exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2018-12-11

BSidesLjubljana 2019 Call For Papers
Posted Dec 11, 2018
Site bsidesljubljana.si

B-Sides Ljubljana will be held March 16th, 2019 in Ljubljana, Slovenia.

tags | paper, conference
SHA-256 | fbb29b2091cba6b0e4151f47d9e26a5b5e7490fe191b95a3202c74c1975d3e97
Ubuntu Security Notice USN-3843-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
SHA-256 | 16d335a3f6cc410a95843958db6b463ab971c0cf43a62bfeceee657250b2e344
Ubuntu Security Notice USN-3843-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
SHA-256 | a14eacc72790923c62feec76f7f42eeb9bc944085c228468ecb0cdcdfe504a21
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Dec 11, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

tags | exploit, xss
advisories | CVE-2018-19921
SHA-256 | b757a066966d43dab92e82b070ec0aa7cb574a7fac46efeaa46eea3d52d17b5c
Ubuntu Security Notice USN-3837-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16646, CVE-2018-19149
SHA-256 | 8fed6ebe40d4f1f0c78717df38ab91407e184817e9673600ee7c3e3b45430861
Debian Security Advisory 4353-1
Posted Dec 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.

tags | advisory, denial of service, arbitrary, shell, php, info disclosure
systems | linux, debian
advisories | CVE-2018-14851, CVE-2018-14883, CVE-2018-17082, CVE-2018-19518, CVE-2018-19935
SHA-256 | 98d965a957a19f94b8ce6435161a43984df2051692685d685860e9e645957bff
CyberLink LabelPrint 2.5 Stack Buffer Overflow
Posted Dec 11, 2018
Authored by modpr0be, f3ci | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This Metasploit module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).

tags | exploit, overflow
systems | windows
advisories | CVE-2017-14627
SHA-256 | 5b93e4f728713e374facd865bf3645e22f45dbb6fc5e1b5e6aac4c62197b922c
McAfee True Key 5.1.173.1 Privilege Escalation
Posted Dec 11, 2018
Authored by James Forshaw, Google Security Research

McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-6755, CVE-2018-6756, CVE-2018-6757
SHA-256 | 151bdbc1027a4dd096823f04bd5ea0feb97a274be2ebc6612084d92dc662776e
Faraday 3.4
Posted Dec 11, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added fbruteforce services fplugin. Attachments can be added to a vulnerability through the API. Various other additions and updates.
tags | tool, rootkit
systems | unix
SHA-256 | 91edff71e35fad51f4c54657e7aa56ccb4a9286c58bcd86b7db83c14eafc4aaa
Red Hat Security Advisory 2018-3817-01
Posted Dec 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3817-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix: Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2017-7536, CVE-2018-1000129, CVE-2018-8039
SHA-256 | a521d81475dcd97f83413694dcad783d46a30e1d69f8a60f4793c757ab0eca1d
Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle
Posted Dec 11, 2018
Authored by Jann Horn, Google Security Research

Google Chrome version 70.0.3538.77 stable suffers from cross site scripting and man-in-the-middle vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 686c99bbb6418cc295a5495417a100d2846c41c5d5fb214b782fedc9a5df70c9
XNU POSIX Shared Memory Mapping Issue
Posted Dec 11, 2018
Authored by Jann Horn, Google Security Research

XNU POSIX has an issue where shared memory mapping have an incorrect maximum protection.

tags | exploit
advisories | CVE-2018-4435
SHA-256 | 184646768496bcb8df3d6995ff94b42fcf57e71d6591dd588a4cb6bbb6906ef1
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass
Posted Dec 11, 2018
Authored by Usman Saeed

ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2018-7357, CVE-2018-7358
SHA-256 | b59973a43a891cb89e76f82046c6e9a09f2a8f40393c0d94ec8abb64804aa690
Symfony 1.4.17 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

Symfony version 1.4.17 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 80d4da67b0ea3d50489a97fd234caaf03c4b99bc83f4e9727cf59e29f429ac60
WordPress JoeBooking 6.6.5 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

WordPress JoeBooking plugin version 6.6.5 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 17fc4e7da87c88e8a70048e26429d9e460a03efb195ad7be0237b59270c8cac3
WordPress PDF Catalog For WooCommerce 1.1.18 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

WordPress PDF Catalog for WooCommerce plugin version 1.1.18 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 8e0ab2d4ee047fe05013c2a69aa305ecbacdffb978dc71d1438c54a2f92ece99
WordPress MagicMembers 1.0 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

WordPress MagicMembers plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 3c9721a71832040f1f75d3a960c094d28721391a297eca6230c3f975ecbb6145
WordPress MiwoPolls 3.9.2 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

WordPress MiwoPolls plugin version 3.9.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | c9490f931cdab794d0c52a0aa614a810fa8107b47c23073122965e0602f1b038
WordPress Wysija-Newsletters 2.10.2 Database Disclosure
Posted Dec 11, 2018
Authored by KingSkrupellos

WordPress Wysija-Newsletters plugin version 2.10.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 1ac5044abc88ab1e14fd3b64506bed4b3d25672fb4f261d96f8f4668030efaa1
Ubuntu Security Notice USN-3842-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3842-1 - Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery attacks.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2018-4700
SHA-256 | 830d27a53042e4171fdb06fa615f97b6d6d61e7a9870086efbf089779ff5fda9
Ubuntu Security Notice USN-3841-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3841-2 - USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19787
SHA-256 | 5747ed0e1c204b12cd0b475edea070903282ab9ebe0de19a3ad342aa4ed536f8
Ubuntu Security Notice USN-3841-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3841-1 - It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19787
SHA-256 | 217321086a1f3f3e6b8e367a64fae8c178d52ec2f75871959af6085a134dd97e
Red Hat Security Advisory 2018-3806-01
Posted Dec 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3806-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telco Update Service for Red Hat Enterprise Linux 6.6 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | 52684bd109addb796267ab2c88eba3a347d5fdccb540ef37bbd7ceb23323aef1
Red Hat Security Advisory 2018-3805-01
Posted Dec 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3805-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.

tags | advisory
systems | linux, redhat
SHA-256 | 732f76766ec4aac7f0ee7b51fcbf46ef03b8fba03d131e870eb0686475abfb7f
Red Hat Security Advisory 2018-3800-01
Posted Dec 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3800-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include improper path handling.

tags | advisory
systems | linux, redhat
SHA-256 | 5ef017ad79d6d11c26a97528329537ca08122f2d686d4c63e738fc19fc7431bd
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close