what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 15 of 15

Files Date: 2018-11-21

Ubuntu Security Notice USN-3825-1

Posted Nov 21, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3825-1 - Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code.

tags | advisory, arbitrary, local, perl

systems | linux, ubuntu

advisories | CVE-2011-2767

SHA-256 | 5b17dfd97bb51e119ad34a3ed37a9e4c1e842b8caba6d714048f3bd49831661c

Download | Favorite | View

Governikus Autent SDK 3.8.1 Signature Bypass

Posted Nov 21, 2018

Authored by Wolfgang Ettlinger | Site sec-consult.com

Governikus Autent SDK versions 3.8.1 and below suffer from a signature bypass vulnerability. This vulnerability could allow an attacker to impersonate any German citizen on a vulnerable web application.

tags | exploit, web, bypass

SHA-256 | bc598f9668599f1a40ae05cb09cf65c1e231a9837407f48b0b4f2818d6cc5f45

Download | Favorite | View

Miss Marple Enterprise Edition File Upload / Hardcoded AES Key

Posted Nov 21, 2018

Authored by Marius Schwarz | Site sec-consult.com

Miss Marple Enterprise Edition versions prior to 2.0 suffer from arbitrary file upload, hardcoded AES key, validation bypass, and other vulnerabilities.

tags | advisory, arbitrary, vulnerability, file upload

advisories | CVE-2018-19233, CVE-2018-19234

SHA-256 | 3fddd6e7c2ff2e1be06afc03420fb99302456521d5526ecfc13ac68c1edf45e6

Download | Favorite | View

Red Hat Security Advisory 2018-2906-01

Posted Nov 21, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2906-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.7.72. Issues addressed include a crash.

tags | advisory

systems | linux, redhat

advisories | CVE-2018-14632

SHA-256 | 7af976df967c6f77cecfa924b9b7555a70ce2b08a8aeb667aaa1341591d176f2

Download | Favorite | View

Microsoft Skype 2015 / 2016 Denial Of Service

Posted Nov 21, 2018

Authored by Sabine Degen | Site sec-consult.com

A large number of emojis received in one message by the Skype For Business client freezes the program for a few seconds. This can be exploited to perform denial of service attacks against Skype for Business users and compromises the availability of the program. Affected includes Skype for Business 2015 (Lync 2013) before version 15.0.5075.1000 and Skype for Business 2016 before version 16.0.4756.1000.

tags | exploit, denial of service

advisories | CVE-2018-8546

SHA-256 | 6f0b4e1f98c61b5c68a056d607be3d7b4027bbb364d50f953833abd9b9e26d5d

Download | Favorite | View

WebOfisi E-Ticaret 4 SQL Injection

Posted Nov 21, 2018

Authored by Ozkan Mustafa Akkus

WebOfisi E-Ticaret version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 1de0dcb29ff69850670c0c302b5931191744d2132128858a2fac7192148bf4ff

Download | Favorite | View

WordPress CherryFramework Themes 3.1.4 Backup File Download

Posted Nov 21, 2018

Authored by b1p0l4r

WordPress CherryFramework Themes version 3.1.4 suffers from a backup file download vulnerability.

tags | exploit, info disclosure

SHA-256 | 5f0d32b8627dd806960989dffc1c6ff4dad69382d66d3e2290bce3ec080945ca

Download | Favorite | View

Ticketly 1.0 SQL Injection

Posted Nov 21, 2018

Authored by Javier Olmedo

Ticketly version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

advisories | CVE-2018-18923

SHA-256 | 7e5a0bf82d71f83ed84aa8ccf6311d9e4e3a9a7120fc8b08839e3bed699c8d7c

Download | Favorite | View

OpenSSL Toolkit 1.1.1a

Posted Nov 21, 2018

Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a timing vulnerability in DSA signature generation and another in ECDSA signature generation. Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). Various other updates.

tags | tool, encryption, protocol

systems | unix

advisories | CVE-2018-0734, CVE-2018-0735

SHA-256 | fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41

Download | Favorite | View

Dell EMC Avamar / IDPA Command Injection

Posted Nov 21, 2018

Site emc.com

Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from a command injection vulnerability. Affected versions include Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1, Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2.

tags | advisory

advisories | CVE-2018-11077

SHA-256 | e91a4b5adacabddf553d673763a0de8bbd43bf53cd6e4cc7669866c7d8dd18d5

Download | Favorite | View

Dell EMC Avamar / IDPA Information Exposure

Posted Nov 21, 2018

Site emc.com

Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from an information exposure vulnerability. Affected versions include Dell EMC Avamar Server 7.2.0 and 7.2.1, Dell EMC Avamar Server 7.3.0 and 7.3.1, Dell EMC Avamar Server 7.4.0 and 7.4.1, and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0.

tags | advisory

advisories | CVE-2018-11076

SHA-256 | 51c0fd129f391efd132a30f5c7d9b7c7eeff4304a86ef8eb192552466d3d5a3a

Download | Favorite | View

Microsoft Security Advisory Updates For November 20, 2018

Posted Nov 21, 2018

Site microsoft.com

This Microsoft summary lists Microsoft security updates released for November 20, 2018.

tags | advisory

SHA-256 | 80b9eb1b72abfe730e2cae06f779f05f7be8b632bbbe73f47319be13e685f960

Download | Favorite | View

Dell EMC Avamar / IDPA Remote Code Execution / Open Redirection

Posted Nov 21, 2018

Authored by Jarrod Farncomb | Site emc.com

Dell EMC Avamar and IDPA suffer from remote code execution and open redirection vulnerabilities. Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 are affected.

tags | advisory, remote, vulnerability, code execution

advisories | CVE-2018-11066, CVE-2018-11067

SHA-256 | 15cbf37afa0b2a7fcb1c42bebfcbe6cd5096b494d352554298114052d555f07d

Download | Favorite | View

Red Hat Security Advisory 2018-3643-01

Posted Nov 21, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3643-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow, kernel

systems | linux, redhat

advisories | CVE-2018-14634

SHA-256 | 173945eca7ad527001ac027c9e4312830edb314be2e89234410ad71891918584

Download | Favorite | View

Red Hat Security Advisory 2018-3644-01

Posted Nov 21, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3644-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.153. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution

systems | linux, redhat

advisories | CVE-2018-15981

SHA-256 | 04af5473e127fe99346ab662f65a0caa395806ac053fda53996a935042bc040f

Download | Favorite | View