Twenty Year Anniversary
Showing 1 - 19 of 19 RSS Feed

Files Date: 2018-10-11

Ubuntu Security Notice USN-3788-1
Posted Oct 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3788-1 - Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5700, CVE-2018-17407
MD5 | 0add1fab02da616984b256f4e02b4f53
Ubuntu Security Notice USN-3789-1
Posted Oct 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3789-1 - It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-15378
MD5 | d00ff7442c0eedd7d9df7fa703283d80
Red Hat Security Advisory 2018-2913-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2913-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.1.0 serves as an update to Red Hat Decision Manager 7.0.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a Yaml unmarshalling vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | c4738e9bd1c97638aee3b2ceb5f51c97
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8532
MD5 | f8fb22312550cc368dc913351a5406a8
E-Registrasi Pencak Silat 18.10 SQL Injection
Posted Oct 11, 2018
Authored by Ihsan Sencan

E-Registrasi Pencak Silat version 18.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3c05129eaef9de8b70ca6011838be09c
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8527
MD5 | 0fb594060e86354cefaa3a12ba2181d5
Red Hat Security Advisory 2018-2909-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2909-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.1.0 serves as an update to Red Hat Process Automation Manager 7.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include Yaml unmarshalling that is vulnerable to remote code execution.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | 3de3d48898e63d003c45598a07f940b1
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8533
MD5 | bc7e26312d98457aeac3779548aee6d7
Phoenix Contact WebVisit 6.40.00 Password Disclosure
Posted Oct 11, 2018
Authored by Deneut Tijl

Phoenix Contact WebVisit version 6.40.00 suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-8366
MD5 | 07aee4be126e8419895ba1b70e201e80
WAGO 750-881 01.09.18 Cross Site Scripting
Posted Oct 11, 2018
Authored by SecuNinja

WAGO 750-881 01.09.18 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 814dfa42f88d789a7edc744da3f17025
VLC Media Player 2.2.8 MKV Use-After-Free
Posted Oct 11, 2018
Authored by Eugene NG, Winston Ho | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.

tags | exploit, shell
systems | windows
advisories | CVE-2018-11529
MD5 | 8a992cc20fa2660fbd011bbae7fa991c
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
MD5 | de8be7c4957ab4b3c8a37259c65b3c84
WhatsApp RTP Processing Heap Corruption
Posted Oct 11, 2018
Authored by Google Security Research, natashenka

WhatsApp suffers from a heap corruption vulnerability in RTP processing.

tags | exploit
MD5 | f6b01d303fe816031bf7b45feaa16a08
Microsoft Edge Chakra JIT Type Confusion Bug
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT type confusion bug.

tags | exploit
advisories | CVE-2018-8467
MD5 | 6fbef805082788dae5a43414514f7830
Microsoft Edge Chakra JIT BailOutOnInvalidatedArrayHeadSegment Check Bypass
Posted Oct 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-8466
MD5 | 7f812f298d3183ada0ed61bc7dbd7d82
SD-WAN Harvester 0.99
Posted Oct 11, 2018
Authored by SCADA Strangelove | Site github.com

SD-WAN Harvester is a tool that was created to automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scripts for fingerprinting, and masscan to implement some specific checks.

tags | tool, scanner
systems | unix
MD5 | 75dc2b2d79cfb235fa7088aeca36f57c
DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite
Posted Oct 11, 2018
Authored by wetw0rk

DELL EMC OneFS Storage Administration version 8.1.2.0 .zshrc file overwrite exploit that leverages FTP.

tags | exploit
MD5 | 05d939bada3fdce437fc73936d2cc27a
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
MD5 | bc269c0811f9b687fc29e4ed1a486a78
Ghostscript Exposed System Operators
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue where an error object can expose system operators in the saved execution stack.

tags | advisory
advisories | CVE-2018-18073
MD5 | f076ce456ca16868992ed63958eaa396
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    2 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    15 Files
  • 18
    Dec 18th
    9 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close