exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files Date: 2019-06-26

Ubuntu Security Notice USN-4040-1
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4040-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20843
SHA-256 | 251b85a8c68321ea23a55c52e49629c8a3a25fa86fb47f440c3f071922997ed6
Ubuntu Security Notice USN-4040-2
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4040-2 - USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20843
SHA-256 | f1885e6f06f6f2c730d8efe155ac5f1c76f1b005205c7c8535cdc2920730fa9f
Red Hat Security Advisory 2019-1591-01
Posted Jun 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1591-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where OAuth access tokens were written in plaintext to the API server audit logs.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10165
SHA-256 | 875ed960bd02e2d6da0aadd2d47f0640ff931c963517d678060c39a77a556906
GNUnet P2P Framework 0.11.5
Posted Jun 26, 2019
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added CAA record type. Various other updates.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 98e0355ff0627bf88112b3b92a7522e98c0ae6071fc45efda5a33daed28199b3
Coldfusion / JNBridge Remote Code Execution
Posted Jun 26, 2019
Authored by Moritz Bechler | Site syss.de

Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2019-7839
SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d
Ubuntu Security Notice USN-4038-2
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbe
Ubuntu Security Notice USN-4038-1
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171b
AMD Secure Encrypted Virtualization (SEV) Key Recovery
Posted Jun 26, 2019
Authored by Google Security Research, Cfir Cohen

AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.

tags | advisory, remote
advisories | CVE-2019-9836
SHA-256 | 54e8e560ed6f2e12e8bd0223096ce8c586842a0a89aebf2c3ac2adafd44af784
D-Link Administrative Password Disclosure
Posted Jun 26, 2019
Authored by Marty

D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 836a2a284ed2a9985417986d306b4db1f5742beca7f44da2a471cb893fd99d6c
WebEx Man-In-The-Middle
Posted Jun 26, 2019
Authored by RDX Guy

WebEx appears to suffer from man-in-the-middle attacks due to accepting any TLS certificates as valid.

tags | advisory
SHA-256 | 22e3cd7a64dcb66910ad59f0e79c228bad57d0d9720924bbaa649a7da3e814a8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close