what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2018-11-06

Suricata IDPE 4.1.0
Posted Nov 6, 2018
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Multiple bugs have been addressed.
tags | tool, intrusion detection
systems | unix
SHA-256 | bd9b00fb4fc255566d4d8a8b52eb4977b4e8b49b37710d166cba75e6a93a504a
Stegano 0.8.6
Posted Nov 6, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed a potential security issue related to CVE-2018-18074.
tags | tool, encryption, steganography, python
systems | unix
advisories | CVE-2018-18074
SHA-256 | 00c9aff3d788a3959003b738379817fa8e6213184c3d8e56f7164415d7d74dec
GNU Privacy Guard 2.2.11
Posted Nov 6, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 496c3e123ef53f35436ddccca58e82acaa901ca4e21174e77386c0cea0c49cd9
FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
SHA-256 | b654a42ccec58f4aa8867fe675b6574d58dc4650d28d211847ba1d2a5837e8e6
FaceTime VCPDecompressionDecodeFrame Memory Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.

tags | exploit
advisories | CVE-2018-4366
SHA-256 | 1bd312f7b4a101fec53ac225a7f3d6e0201421a8aa365cfae0b3c2da6c90a236
FaceTime readSPSandGetDecoderParams Stack Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.

tags | exploit
advisories | CVE-2018-4367
SHA-256 | 928e14bf951e6370a242b3da65a0b6ef51852753ddfde59fb41281e9301ce912
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
Posted Nov 6, 2018
Authored by Matthew Bergin | Site korelogic.com

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.

tags | exploit, root
advisories | CVE-2018-15767, CVE-2018-15768
SHA-256 | 22a16815587703eaaa022a8f7fc66731fbd250580052e1ef2522bcc959b5b6ff
Red Hat Security Advisory 2018-3518-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-14667
SHA-256 | ac8bf2c688d4777e473c034aebe746ff9c216a93cdc11d6723447e51a35e58bb
Red Hat Security Advisory 2018-3517-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-14667
SHA-256 | 663f8e8218e5c255e7ccfa37e54ee2894185be388adca7b633fb7e7bf7035c9b
Ubuntu Security Notice USN-3810-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3810-1 - Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2018-11574
SHA-256 | 9d0b1290d87215ead4fe934d8e6256746a4a008c4668e91737abb620b59d4246
Ubuntu Security Notice USN-3811-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
SHA-256 | d0467b2ffe47f0944194ff341be74533254817bca4bb0b5301521db17221392d
Red Hat Security Advisory 2018-3514-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3514-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2016-4463
SHA-256 | e598702dc1ff47a58d43c5085110485bf0c6299e5bb441cbb2032f0edda4397f
Ubuntu Security Notice USN-3786-2
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3786-2 - USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-15853, CVE-2018-15857, CVE-2018-15862
SHA-256 | c9f93a0f0c6e71f2c9acb5fee198c495a079086e7bd69efb91fd46483f004b52
Red Hat Security Advisory 2018-3506-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3506-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2016-4463
SHA-256 | 133145a8b73902fe6bac8626ca7a6a8139ae2fadfe1e06c833cd421912c25533
Red Hat Security Advisory 2018-3505-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456
SHA-256 | 5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49
Red Hat Security Advisory 2018-3507-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3507-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-14648
SHA-256 | 647ab57975ee860adb3a984eff220430645b35f09dffa6f54c7c9bb5a1827a2e
Red Hat Security Advisory 2018-3459-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3459-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-5391
SHA-256 | d9ed013caefaafa615d8575f93905b3db590cc43ed285904b04b65724c310165
Ubuntu Security Notice USN-3809-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10708, CVE-2018-15473
SHA-256 | a84cfe92dbfe11614adbc141355e26a2d23aae9a63b987c3e12f8f9574c9b486
Slackware Security Advisory - mariadb Updates
Posted Nov 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-9843, CVE-2018-3143, CVE-2018-3156, CVE-2018-3174, CVE-2018-3251, CVE-2018-3282
SHA-256 | d9d685d7f6197622d189da055fee168719c18d396fef56c9aab02f4028df8541
Ubuntu Security Notice USN-3808-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2018-16395, CVE-2018-16396
SHA-256 | dc2d5b3f5be433cc29a21366af2eda8167a7638d8db5ae80699233902daf3800
Blue Server 1.1 Denial Of Service
Posted Nov 6, 2018
Authored by Ihsan Sencan

Blue Server version 1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 084e5ec574c44c7af13413ab6b18462da5b707cc9608367b75a098efff95af40
Grocery Crud 1.6.1 SQL Injection
Posted Nov 6, 2018
Authored by Loading Kura Kura

Grocery Crud version 1.6.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 59f4e1ea80048501eab05bd6d1694bcb3ca944badb1b27b0460879f7c7eca73f
OOP CMS BLOG 1.0 Cross Site Request Forgery
Posted Nov 6, 2018
Authored by Ihsan Sencan

OOP CMS BLOG version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4e1848a477c2e6d8a9e67f94ff50331fa96a6d2c0589350a256477da2e3265ef
Cradlepoint Router Password Disclosure
Posted Nov 6, 2018
Authored by CrazyOwl

Cradlepoint routers suffer from password disclosure, weak password storage, and privilege escalation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | a838dee0da90b1c1bb280f7845c47453eb4ea825ff09116b290a0fa474ccab1d
Microsoft Security Advisory Updates For November 6, 2018
Posted Nov 6, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on November 6, 2018.

tags | advisory
SHA-256 | e88740d9c7fdb8ca4a2e5d23cb938633fc64fce00eb8bbb6b5aa1ec73f78a4a9
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close