exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-09-20

Faraday 3.1
Posted Sep 20, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed get exploits API. New searcher feature. Continuous scan updated for Nessus 7. Various other updates and improvements.
tags | tool, rootkit
systems | unix
SHA-256 | 8f605b925cb9d088e6b40181696d28707ac6043bd0a7ef4bf3c0a8ce56a7b349
mgetty 1.2.0 Buffer Overflow / Privilege Escalation
Posted Sep 20, 2018
Authored by Eric Sesterhenn

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745
SHA-256 | 5cde5e7365b154e8262b6205e6637682d79c5af218b7b7eaba96caf20fd7870a
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066
HITBSecConf2018PEK Call For CTF
Posted Sep 20, 2018
Authored by Hafez Kamal | Site conference.hitb.org

JD-HITB2018 Beijing CTF plus Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win cash prizes worth up to USD 2000.

tags | paper, conference
SHA-256 | bb00326be0b6f8fd583292bdb4b09bcb27b5748af66c5d2b07679146b294f0b9
Asterisk Project Security Advisory - AST-2018-009
Posted Sep 20, 2018
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash.

tags | advisory, web, overflow
advisories | CVE-2018-17281
SHA-256 | 999593047c91cf17e94b5126542d0b61c193e900ccb49dfceb842eb260de225f
Red Hat Security Advisory 2018-2733-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2733-01 - The rubygem provided by rubygem-smart_proxy_dynflow is a plugin into Foreman's Smart Proxy for running Dynflow actions on the Smart Proxy. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-14643
SHA-256 | a201ba80cf41b2e8454a166980591a2ecbde6963da5fb580adcbd7b70154738f
Red Hat Security Advisory 2018-2731-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2731-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, remote, denial of service, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-10873
SHA-256 | 23900b36cdff27082597e6b70d95158d686e8ecaf614d7da64a18af61ae12279
Red Hat Security Advisory 2018-2732-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2732-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, remote, denial of service, overflow, kernel, local, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-10873
SHA-256 | e264c5c96375ac322a07e6f5c765c7f66253865927998a86f539d0d07fd5f601
Ubuntu Security Notice USN-3770-2
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3770-2 - USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Pedro Ribeiro discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4276, CVE-2016-10165, CVE-2018-16435
SHA-256 | b7ae09b3b470437f185a3c58a0d7a633f23be3692d66752b8f69b0951720a0b8
Red Hat Security Advisory 2018-2729-01
Posted Sep 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2729-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-10892, CVE-2018-10915, CVE-2018-14620, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819
SHA-256 | 099815accdca69b86b216ad4677c25fe611f39ca5deb1d101545b1f0d25b3270
Ubuntu Security Notice USN-3770-1
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3770-1 - Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10165, CVE-2018-16435
SHA-256 | ac66e84eef2a9535a990bf633acdc293ebae38990675c4e6ffb4d2804d785b40
Ubuntu Security Notice USN-3769-1
Posted Sep 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3769-1 - It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5740
SHA-256 | 2609751ad3d2ba094fda13f609fccd10b8f3b9da0ef7f0ab8bd42f92baf2b53e
WebRTC VP9 Processing Use-After-Free
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in VP9 processing in WebRTC.

tags | exploit
advisories | CVE-2018-16071
SHA-256 | 3de9dfbe45b600a81bef11b3e0c8dba9d10f8c1083af8613355a70d4f24ad53f
WebRTC FEC Out-Of-Bounds Read
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

tags | exploit
advisories | CVE-2018-16083
SHA-256 | 39793d38c3a29b7600f62812e46288144c0f4fffd5e5f5bc792d95d84c28a362
NICO-FTP 3.0.1.19 Buffer Overflow
Posted Sep 20, 2018
Authored by Abdullah Alic

NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.

tags | exploit, overflow
SHA-256 | ebc728c2e47eea683b7fea5f92f87087497f0e4f257154434f811ff73dfb04f2
ManageEngine OPManager 12.3 SQL Injection
Posted Sep 20, 2018
Authored by Murat Aydemir

ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2018-17243
SHA-256 | 4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04f
Linux/x86 Egghunter (0x50905090) + sigaction() Shellcode
Posted Sep 20, 2018
Authored by Valbrux

27 bytes small Linux/x86 egghunter (0x50905090) + sigaction() shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 0540d3ce5c8ce0a0b7d747d4e9371ba9e0ef21403e57c4eac0bc6d3477425a63
Telegram Desktop 1.3.14 Denial Of Service
Posted Sep 20, 2018
Authored by Dhiraj Mishra

Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.

tags | advisory, denial of service
SHA-256 | 403d589cc6a5ea07271b82c1735eb2b83f8bd8d26b73314ba14ca09778438e33
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close