what you don't know can hurt you
Showing 1 - 25 of 29 RSS Feed

Files Date: 2018-09-19

Microsoft Windows NtEnumerateKey Privilege Escalation
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2018-8410
SHA-256 | db58dd019b911586330159149eda8b2dc64f11da97ac17f50b0f84104e699ecc
Microsoft Windows CiSetFileCache TOCTOU Security Feature Bypass
Posted Sep 19, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2017-11830, CVE-2018-8449
SHA-256 | eb52dc13fee602e4f4367c0eb42d933defb5c0336c73d90ce5236346a9ec00ba
RICOH MP 2001 Printer Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

The RICOH MP 2001 printer suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17002
SHA-256 | 25c334d3f7c18bb5dd325e01457ba93bc2ecb6028d6ebcb3a88ffa2c9520a416
Ubuntu Security Notice USN-3766-2
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-2 - USN-3766-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2018-14851
SHA-256 | d412a5e78f7e05c7922741e5c5a00c84d22a69e42a6d8888b76d586cb5c5a49f
RICOH SP 4510SF Printer Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

The RICOH SP 4510SF printer suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17001
SHA-256 | ad51c5cabfa96c84982f694460d4b9b4673d03fc9d37fe99f9b2a1fcb4264cb5
Ubuntu Security Notice USN-3767-2
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3767-2 - USN-3767-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16428, CVE-2018-16429
SHA-256 | 75d0fab351c0576d41ee5ef49acb8b2023ad189e71f0d7d8f800d8e3d250f367
Ubuntu Security Notice USN-3768-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3768-1 - Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11645, CVE-2018-15911, CVE-2018-16513, CVE-2018-16542
SHA-256 | de5e6e2ac268791112b32245e79a1edae5050186138c910f625de3a6f7a7c619
ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

ManageEngine SupportCenter Plus version 8.1.0 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-16965
SHA-256 | 6e0c3871f1183ae3f740723b285ea18246b9b6ba334e1142cb9158d52b3bf598
LG SuperSign EZ CMS 2.5 Local File Inclusion
Posted Sep 19, 2018
Authored by Alejandro Fanjul

LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16288
SHA-256 | 8f7ab321e613344bd548f7dc6db6dd5b8fded8947447f25c3328606a4b184663
ManageEngine Desktop Central 10.0.271 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16833
SHA-256 | 0f1d28ed8e054e84cdd90f7c1e9a70520b5ed9a2a745aea65ea7ec212c1f5592
LimeSurvey 3.14.7 Cross Site Scripting
Posted Sep 19, 2018
Authored by Ismail Tasdelen

LimeSurvey version 3.14.7 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-17003
SHA-256 | 43570d66dc84a4eee1ad17a24a094bdea93d8ca6e1e5d80b27ccbb144423e567
Ubuntu Security Notice USN-3767-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3767-1 - It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16428, CVE-2018-16429
SHA-256 | 8130359e9ecca83022423cc08f939d1ba125806fa856a1ed2e0cc845c44d1ff4
WordPress Localize My Post 1.0 Local File Inclusion
Posted Sep 19, 2018
Authored by Manuel Garcia Cardenas

WordPress Localize My Post plugin version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16299
SHA-256 | 6cef85344c2e2259c242800c501a3e5f18af3c06daf51bdd202412007623bb52
Debian Security Advisory 4297-1
Posted Sep 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4297-1 - Two vulnerabilities have been discovered in the chromium web browser. Kevin Cheung discovered an error in the WebAssembly implementation and evil1m0 discovered a URL spoofing issue.

tags | advisory, web, spoof, vulnerability
systems | linux, debian
SHA-256 | bda7ece5f8cb09f316e695b3369f5bba7187241256943ce8e12a868e9381e94f
WordPress Wechat Broadcast 1.2.0 Local File Inclusion
Posted Sep 19, 2018
Authored by Manuel Garcia Cardenas

WordPress Wechat Broadcast plugin version 1.2.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-16283
SHA-256 | cd960f090368e8d0e16f44d88a273bd4ed1c988f513fee3d7f3cd60da7d85622
Roundcube rcfilters 2.1.6 Cross Site Scripting
Posted Sep 19, 2018
Authored by Fahimeh Rezaei

Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-16736
SHA-256 | 5d5e55b142ababa9f48c19ae8d819c5b167be38bc7ff55ac40fbe2ffbf7662a4
Western Digital My Cloud Authentication Bypass
Posted Sep 19, 2018
Authored by Securify B.V., Remco Vermeulen

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

tags | exploit, bypass
advisories | CVE-2018-17153
SHA-256 | d932fe2ac618b65b67fd2884481f4279bcc3c61802d9521bc7877fecf8dee16b
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
Posted Sep 19, 2018
Site emc.com

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-1246, CVE-2018-1250, CVE-2018-1251
SHA-256 | 0ed28c30c507c2fb4fe9957e1375fabd1f4bfefb74f954dc4acdbb85d305bae3
CA Release Automation NiMi 6.5 Remote Command Execution
Posted Sep 19, 2018
Authored by Jakub Palaczynski, Maciej Grabiec

CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2018-15691
SHA-256 | ee7fc2be843047e737cd1ff2e3299d09c9fbdce8e0cb96c24043007882021e48
Moodle 3.x PHP Unserialize Remote Code Execution
Posted Sep 19, 2018
Authored by Johannes Moritz | Site sec-consult.com

Moodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2018-14630
SHA-256 | e1192dea24bdf40a1f2a57e173fb3e080e8f325080cbf19e225ef91eda41a138
Ubisoft Uplay Desktop Client 63.0.5699.0 Remote Code Execution
Posted Sep 19, 2018
Authored by Che-Chun Kuo

Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b4fc52c6e2348034f140ebc81f23e2c7a420dd74989550b0b177406dce388a6e
Red Hat Security Advisory 2018-2721-01
Posted Sep 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2721-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10915, CVE-2018-14620, CVE-2018-14635
SHA-256 | a5a7ddcefea036609f515b9887cb57ed820c994704377c75146ebab40450c72b
NUUO NVRMini2 3.8 Buffer Overflow
Posted Sep 19, 2018
Authored by Jacob Baines

NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 2b0345e406aa5762d5b5e8b4a9fd8928fea8a9d53b01a3a7edc11adbd2ae76a5
Ubuntu Security Notice USN-3722-6
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-0360, CVE-2018-0361
SHA-256 | 6325395b38e11aef78e86b6e436b664f9907e8d32726fc44f02f3a52a0186d47
Ubuntu Security Notice USN-3766-1
Posted Sep 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2015-9253
SHA-256 | a5c456a29b486c81739117fc6446669b41d6f3a191130112d47f694c7c58a599
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close