exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2019-08-28

Bro Network Security Monitor 2.6.4
Posted Aug 28, 2019
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address a potential denial of service vulnerability. The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.
tags | tool, intrusion detection
systems | unix
MD5 | 2c31485fa88bd2c42684ae9afa7d5b49
Ubuntu Security Notice USN-4110-4
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | a6dd8ffb200c3fa787ed813228ab72f1
Kernel Live Patch Security Notice LSN-0054-1
Posted Aug 28, 2019
Authored by Benjamin M. Romer

It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2018-1129, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272, CVE-2019-2101, CVE-2019-3846
MD5 | 1de971967f43f22fa4ee2b9590b93d64
Ubuntu Security Notice USN-4110-3
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 63a1258a6f995b55a382c15c602c1e37
Red Hat Security Advisory 2019-2579-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2579-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10222
MD5 | dd4cbd177d38dfb43e45944be61c1f5f
I2P 0.9.42
Posted Aug 28, 2019
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Bug fix release.
tags | tool
systems | unix
MD5 | 00009920e56f2708d3d368b1e8d2a7db
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
Posted Aug 28, 2019
Authored by Pedro Ribeiro

Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.

tags | exploit, vulnerability, bypass
systems | cisco
advisories | CVE-2019-1935, CVE-2019-1936, CVE-2019-1937
MD5 | 1b836f2892c60e53c35da6adba11922e
Red Hat Security Advisory 2019-2548-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10352, CVE-2019-10353, CVE-2019-10354
MD5 | 47eb3aaac38a7d73bd3ec5376fbf7e09
Red Hat Security Advisory 2019-2571-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2571-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2019-1010238
MD5 | 5978264f8851b0c6c554eade84f81023
Red Hat Security Advisory 2019-2577-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2577-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10222
MD5 | fcdf9d18e1ea4c46657addbd1620162c
Ubuntu Security Notice USN-4110-2
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 5c791be958358f0b5d099cc85acbf72d
Debian Security Advisory 4510-1
Posted Aug 28, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.

tags | advisory, remote, arbitrary, imap, protocol
systems | linux, debian
advisories | CVE-2019-11500
MD5 | e3cf7ec7b9e533f10132ece6c1ce8f6b
Ubuntu Security Notice USN-4110-1
Posted Aug 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11500
MD5 | 4870d365c10fedd69d6ee0d660a7bdaa
Joomla JomEstate 4.1 SQL Injection
Posted Aug 28, 2019
Authored by KingSkrupellos

Joomla version 2.5.28 with JomEstate component version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ccf21e574313eb45a6c6a365c8b538db
Joomla Easy GuestBook 1.0 SQL Injection
Posted Aug 28, 2019
Authored by KingSkrupellos

Joomla version 1.0.15 with Easy GuestBook component version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7ff4f4e0fe5459fee54d6e7732248cbe
Outlook Password Recovery 2.10 Denial Of Service
Posted Aug 28, 2019
Authored by Velayutham Selvaraj, Praveen Thiyagarayam

Outlook Password Recovery version 2.10 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 49e3584a31e6930e8a732e67aa1c3f47
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close