Twenty Year Anniversary
Showing 1 - 25 of 29 RSS Feed

Files Date: 2018-09-19

Microsoft Windows NtEnumerateKey Privilege Escalation
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2018-8410
MD5 | 4f74d58bd627bf009b466bba6d3ced66
Microsoft Windows CiSetFileCache TOCTOU Security Feature Bypass
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2017-11830, CVE-2018-8449
MD5 | ec7d5c98907d960bda7e631701207804
RICOH MP 2001 Printer Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

The RICOH MP 2001 printer suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17002
MD5 | 040d03765bc94f57ea1b8b754705d7c1
Ubuntu Security Notice USN-3766-2
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-2 - USN-3766-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2018-14851
MD5 | a6da1b13303103e6972312ac2ca98410
RICOH SP 4510SF Printer Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

The RICOH SP 4510SF printer suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17001
MD5 | 3874dbacb56e89248b7baf8cf89caaca
Ubuntu Security Notice USN-3767-2
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3767-2 - USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16428, CVE-2018-16429
MD5 | 90c9bc38504d7257dd3e7d6c1aca7d16
Ubuntu Security Notice USN-3768-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3768-1 - Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11645, CVE-2018-15911, CVE-2018-16513, CVE-2018-16542
MD5 | d71aa36db910f03a65299778962f6b01
ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

ManageEngine SupportCenter Plus version 8.1.0 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-16965
MD5 | ea19af7bdfd99c3b50dd3d6121956d70
LG SuperSign EZ CMS 2.5 Local File Inclusion
Posted Sep 19, 2018
Authored by Alejandro Fanjul

LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16288
MD5 | 46eacb280221d5cbed56a7615db482a6
ManageEngine Desktop Central 10.0.271 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16833
MD5 | a602b5cb22854682e6644effd92da051
LimeSurvey 3.14.7 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

LimeSurvey version 3.14.7 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17003
MD5 | 124babb32873ccb923bdcf3a1cbf33e1
Ubuntu Security Notice USN-3767-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3767-1 - It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16428, CVE-2018-16429
MD5 | af34edfe66cf46cf1905ec01f33cfcf5
WordPress Localize My Post 1.0 Local File Inclusion
Posted Sep 19, 2018
Authored by Manuel Garcia Cardenas

WordPress Localize My Post plugin version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16299
MD5 | 7f78f65786c6ba92a8df4a1d6aef8f36
Debian Security Advisory 4297-1
Posted Sep 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4297-1 - Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue.

tags | advisory, web, spoof, vulnerability
systems | linux, debian
MD5 | 4f8d322b2d6ea29707a0439ed5b41706
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
Posted Sep 19, 2018
Authored by Manuel Garcia Cardenas

WordPress Wechat Broadcast plugin version 1.2.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16283
MD5 | 96c6e22ef7a8508c4c0907ada9779757
Roundcube rcfilters 2.1.6 Cross Site Scripting
Posted Sep 19, 2018
Authored by Fahimeh Rezaei

Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16736
MD5 | 7a0a682b236084b6ce800fa7ea18f0f7
Western Digital My Cloud Authentication Bypass
Posted Sep 19, 2018
Authored by Securify B.V., Remco Vermeulen

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

tags | exploit, bypass
advisories | CVE-2018-17153
MD5 | 8137c7cec868dfc1cc789683ce268ce8
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
Posted Sep 19, 2018
Site emc.com

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-1246, CVE-2018-1250, CVE-2018-1251
MD5 | 7aac6e2dee0084b0d66042b08eb4c2c2
CA Release Automation NiMi 6.5 Remote Command Execution
Posted Sep 19, 2018
Authored by Jakub Palaczynski, Maciej Grabiec

CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2018-15691
MD5 | ff45e0057873b44374cc8a9edbcfabbd
Moodle 3.x PHP Unserialize Remote Code Execution
Posted Sep 19, 2018
Authored by Johannes Moritz | Site sec-consult.com

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2018-14630
MD5 | 4230dd49813d98f84c6358427e417b39
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
Posted Sep 19, 2018
Authored by Che-Chun Kuo

Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | da07192d34e92e6da201a74d92766b6d
Red Hat Security Advisory 2018-2721-01
Posted Sep 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-14620, CVE-2018-14635
MD5 | 7df2d41c8aa1c15c17827a684786bddb
NUUO NVRMini2 3.8 Buffer Overflow
Posted Sep 19, 2018
Authored by Jacob Baines

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.

tags | exploit, overflow
MD5 | 08097a106baa047edbd143cdc755dca7
Ubuntu Security Notice USN-3722-6
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-0360, CVE-2018-0361
MD5 | ec7521f93e9159072a1a7b2ea975f236
Ubuntu Security Notice USN-3766-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2015-9253
MD5 | 13f0348bda82b5ca1eba85e0d5b724d6
Page 1 of 2
Back12Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close