Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-09-20

Faraday 3.1
Posted Sep 20, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed get exploits API. New searcher feature. Continuous scan updated for Nessus 7. Various other updates and improvements.
tags | tool, rootkit
systems | unix
MD5 | 0e8af1db72b4cf23b8c11e2c7769fc1d
mgetty 1.2.0 Buffer Overflow / Privilege Escalation
Posted Sep 20, 2018
Authored by Eric Sesterhenn

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745
MD5 | efa03dfc830f599a7cbecef8831e2779
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
MD5 | b13871247b7cf82557cf72c3c2ec0aa3
HITBSecConf2018PEK Call For CTF
Posted Sep 20, 2018
Authored by Hafez Kamal | Site conference.hitb.org

JD-HITB2018 Beijing CTF plus Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win cash prizes worth up to USD 2000.

tags | paper, conference
MD5 | feafb7a6a6dfc34b9699bd3d3b51fe09
Asterisk Project Security Advisory - AST-2018-009
Posted Sep 20, 2018
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash.

tags | advisory, web, overflow
advisories | CVE-2018-17281
MD5 | d360009b6ebce2781197851a171aa0fc
Red Hat Security Advisory 2018-2733-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2733-01 - The rubygem provided by rubygem-smart_proxy_dynflow is a plugin into Foreman's Smart Proxy for running Dynflow actions on the Smart Proxy. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-14643
MD5 | dc969721365125f8cc4368ed1b63a5a8
Red Hat Security Advisory 2018-2731-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2731-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, remote, denial of service, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-10873
MD5 | 8d40cb7f1ced83a4f4b7bd544cba91fd
Red Hat Security Advisory 2018-2732-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2732-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, remote, denial of service, overflow, kernel, local, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-10873
MD5 | 863d33eb921de55d54e521471f3d6064
Ubuntu Security Notice USN-3770-2
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3770-2 - USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Pedro Ribeiro discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4276, CVE-2016-10165, CVE-2018-16435
MD5 | 325321d49491ad9b4d32bd15c2e01c94
Red Hat Security Advisory 2018-2729-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2729-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-10892, CVE-2018-10915, CVE-2018-14620, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819
MD5 | 04f466800f64d37b9be1ae64b9719964
Ubuntu Security Notice USN-3770-1
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3770-1 - Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10165, CVE-2018-16435
MD5 | c76a071756a5e9c15fff292477ecef48
Ubuntu Security Notice USN-3769-1
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3769-1 - It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5740
MD5 | 264b44ce038373718e871ebf65478acc
WebRTC VP9 Processing Use-After-Free
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in VP9 processing in WebRTC.

tags | exploit
advisories | CVE-2018-16071
MD5 | 46a569d07b8a5affa552ca7aa5867a06
WebRTC FEC Out-Of-Bounds Read
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

tags | exploit
advisories | CVE-2018-16083
MD5 | f5cc50595786ed774a0112b7002d39e0
NICO-FTP 3.0.1.19 Buffer Overflow
Posted Sep 20, 2018
Authored by Abdullah Alic

NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | 4ccdbfbde28268bcd3d906b1c12fb49a
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
MD5 | 2038e67567ecd2a777571f2252fa6b92
Linux/x86 Egghunter (0x50905090) + sigaction() Shellcode
Posted Sep 20, 2018
Authored by Valbrux

27 bytes small Linux/x86 egghunter (0x50905090) + sigaction() shellcode.

tags | x86, shellcode
systems | linux
MD5 | 98c3b4f85def0478d23b5494b10248c2
Telegram Desktop 1.3.14 Denial Of Service
Posted Sep 20, 2018
Authored by Mishra Dhiraj

Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.

tags | advisory, denial of service
MD5 | 31d080533f64618434fcb4a98727b3e6
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close