exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2018-09-13

Ubuntu Security Notice USN-3747-2
Posted Sep 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-2952, CVE-2018-2972
SHA-256 | d976d682847548950360e8367b23160b0e1b44e81d4c7d9b6c183d4bed90c5e5
Ubuntu Security Notice USN-3747-2
Posted Sep 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-2952, CVE-2018-2972
SHA-256 | d976d682847548950360e8367b23160b0e1b44e81d4c7d9b6c183d4bed90c5e5
oBike Electronic Lock Bypass
Posted Sep 13, 2018
Authored by Antoine Neuenschwander

oBike Electronic Lock suffers from an access control bypass vulnerability via a replay attack on a predictable nonce.

tags | exploit, bypass
advisories | CVE-2018-16242
SHA-256 | 13df632e5c53843e23194156fe2d63616d6e5979d4123095f308d37fcc056c1b
Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference
Posted Sep 13, 2018
Authored by S. M. Zia Ur Rashid

Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-16970, CVE-2018-16971
SHA-256 | cc36e32ff6b7ae17f07bc9e0331c469bc08d5e7f11e8832e9800e8f423a2219c
HiScout GRC Suite File Upload
Posted Sep 13, 2018
Authored by Sebastian Auwaerter

HiScout GRC Suite versions prior to 3.1.5 suffer from a file upload vulnerability. An authenticated attacker with the permission to edit or add a "WebSiteElement" to the "content" pages is able to upload any file with any file extension to the data directory of the application. This directory is in the web root and the uploaded file is executed on the server if ".aspx" is chosen as the file extension and if the file contains aspx source code. Any commands can be executed with the permissions of the web server user on the server by exploiting this vulnerability.

tags | exploit, web, root, file upload
advisories | CVE-2018-16796
SHA-256 | 0b70d18c98e2aa3b7c8228963bae5c8015cb59571383b77778ec28287f564e35
Falco 0.12.1
Posted Sep 13, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Fixed a regression in the libcurl configure script.
tags | tool, intrusion detection
systems | unix
SHA-256 | eb2d5691b5848fe73c814bf14a56055ce9fa81837a6de53edcb56389b1288748
VBScan Vulnerability Scanner 0.1.8
Posted Sep 13, 2018
Authored by Mohammad Reza Espargham | Site owasp.org

VBScan is a black box vBulletin vulnerability scanner written in perl.

Changes: Updated vulnerabilities database. Various other updates and enhancements.
tags | tool, scanner, perl
systems | unix
SHA-256 | 6995ea103a40716fe5735d47841063df1571c2d4e08080fa9bdb9b2f2b2a6dcf
Seagate Personal Cloud Information Disclosure
Posted Sep 13, 2018
Authored by Yorick Koster

Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.

tags | exploit, web, local, vulnerability, info disclosure
SHA-256 | 561f2e8c233f719d62e19876ccec52841abe5ce3a473389348130435a20ce8bc
Tor Browser SMB Deanonymization / Information Disclosure
Posted Sep 13, 2018
Authored by Filippo Cavallarin

Tor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.

tags | exploit, remote, info disclosure
systems | windows
advisories | CVE-2017-16639
SHA-256 | 5b1b6551f82ae1b8033ae157a5420a8e86e2df791a77602af401e147b60ad490
Red Hat Security Advisory 2018-2701-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2701-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2018-1336
SHA-256 | 7ce886979afd2a4270a66385a1f97a6ac5310a6522d99ed7cff563b84b9e3541
FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
Posted Sep 13, 2018
Authored by Fraunhofer FKIE, Thomas Barabosch, Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2018-6924
SHA-256 | 42a2b3589a9c3b226fa7bfec84d4bf9ef2e34c4d0777d0e1da333fc52d5d9ecb
Linux dmesg Arbitrary Kernel Read
Posted Sep 13, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.

tags | advisory, arbitrary, kernel
systems | linux
SHA-256 | d3543609cf07f5bc3c6ff63fec8e66a77587ae2ca18d384c4afa15317c5fc42f
Chrome OS gRPC garcon Command Execution
Posted Sep 13, 2018
Authored by Jann Horn, Google Security Research

There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. garcon uses gRPC, which is an RPC protocol that sends protobufs over plaintext HTTP/2. (Other system components communicate with the VM over gRPC-over-vsock, but garcon uses gRPC-over-TCP.) For some command types, the TCP connection is initiated by the host; for others, it is initiated by the guest. Both guest and host are listening on [::]:8889; however, the iptables rules of the host prevent an outside host from simply connecting to those sockets. However, apps running on the host are not affected by such restrictions.

tags | exploit, web, tcp, protocol
SHA-256 | 9263536fa5f7e9451ac5165732e05e723c9b21083c0ec421bcbc98dfed2d7d49
Bayanno Hospital Management System 4.0 Cross Site Scripting
Posted Sep 13, 2018
Authored by Gokhan Sagoglu

Bayanno Hospital Management System version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d4f93fd6dfa9149d8e072789c883eebff608134fac840fec58a8ba5e3c0e8b1d
CirCarLife SCADA 4.3.0 Credential Disclosure
Posted Sep 13, 2018
Authored by David Castro

CirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-12634
SHA-256 | 46627de7d762e475e35a663882dc966b35de840cbbba11f66704ee9905ab6e13
Microsoft Security Advisory Updates For September 12, 2018
Posted Sep 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.

tags | advisory
SHA-256 | 42af11a0825d69c66ad1ebe75ca516f25ca353f3a59c4856d696c6d617b31bc0
Microsoft Security Bulletin CVE Revision Increment For September, 2018
Posted Sep 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE updates for CVE-2018-8154.

tags | advisory
advisories | CVE-2018-8154
SHA-256 | 765914132566857b5ee32d4e667887b33c5aeda536dcc96d38a280cfa3599929
Red Hat Security Advisory 2018-2700-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2700-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

tags | advisory, java, web, denial of service
systems | linux, redhat
advisories | CVE-2018-1336
SHA-256 | 0a9203311ab1c2f727860661fb96fed9f116236f730505d48439f3dfa77a914a
Red Hat Security Advisory 2018-2693-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379
SHA-256 | 1e04af099ec5b0ac812f19c6bbb4cd7f350c77e28130f9b45dec464590936e91
Rubedo CMS 3.4.0 Directory Traversal
Posted Sep 13, 2018
Authored by Marouene Boubakri

Rubedo CMS version 3.4.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-16836
SHA-256 | 638b967881d9edbdc2a4c81f93ad9e4ebeab01becb4c6dc79867735b3fc7928b
Ubuntu Security Notice USN-3764-1
Posted Sep 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3764-1 - It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0502, CVE-2018-1100
SHA-256 | 89ba063df98e23a09aa7ae98398a759961e064ec95db0c10e5c0223142e0b938
Red Hat Security Advisory 2018-2692-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379
SHA-256 | fac145b33805b88f759116e14c017487440f2d4989803aab2b35ca2d2f96fceb
Red Hat Security Advisory 2018-2684-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 094ce7a6246a97103a35b9e51ff52c6828a0a35bfca61c0f670205f2baec77c7
DAVOSET 1.3.6
Posted Sep 13, 2018
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: In new version there was added support of for an SSRF vulnerability in Splunk Enterprise. Also there were added new services into lists of zombies and removal of non-working services from the lists of zombies.
tags | tool, denial of service
SHA-256 | ff2e163a1633e4fdc90cd4324c9040bd6065bea7acb9ef34b21a0b2feb7011f7
Debian Security Advisory 4292-1
Posted Sep 13, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4292-1 - Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2018-16657
SHA-256 | f1512c8c5771d2687946690c4f61e648f7fcaee6872e5e094733605bc5d7f94e
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close