what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2018-10-11

Ubuntu Security Notice USN-3788-1
Posted Oct 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3788-1 - Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5700, CVE-2018-17407
SHA-256 | cb209c1a50a7e5f25734ea9e5ac9a9313efb258486747903b4044d1baaa6c58e
Ubuntu Security Notice USN-3789-1
Posted Oct 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3789-1 - It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-15378
SHA-256 | 1c6edef925f7c4bedaa6506634d06038bedf60570cb29a985a455dac771fca13
Red Hat Security Advisory 2018-2913-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2913-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.1.0 serves as an update to Red Hat Decision Manager 7.0.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a Yaml unmarshalling vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | cc38b911e825f8edd37d3bbb9acc75c0dae2fe09e6e53d916347b347a89128ce
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8532
SHA-256 | c204b8390aa9f3b452e1248505da6264f3d2333ca13b0895970c7c2e82d93bf3
E-Registrasi Pencak Silat 18.10 SQL Injection
Posted Oct 11, 2018
Authored by Ihsan Sencan

E-Registrasi Pencak Silat version 18.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bef349fa34f9a22a8482cb78d468d517aa0efab52d7c8da1ce1b12979ce357bb
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8527
SHA-256 | 93aab3236ff7d54aeab41cf83d03f402cc82c23cf19f453cdd7db1821b733da2
Red Hat Security Advisory 2018-2909-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2909-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.1.0 serves as an update to Red Hat Process Automation Manager 7.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include Yaml unmarshalling that is vulnerable to remote code execution.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2016-9606
SHA-256 | 02c092985bfa4e2ad27e8aa3eac59ea24be99ae42083543407bef6cbb6b4374e
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8533
SHA-256 | 056dfb5ca8dca223e9be7f8bbb151f47aefc000fd84aac30d7381391c2ca68f2
Phoenix Contact WebVisit 6.40.00 Password Disclosure
Posted Oct 11, 2018
Authored by Deneut Tijl

Phoenix Contact WebVisit version 6.40.00 suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-8366
SHA-256 | 0975a074fe279ee9a877517618047adfd2c8e735ec28027484c16615165b1109
WAGO 750-881 01.09.18 Cross Site Scripting
Posted Oct 11, 2018
Authored by SecuNinja

WAGO 750-881 01.09.18 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 02af24fa589b9d35aca68da06c679dc17d0a4573eecd10b9805e1ab78892d885
VLC Media Player 2.2.8 MKV Use-After-Free
Posted Oct 11, 2018
Authored by Eugene NG, Winston Ho | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.

tags | exploit, shell
systems | windows
advisories | CVE-2018-11529
SHA-256 | 435c7636eca34f545c0f26cafcd6a118cbe005db8253b3a9ec76ba3a02331802
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
SHA-256 | 227c5b9392a6f42cf0122d15af332350cf1583e4b26a4c958b0863f5133bbb38
WhatsApp RTP Processing Heap Corruption
Posted Oct 11, 2018
Authored by Google Security Research, natashenka

WhatsApp suffers from a heap corruption vulnerability in RTP processing.

tags | exploit
SHA-256 | e053dae6b5c926d9d1c66aa29e059009fecb9861a5a9937ccd1fa50f7ffcea53
Microsoft Edge Chakra JIT Type Confusion Bug
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT type confusion bug.

tags | exploit
advisories | CVE-2018-8467
SHA-256 | f1c02ccc951ceda6d6a1421129878de1d9f26aadbd450419b54c25dda564411f
Microsoft Edge Chakra JIT BailOutOnInvalidatedArrayHeadSegment Check Bypass
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-8466
SHA-256 | ec00b94941d6f0c365dbfe398115342baba4da955810b213e9dedced9dae355c
SD-WAN Harvester 0.99
Posted Oct 11, 2018
Authored by SCADA Strangelove | Site github.com

SD-WAN Harvester is a tool that was created to automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scripts for fingerprinting, and masscan to implement some specific checks.

tags | tool, scanner
systems | unix
SHA-256 | d75ee7eb455934b4b348aa0eed32a0a295aa2c828a9ca19df95195939a6e47df
DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite
Posted Oct 11, 2018
Authored by wetw0rk

DELL EMC OneFS Storage Administration version 8.1.2.0 .zshrc file overwrite exploit that leverages FTP.

tags | exploit
SHA-256 | 3b5b17812f3f44778999e90517867030ff0029783f64223e7500beac11d514de
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
SHA-256 | 6a94b056b7d504ce2307bdccc8d5e12f15fcf4dca1e0b3b87b1b2cb5cbff9723
Ghostscript Exposed System Operators
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue where an error object can expose system operators in the saved execution stack.

tags | advisory
advisories | CVE-2018-18073
SHA-256 | dcb624d6a7e684d9f9b8d63bc29a62e9a0cef57276d16e3a9b3f918f9d52cdba
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close