Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-09-18

Solaris libnspr NSPR_LOG_FILE Privilege Escalation
Posted Sep 18, 2018
Authored by Marco Ivaldi, Brendan Coles | Site metasploit.com

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).

tags | exploit, arbitrary, x86, root
systems | solaris
advisories | CVE-2006-4842
MD5 | 0f80a93992c7fdfbc617a2b680a3059e
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
Posted Sep 18, 2018
Authored by Larry W. Cashdollar

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2018-1002001
MD5 | 7d535ca7853080a8b831de38f014cd8a
Apple Security Advisory 2018-9-17-3
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.

tags | advisory
systems | apple
advisories | CVE-2016-1777, CVE-2018-4305, CVE-2018-4313, CVE-2018-4363, CVE-2018-5383
MD5 | d364030cc534c515c923cb61691877bd
Apple Security Advisory 2018-9-17-2
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.

tags | advisory
systems | apple
advisories | CVE-2016-1777, CVE-2018-4305, CVE-2018-4313, CVE-2018-4363
MD5 | d702cb01c2da6754e7797fdd422d3932
Apple Security Advisory 2018-9-17-5
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.

tags | advisory
systems | apple, ios
advisories | CVE-2018-4397
MD5 | a7441db84a7a0503a585f77069e82c01
Apple Security Advisory 2018-9-17-4
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2018-4195, CVE-2018-4307, CVE-2018-4329
MD5 | a568d7158566c7148b8c1fa79bd1a522
Red Hat Security Advisory 2018-2715-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-14635
MD5 | 9c40cf3c9da54fd858853ff23c861a07
Red Hat Security Advisory 2018-2714-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-18191
MD5 | 0064efdffce0aa05178f808921827ea5
Red Hat Security Advisory 2018-2710-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-14635
MD5 | 118fe4e8851e210870df175d0c9d9aed
Red Hat Security Advisory 2018-2713-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
MD5 | 3797b81d564b8029513cab464185b869
Red Hat Security Advisory 2018-2712-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
MD5 | f77d31f8e66a2618c51fef80f516e567
Debian Security Advisory 4296-1
Posted Sep 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

tags | advisory, crypto, vulnerability
systems | linux, debian
advisories | CVE-2018-0497, CVE-2018-0498
MD5 | 59293157a0f21f3228071e876b5a0988
Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery
Posted Sep 18, 2018
Authored by Alphan Yavas

Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.

tags | advisory
advisories | CVE-2018-16793
MD5 | de9cfc08b86ceb9f798df8ea03404c6d
QBee MultiSensor Camera 4.16.4 Cookie Reuse
Posted Sep 18, 2018
Authored by Francesco Servida

QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.

tags | advisory
advisories | CVE-2018-16225
MD5 | 0c4f7d8fbc2673b6774e76204fba6fd1
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.

tags | exploit
advisories | CVE-2018-8384
MD5 | 5bdea5cae9762e60edfaa8a268f78dbb
Microsoft Edge Chakra JIT localeCompare Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.

tags | exploit
advisories | CVE-2018-8355
MD5 | f4b3619f1626d973adb28bf93ce037e3
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close