an open redirection vulnerability.
7a5d0f61e43d7018f39d1734d3968575Ubuntu Security Notice 3755-1 - It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.
56d9031d70fa876968c2b397983064afRed Hat Security Advisory 2018-2570-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
51538ebca6acb42b0c4dd23594565fdeWhatsApp version 2.18.61 suffers from a memory corruption vulnerability.
4e0f56a67db6bc6666fda14e307078c1Cisco Network Assistant version 6.3.3 suffers from a denial of service vulnerability.
375bcf577cae1bcc14c321a3df4e319bInstagram App version 41.1788.50991.0 denial of service proof of concept exploit.
d250cf3b65102adc33e62130fafa81c9SIPP version 3.3 is prone to a local unauthenticated stack-based overflow vulnerability.
5459f811bc8d030cf2944fee6f093f97Red Hat Security Advisory 2018-2569-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
fd6cee4c2296b72a893680a2a7742731Microsoft Windows Advanced Local Procedure Call (ALPC) local privilege escalation exploit.
dd5537a9a63d2a59cbd7132605107e01Electron WebPreferences suffers from a remote code execution vulnerability. Versions affected include 3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15.
b97fd525f5d8575e62b770c0373ee541Wayland suffers from an out-of-bounds memory access vulnerability in wl_connection_demarshal() on 32-bit systems.
d6df3a560088b2c39f11b2f8dc3a2c2dThere is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.
b2cf3dec9e5bd796bccbeb593fafdabdRed Hat Security Advisory 2018-2571-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
ac2c868d9370e0325dea88a496720f41R version 3.4.4 SEH buffer overflow exploit.
1db1952acecc95124cd66f842bf3baa1Red Hat Security Advisory 2018-2568-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
3a1822031b490afb1e845767588d47eeCMS ISWEB version 3.5.3 suffers from a cross site scripting vulnerability.
b146bc506b19d35f6ffdf73dbaf37bb2D-Link DIR-601 version 2.02NA suffers from a privilege escalation vulnerability.
6545ca3812cbc05eaebd389ef87a4378
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed