Twenty Year Anniversary
Showing 1 - 25 of 27 RSS Feed

Files Date: 2018-11-06

Suricata IDPE 4.1.0
Posted Nov 6, 2018
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Multiple bugs have been addressed.
tags | tool, intrusion detection
systems | unix
MD5 | ef5fe0ea7ec7b94829897dfc0999857f
Stegano 0.8.6
Posted Nov 6, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed a potential security issue related to CVE-2018-18074.
tags | tool, encryption, steganography, python
systems | unix
advisories | CVE-2018-18074
MD5 | e35d90beedc1aa42060c455467799ab7
GNU Privacy Guard 2.2.11
Posted Nov 6, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes and code improvements added.
tags | tool, encryption
MD5 | e23a896d634e8b81681314780f5158a4
FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
MD5 | e1efd0319dcc1218c75d95f35d08574b
FaceTime VCPDecompressionDecodeFrame Memory Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.

tags | exploit
advisories | CVE-2018-4366
MD5 | 98ed8bf1539b036052ee59ec0d5239fd
FaceTime readSPSandGetDecoderParams Stack Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.

tags | exploit
advisories | CVE-2018-4367
MD5 | 17c8ace8d98479a7e023a22b0a94235c
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
Posted Nov 6, 2018
Authored by Matthew Bergin | Site korelogic.com

Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.

tags | exploit, root
advisories | CVE-2018-15767, CVE-2018-15768
MD5 | 9296a80d1fafbfc2dd325ed3e1388fce
Red Hat Security Advisory 2018-3518-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-14667
MD5 | 35c9c612e4336ae11c1cd24410f6f816
Red Hat Security Advisory 2018-3517-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-14667
MD5 | 02f8174afa222a00c5a275aaaff8aa54
Ubuntu Security Notice USN-3810-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3810-1 - Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2018-11574
MD5 | bea0355887912e2020914ed77fd7dedf
Ubuntu Security Notice USN-3811-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-15705, CVE-2018-11780, CVE-2018-11781
MD5 | 7fcbfde9589d7977e424e44fe80a9ea7
Red Hat Security Advisory 2018-3514-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3514-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2016-4463
MD5 | c95e08fde277c8157ae54b83d2871475
Ubuntu Security Notice USN-3786-2
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3786-2 - USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-15853, CVE-2018-15857, CVE-2018-15862
MD5 | f69ed867096c658c6b1c088943632808
Red Hat Security Advisory 2018-3506-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3506-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2016-4463
MD5 | 290222918e1fb09ebb500ea31531084d
Red Hat Security Advisory 2018-3505-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-9262, CVE-2016-9396, CVE-2017-1000050, CVE-2017-18267, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739, CVE-2018-1000805, CVE-2018-1060, CVE-2018-1061, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846, CVE-2018-12384, CVE-2018-12910, CVE-2018-13988, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-16837, CVE-2018-17456
MD5 | b7af30db27ef5f7b266ad41827d5a000
Red Hat Security Advisory 2018-3507-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3507-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-14648
MD5 | af41ce9ebede880a01bb8822db4239b0
Red Hat Security Advisory 2018-3459-01
Posted Nov 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3459-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2017-18344, CVE-2018-5391
MD5 | 3212d1c2d4198ef25ca413faab3789dd
Ubuntu Security Notice USN-3809-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10708, CVE-2018-15473
MD5 | 2475ee67475aa1d9b41d74d41231f44e
Slackware Security Advisory - mariadb Updates
Posted Nov 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-9843, CVE-2018-3143, CVE-2018-3156, CVE-2018-3174, CVE-2018-3251, CVE-2018-3282
MD5 | f613205e96a7af8657f177ac749d6c32
Ubuntu Security Notice USN-3808-1
Posted Nov 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2018-16395, CVE-2018-16396
MD5 | 40861160d83fcf2ea2b6534d3fc4fe66
Blue Server 1.1 Denial Of Service
Posted Nov 6, 2018
Authored by Ihsan Sencan

Blue Server version 1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | f6ca8ccd7b94e85d7f38833158c22e28
Grocery Crud 1.6.1 SQL Injection
Posted Nov 6, 2018
Authored by Loading Kura Kura

Grocery Crud version 1.6.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3e2d4a995a8a5d0d16a266b8c6e76be1
OOP CMS BLOG 1.0 Cross Site Request Forgery
Posted Nov 6, 2018
Authored by Ihsan Sencan

OOP CMS BLOG version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8fe00a1538650122bf9dc9552168ba0b
Cradlepoint Router Password Disclosure
Posted Nov 6, 2018
Authored by CrazyOwl

Cradlepoint routers suffer from password disclosure, weak password storage, and privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 04fdbf01a4b6b3dd328c299c5da76d7e
Microsoft Security Advisory Updates For November 6, 2018
Posted Nov 6, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on November 6, 2018.

tags | advisory
MD5 | 9bb4231285cec910f5c94126f01e658a
Page 1 of 2
Back12Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close