hardwear is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. It will take place September 13th through the 14th, in The Hague, Netherlands.
bc3148fea1f850974f93ddb982492fecafdcf1991eeefbe423e50e193ea01733
Textpattern versions 4.6.2 and below suffer from a remote SQL injection vulnerability.
a37daea646e6d955877fb97f6bb40efd7e5eb8faca0e8a2a2948e141cb3790af
This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
9ce5d43bd152766a05ee0ae7859b89ecc3953bcac11ed7c1ea1a6ebb5d2aeb14
Red Hat Security Advisory 2018-0505-01 - Mailman is a program used to help manage e-mail discussion lists. A cross site scripting vulnerability was addressed.
b12c1c9ccf6d23c1e217981a639de1c960e6d6af441392bdee7a35ec89ae31f7
Red Hat Security Advisory 2018-0502-01 - The kernel-alt packages provide the Linux kernel version 4.x. Multiple security issues have been addressed.
837bddd1ed83d1e0bb70a1159440fcc2e4360a2d920077b6272525cce4dd8a49
Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart.
0c973cc0b8b396e326136493e77ee67e1e021b531a57d187e3ca1760ce5aca8a
Ubuntu Security Notice 3595-1 - Bjorn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. Various other issues were also addressed.
b99956ccc224dab1426ef1277e618332855c6d72ad58ad3325799f355d6bb8f8
Red Hat Security Advisory 2018-0501-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.1 serves as a replacement for Red Hat Single Sign-On 7.2.0, and includes several bug fixes and enhancements. Multiple security issues have been addressed.
5cd9476a025b988278150ce112e3f6cdc82e012028a1fa36e56e0f71e41ed29c
Red Hat Security Advisory 2018-0496-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Multiple security issues were addressed.
9f9c7480d6c292077120da99ce3539e975e07dabd0cb632521f025f90eb4f913
1803-advisories/dsa-4135-1.txt 85b068ea50632a5111f3d300ea85c6bc Debian Linux Security Advisory 4135-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
ff24ab597ff9ee51b6b72ffca51d8d02ed0ad4fed0dcbe97ca05a3298f56dbae
Red Hat Security Advisory 2018-0516-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. An out of bounds access issue was addressed.
800a206980b758c796d8ce438adbd73f3e721a9216bde5fbe8f6aac8d6475214
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
e4d85c9c4367a29f2300a8e7334551cdd5eb8d55e1e5b2680c1cee87942fed01
This Microsoft bulletin summary holds CVE revision updates for CVE-2018-0771.
5b547ae35c9b18fbe072f1e920b1e780cf8fd8347c8c9b8029bcd479e17b6dcd
MikroTik RouterOS versions prior to 6.38.4 (MIPSBE) Chimay Red stack clash remote code execution exploit.
4887cd3697d5055f700b1e47d24181ad41552d949b52b2f0b254372f1a8c00ac
Sony Playstation 4 (PS4) versions 4.55 up to 5.50 WebKit code execution proof of concept exploit.
f53da9777d264d25a50d25fca1a95984899327e1469278c59b369b4a3677f9cd
Red Hat Security Advisory 2018-0517-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. A remote arbitrary file disclosure vulnerability has been addressed.
df8589042d51c253f5547b55c67b6688e6bcfe6ff145581aeb95a3c37ef3e102
MikroTik RouterOS versions prior to 6.38.4 (x86) Chimay Red stack clash remote code execution exploit.
3d0f66446eb344c4829bbe2a36b06b9c2daee5d39d92b2e8dbb1e8547ceba83e
ACL Analytics versions 11.x through 13.0.0.579 suffer from a code execution vulnerability.
7f99c0ef9c7969dfdd3276c09fe97b55ad588e99df419c4faec29921fc1f78fb
Advantech WebAccess versions less than 8.3 suffer from directory traversal and remote code execution vulnerabilities.
97cde78f92d072d5a56b25fbbfba6add14a9da604c9181028efa5012de1aeb81
This Microsoft bulletin summary holds information regarding Microsoft security updates for March, 2018.
ee6fc8687b0567604b00aee8693c6755fb7732e041e241630e75bede6cc880dc
Red Hat Security Advisory 2018-0504-01 - Mailman is a program used to help manage e-mail discussion lists. A cross site scripting issue was addressed.
b172f792a53d55c77097a22d3093d8e3bbaa0130fa1ff2a321b9c720a00d36d2