what you don't know can hurt you
Showing 26 - 39 of 39 RSS Feed

Files Date: 2018-01-04 to 2018-01-05

Reading Privileged Memory With A Side-Channel
Posted Jan 4, 2018
Authored by Jann Horn, Google Security Research | Site googleprojectzero.blogspot.co.uk

This is the very thorough blog write-up discussing three variants of side-channel attacks that can be leveraged against CPU data cache timing.

tags | paper
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 2363cefeef0652a5bd4abcd5e6ee4559
Joomla JHotelReservation 6.0.5 SQL Injection
Posted Jan 4, 2018
Authored by Bilal Kardadou

Joomla JHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8c701872957dae6ddcb0a2715e8182a5
Red Hat Security Advisory 2018-0007-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
MD5 | 3650657f5647aac2e4525bdda8cbbdc0
Red Hat Security Advisory 2018-0008-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0008-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
MD5 | e9555c16d39d26927f25fd56bfd1ee8a
Linksys WVBR0-25 User-Agent Command Execution
Posted Jan 4, 2018
Authored by HeadlessZeke | Site metasploit.com

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.

tags | exploit, web
advisories | CVE-2017-17411
MD5 | 296355d38705b5b2409004259a8e5624
Xplico Remote Code Execution
Posted Jan 4, 2018
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Xplico. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user.

tags | exploit, root
advisories | CVE-2017-16666
MD5 | f84cbd2f0e6585fce60f5fb1ebfaac2e
Red Hat Security Advisory 2018-0011-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0011-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
MD5 | 53bda9d25882a61260979da0b7094c9d
Red Hat Security Advisory 2018-0009-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0009-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
MD5 | 97cf0138d7feb2c8d3d90c8f521c3ae8
Red Hat Security Advisory 2018-0010-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0010-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty.

tags | advisory, kernel
systems | linux, redhat
MD5 | 7f2f57f43598e7417f8820ef33b00f31
Ubuntu Security Notice USN-3480-3
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3480-3 - USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2017-14177, CVE-2017-14180
MD5 | 8fc3d8c839d99115ca99623b7fedf97f
Ubuntu Security Notice USN-3514-1
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3514-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156
MD5 | 485f3d664c8d9b91f9a34e0bb3715a85
Kingsoft Antivirus / Internet Security 9+ Privilege Escalation
Posted Jan 4, 2018
Authored by mr_me

Kingsoft Antivirus / Internet Security version 9+ suffers from privilege escalation vulnerability.

tags | exploit
MD5 | 4cf2427589e849acac46487ad7c7fe58
Boost My Campaign 1.1 Information Disclosure
Posted Jan 4, 2018
Authored by indoushka

Boost My Campaign version 1.1 suffers from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | 4fddefb7ba57a33d06c1b4a668331210
Atmail 7.1.1 PRO Cross Site Scripting
Posted Jan 4, 2018
Authored by indoushka

Atmail version 7.1.1 PRO suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c8cff2aae64a0139e77502e9203f7b00
Page 2 of 2
Back12Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    10 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close