Twenty Year Anniversary
Showing 1 - 23 of 23 RSS Feed

Files Date: 2018-10-08

Red Hat Security Advisory 2018-2884-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | f06f3d8b68aa18c8ac9bf3ba50b53405
Kernel Live Patch Security Notice LSN-0044-1
Posted Oct 8, 2018
Authored by Benjamin M. Romer

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3620, CVE-2018-3646, CVE-2018-6555
MD5 | 5e82c0eddd3c443fb7cd4484b02a8b65
Tinc Virtual Private Network Daemon 1.0.35
Posted Oct 8, 2018
Authored by Ivo Timmermans | Site tinc.nl.linux.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: Prevented oracle attacks. Prevented a MITM from forcing a NULL cipher for UDP. Various other fixes.
tags | tool, encryption
systems | unix
advisories | CVE-2018-16737, CVE-2018-16738, CVE-2018-16758
MD5 | c44f3eaf6264319953d0cff56f2e98d4
I2P 0.9.37
Posted Oct 8, 2018
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
MD5 | d5accb0910257b2104967a6c7ee6a29c
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
Posted Oct 8, 2018
Authored by t4rkd3vilz, hubertwslin | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.

tags | exploit, overflow
systems | windows, xp, 7
advisories | CVE-2018-10594
MD5 | 6d71ad614ad723a5e3774b3af8fa38d7
ifwatchd Privilege Escalation
Posted Oct 8, 2018
Authored by Tim Brown, Brendan Coles, cenobyte | Site metasploit.com

This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).

tags | exploit, arbitrary, x86, root
advisories | CVE-2014-2533
MD5 | 7a562f56fafb417de6cf725f6b38c71d
Cisco Prime Infrastructure Unauthenticated Remote Code Execution
Posted Oct 8, 2018
Authored by Pedro Ribeiro | Site metasploit.com

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | cisco
advisories | CVE-2018-15379
MD5 | 05f34986eb4c21ba7fbb27faa2f9bc8f
Imperva SecureSphere 13 Remote Command Execution
Posted Oct 8, 2018
Authored by rsp3ar

Imperva SecureSphere 13 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 8f9d193749d6cb158460a794d9e4e87b
net-snmp 5.7.3 Unauthenticated Denial Of Service
Posted Oct 8, 2018
Authored by Magnus Klaaborg Stubman

net-snmp version 5.7.3 suffers from an unauthenticated denial of service vulnerability.

tags | exploit, denial of service
MD5 | cba3c464c7877af69e0619f1108f781c
Ubuntu Security Notice USN-3786-1
Posted Oct 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3786-1 - It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-15853, CVE-2018-15857, CVE-2018-15858, CVE-2018-15862, CVE-2018-15863
MD5 | 849247c774047ab71628c7430e6037d1
FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffers from a websocket device manipulation vulnerability.

tags | exploit
MD5 | 1758b25f8d73cbe768557470cb4ec024
FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.

tags | exploit
MD5 | 500bbb1808ed3b7c4e433fc3334c1985
Apache PDFBox 1.8.15 / 2.0.11 Denial Of Service
Posted Oct 8, 2018
Authored by Shawn Rasheed, Jens Dietrich | Site pdfbox.apache.org

Apache PDFBox versions 1.8.15 and below and 2.0.11 and below suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2018-11797
MD5 | 2401380edc9c2e152e9e4bffe162f37a
Red Hat Security Advisory 2018-2882-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2882-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include an out-of-bounds read.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-14645
MD5 | 086dcd0131a3f86fc04839aff14d6a7b
Red Hat Security Advisory 2018-2881-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2881-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include an out-of-bounds read.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | 6d99119798d9c642e65db56f4c2556ae
Git Submodule Arbitrary Code Execution
Posted Oct 8, 2018
Authored by Junio C Hamano

Updated releases address a security flaw that allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules.

tags | exploit, arbitrary
advisories | CVE-2018-17456
MD5 | d46e51cfa3fc2cc7658517c0783c453b
Chamilo LMS 1.11.8 firstname Cross Site Scripting
Posted Oct 8, 2018
Authored by Cakes

Chamilo LMS version 1.11.8 suffers from a cross site scripting vulnerability in the firstname variable.

tags | exploit, xss
MD5 | 02b3da9e6fdc383ab9250e6469f7fa48
Android current-fs Improper Locking
Posted Oct 8, 2018
Authored by Jann Horn, Google Security Research

Android sdcardfs changes current->fs without proper locking.

tags | exploit
advisories | CVE-2018-9515
MD5 | 30d07510d647a3e253ccd32f80cd1b03
Linux Kernel mq_notify: double sock_put() Local Privilege Escalation
Posted Oct 8, 2018
Authored by LEXFO

Linux kernel versions prior to 4.11.8 suffer from an mq_notify: double sock_put() local privilege escalation vulnerability.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2017-11176
MD5 | 82492b50604f40d723af9360fbe72a1f
net-snmp 5.7.3 Denial Of Service
Posted Oct 8, 2018
Authored by Magnus Klaaborg Stubman

net-snmp version 5.7.3 suffers from an authenticated denial of service vulnerability.

tags | exploit, denial of service
MD5 | c504854bbb33e5a920a08575d942fc46
360 3.5.0.1033 Sandbox Escape
Posted Oct 8, 2018
Authored by vr_system

360 version 3.5.0.1033 suffers from a sandbox escape vulnerability.

tags | exploit
MD5 | bb9566915272aa0402dd8917b0a2cd8f
Linux/x86 execve(/bin/sh) + MMX/ROT13/XOR Shellcode
Posted Oct 8, 2018
Authored by Kartik Durg

104 bytes small Linux/x86 execve(/bin/sh) + MMX/ROT13/XOR shellcode (encoder/decoder).

tags | x86, shellcode
systems | linux
MD5 | 91a1c7261b81497074a6cfeffc31630e
Linux/MIPS (Big Endian) execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode
Posted Oct 8, 2018
Authored by cq674350529

181 bytes small Linux/MIPS (Big Endian) execve(/bin/sh) + reverse TCP 192.168.2.157/31337 shellcode.

tags | tcp, shellcode
systems | linux
MD5 | b85094d6837d7cbe69abc250364a58fc
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    14 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close