exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-12-13

WebKitGTK+ / WPE WebKit Memory Corruption / Code Execution
Posted Dec 13, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464
SHA-256 | a7ec001ae70f4424c933c3e526ad4f1f1edfb80ffe8e45ec92f1ffebddd58f71
Safari Proxy Object Type Confusion
Posted Dec 13, 2018
Authored by saelo | Site metasploit.com

This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion.

tags | exploit, arbitrary, javascript
advisories | CVE-2018-4233, CVE-2018-4404
SHA-256 | 02d9b935a7a5cdf82db861dce43947e948ad10d79814fe11cb814deae28bd90e
Windows UAC Protection Bypass
Posted Dec 13, 2018
Authored by Fabien Dromas | Site metasploit.com

This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS.

tags | exploit, registry
SHA-256 | cd1628d6088adebed1146b07de97a52f751b4685343a34fc4a0afdafa192d6a7
Falco 0.13.0
Posted Dec 13, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Added support for K8s Audit Events. Various other updates.
tags | tool, intrusion detection
systems | unix
SHA-256 | 93b68d41416ad416953d26a06ef2d30032cf0d6a0bf09b54898ec680844593d3
Micro Focus Security Bulletin MFSBGN03835 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.

tags | advisory, arbitrary, local, vulnerability
advisories | CVE-2018-7690, CVE-2018-7691
SHA-256 | 78602ef0efd0605008f1fbce59841d535c41dd7f6c75375c80f990b66f399b5c
Micro Focus Security Bulletin MFSBGN03837 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2016-6816, CVE-2017-5664
SHA-256 | 69bad3da3d6d506035ef6a4b85f35bec78121f1787146f7b5587ba63b5f9d04d
Red Hat Security Advisory 2018-3816-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2018-1053, CVE-2018-1058, CVE-2018-10915, CVE-2018-10925
SHA-256 | 5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6c
Debian Security Advisory 4354-1
Posted Dec 13, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498
SHA-256 | d4abe9fb775b7447462f9534ef3304643476701c50f56da8f4238dcf00de841b
WebDAV Server Serving DLL
Posted Dec 13, 2018
Authored by Ryan Hanson, James Cook | Site metasploit.com

This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached.

tags | exploit, local
systems | windows
SHA-256 | ffc4442915ecf93d8cc559e8f07b68a8fa8aa6fc9f12c43ac4f3ae5d931ac495
Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference
Posted Dec 13, 2018
Authored by Alt3kx

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users.

tags | exploit, local
advisories | CVE-2018-7691
SHA-256 | f5f61f0e91fb1492f3cc43981bb89d49f791427a38840fc17d42980c9a25194c
Fortify SSC 17.10 / 17.20 / 18.10 Project Insecure Direct Object Reference
Posted Dec 13, 2018
Authored by Alt3kx

Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to user projects.

tags | exploit
advisories | CVE-2018-7690
SHA-256 | d6e235c49d00e4d533f28b00647cf63de21e373e8951706d91b44ddbf61ed5c4
Red Hat Security Advisory 2018-3822-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-11176, CVE-2017-15265, CVE-2017-8824
SHA-256 | 2c75e8a0c4daa00265bfac5900dda74d873669e6e611b64f788b2b86a15f96e7
Red Hat Security Advisory 2018-3823-01
Posted Dec 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-15265
SHA-256 | 30befba6188da69a809e66cefa93e12c83bfc4f4ca6df6f16330d33155190dac
Slackware Security Advisory - mozilla-firefox Updates
Posted Dec 13, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | c879ec048793b84c4086c75f0c15ae93fcef31d64fd372f00fe433ec923a50d8
Ubuntu Security Notice USN-3845-1
Posted Dec 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-8784, CVE-2018-8788, CVE-2018-8789
SHA-256 | 700e7cd7426950be3745ea829c1727c1dce803c11dbc707bc426e6d5df75b186
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close