exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2018-11-30

Apache Spark Unauthenticated Command Execution
Posted Nov 30, 2018
Authored by Green-m, aRe00t | Site metasploit.com

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it.

tags | exploit, java
SHA-256 | 116bdb53e7d35e2318c64aa8641d121ced48eb91bde9f964beb39633e269de98
Bro Network Security Monitor 2.6
Posted Nov 30, 2018
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added missing ICMP router advertisement counterpart. Removed unnecessary Bloom filter empty check. Various other updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0ec78d708724453829c9465451c82dc8d712a34c9c857a118e0e366b1eced29d
Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials
Posted Nov 30, 2018
Authored by T. Weber | Site sec-consult.com

Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.

tags | exploit, vulnerability
SHA-256 | 9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1
Tarantella Enterprise Security Bypass
Posted Nov 30, 2018
Authored by Rafael Pedrero

Tarantella Enterprise versions prior to 3.11 suffer from an access control bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-19754
SHA-256 | 59d4ebbbea05011ff88766420702f8c2dafb0908c02498e7d43b760d1ce3aa40
Tarantella Enterprise Directory Traversal
Posted Nov 30, 2018
Authored by Rafael Pedrero

Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-19753
SHA-256 | 1faac68fc7546fad92fea083e6fe9d139ab5f2586fd75dc9512567d04e89bf3c
Ubuntu Ghostscript Failed Fix
Posted Nov 30, 2018
Authored by Tavis Ormandy, Google Security Research

The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2018-16510
SHA-256 | 0ac0bf39a81253812182b1698273af4235df1fa484a59f5032b8a187be3fe340
Microsoft VBScript rtFilter Out-Of-Bounds Read
Posted Nov 30, 2018
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.

tags | exploit
systems | windows
advisories | CVE-2018-8552
SHA-256 | 787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593
WebKit JSC ForInContext Invalidation
Posted Nov 30, 2018
Authored by Google Security Research, lokihardt

WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object.

tags | exploit
advisories | CVE-2018-4386
SHA-256 | 2751e0f6a8f902aff80fed20940889e7b425689a3222eb806fc6878759565dbc
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
Posted Nov 30, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.

tags | exploit, vulnerability, proof of concept
systems | windows
advisories | CVE-2018-8544
SHA-256 | 4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007
WebKit JIT ByteCodeParser::handleIntrinsicCall Type Confusion
Posted Nov 30, 2018
Authored by Google Security Research, lokihardt

WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall.

tags | exploit
advisories | CVE-2018-4382
SHA-256 | 80230144bdea861cdd786d198f4417655144fdae813a68d336ee57b1a9cea2fd
WebKit JSC JIT JSPropertyNameEnumerator Type Confusion
Posted Nov 30, 2018
Authored by Google Security Research, lokihardt

When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is compared to the cached structure ID from the JSPropertyNameEnumerator object. If it's the same, the "this" object of the get_by_id expression will be considered having the same structure as the input object to the for-in loop has. The problem is, it doesn't have anything to prevent the structure from which the cached structure ID from being freed. As structure IDs can be reused after their owners get freed, this can lead to type confusion.

tags | exploit
advisories | CVE-2018-4416
SHA-256 | 8f4f4959d722f37276fc6cd1ba9725d214fa2d1eafa97af721346d7487bda487
Gentoo Linux Security Advisory 201811-24
Posted Nov 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-24 - A SQL injection in PostgreSQL may allow attackers to execute arbitrary SQL statements. Many versions are affected.

tags | advisory, arbitrary, sql injection
systems | linux, gentoo
advisories | CVE-2018-16850
SHA-256 | a087bea7df518fee4c512dab8b1b7128152a68b584f11bf25fcd2f30c6ea069d
Gentoo Linux Security Advisory 201811-23
Posted Nov 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201811-23 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.28-r4 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12562, CVE-2017-14634, CVE-2017-6892, CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365, CVE-2018-13139
SHA-256 | 53c9e768ab556258485ffacf946632c5c77d01764fb08f0a3ef5bf547479fbe5
Ubuntu Security Notice USN-3833-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3833-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
SHA-256 | a245ddd2e063e75ae9b8cd656c2ba843ed10ef466025e17abe119b7bfbe3080a
Ubuntu Security Notice USN-3832-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3832-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
SHA-256 | b57e39d7a6b2621e28ea09c25523ef6ffe045219afabe19ad27f96586c416cd1
Debian Security Advisory 4347-1
Posted Nov 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4347-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.

tags | advisory, perl, vulnerability
systems | linux, debian
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
SHA-256 | 693b5b860a9f8cea84d3e3b377ab5b2c4b932965f11e4d4715f272144663f79b
Slackware Security Advisory - samba Updates
Posted Nov 30, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857
SHA-256 | 671fbca86bbc5a91ba38e250555985ef427c47025b7d59bbb3bd26f4e94c089c
Red Hat Security Advisory 2018-3738-01
Posted Nov 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3738-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a name equality check.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2018-16395
SHA-256 | eb0ce715cf844684ef01e1980a5cde4f3ad3c61658a96a7c429bb1f1502520db
Ubuntu Security Notice USN-3795-3
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3795-3 - USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
SHA-256 | 0db1887001641d8acf759d27b5cb2ddd82af752d469ef1b920b7bdce098289b4
Ubuntu Security Notice USN-3831-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19409
SHA-256 | f393db61267526f9bb9a3e7c882bd9b3c0c9096a7343ce75fd00bbb4b1ff4263
Red Hat Security Advisory 2018-3731-01
Posted Nov 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3731-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2017-17742, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-16395, CVE-2018-16396, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
SHA-256 | 67960d69e88fb6e819f1aed911deeb9a04df23e739ae31cebcff7618004f0b0f
Red Hat Security Advisory 2018-3730-01
Posted Nov 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2017-17742, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-16395, CVE-2018-16396, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
SHA-256 | 5974e59d03ede1e205bc6f92b04e3d4d0be271c53073850c54f2227ff9bf7374
Red Hat Security Advisory 2018-3729-01
Posted Nov 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2017-17742, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-16395, CVE-2018-16396, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
SHA-256 | 50842ce6db655529d85f25aace87d1c36085f22eb7f5436231ccd6f4207b1c4a
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close