exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-04-04 to 2018-04-05

Flawfinder 2.0.6
Posted Apr 4, 2018
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Small fixes. Updated cwe.mitre.org URLs to use https.
tags | tool
systems | unix
SHA-256 | d33caeb94fc7ab80b75d2a7a871cb6e3f70e50fb835984e8b4d56e19ede143fc
Ubuntu Security Notice USN-3620-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-1 - It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332
SHA-256 | 5bad86a1b836a836f77b374d0dce05b619b4080fa156e54af36ae9ff36d98185
Ubuntu Security Notice USN-3619-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129, CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807
SHA-256 | c6a6f41fea45fbea18a8b7d6e773995876e32e44e04595bd392e7b20c000dc48
PMS 0.42 Stack-Based Buffer Overflow
Posted Apr 4, 2018
Authored by Juan Sacco

PMS version 0.42 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 3c10668d26f85f6269d8af46ac25fa32a6808b8ab80409a57cd778bf9df55a98
Ubuntu Security Notice USN-3617-3
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
SHA-256 | 448337d0f05b0a41584005e6cc61e3ade46f16a30a520f6de2809982cf2960d2
KeePass Simple Dictionary Password Enumerator
Posted Apr 4, 2018
Authored by Todor Donev

This is a simple perl script to perform dictionary attacks against the KeePass password manager.

tags | cracker, perl
SHA-256 | 6543608fbc7bd69c9aed01176048fc5dbb4c5cfcf6b3eb1751f46ee2b6e9c7cd
Ubuntu Security Notice USN-3618-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-7225
SHA-256 | 94f093bef1d50914cc832a9db3e8e076858d3e6677937a03c041fbb2d17f4935
FiberHome VDSL2 Modem HG 150-UB Login Bypass
Posted Apr 4, 2018
Authored by Noman Riffat

FiberHome VDSL2 Modem HG 150-UB suffers from a login bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-9248
SHA-256 | 1c1412cbdbb3a4b5d97c16234dd1e75b60bc9b404eb6f2a9774a25178ad66495
FreeBSD Security Advisory - FreeBSD-SA-18:05.ipsec
Posted Apr 4, 2018
Authored by Maxime Villard | Site security.freebsd.org

FreeBSD Security Advisory - The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.

tags | advisory, remote, arbitrary
systems | freebsd
advisories | CVE-2018-6918
SHA-256 | 555a304505193445412db4273adaa7588902e5c99b66e180c2984fe9988501b7
FreeBSD Security Advisory - FreeBSD-SA-18:04.vt
Posted Apr 4, 2018
Authored by Dr Silvio Cesare of InfoSect | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Unprivileged users may be able to access privileged kernel data. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, overflow, arbitrary, kernel
systems | freebsd
advisories | CVE-2018-6917
SHA-256 | e5feb439623564c9e4f8d2df8d6d345fd1caf41d9417c9aa365ca318675e3e11
Microsoft Sharepoint 14.x Cross Site Scripting
Posted Apr 4, 2018
Authored by Mostafa Gharzi

Microsoft Sharepoint version 14.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7de70556a59741aafa3fe927b73b43cd718139d2af52b743bb17e2c7e6194e39
Adobe Flash 28.0.0.137 Remote Code Execution
Posted Apr 4, 2018
Authored by SyFi

Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-4878
SHA-256 | ead98c95358be678b404109ebe91038bf937b15ee8aae06be52bdad92c345418
Sophos Endpoint Protection 10.7 Insecure Cryptography
Posted Apr 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.

tags | exploit
advisories | CVE-2018-9233
SHA-256 | df0aaf3aee69bce369bbcbdaa1ba7ad4bd24c37e8ba5a6d601b2e884488a5983
Sophos Endpoint Protection 10.7 Tamper Protection Bypass
Posted Apr 4, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-4863
SHA-256 | 5b7ef605d212dfe1f2d4f88c42cdc7b9c393dc17670bc503ed2c1ca962498bab
Debian Security Advisory 4165-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-8763, CVE-2018-8764
SHA-256 | 4155448aa8433b09acfcda984e379b08d1e2c5be5274a49b65a42755e5e24b74
Debian Security Advisory 4164-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
SHA-256 | dfdafe74b240b4390f155a02035575c5c0d7feface77e315de1396e8db1f2419
MPEngine UnRAR Inherited Flaw
Posted Apr 4, 2018
Authored by Thomas Dullien, Google Security Research

Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code and has a vulnerability that has since been patched in newer versions of unrar.

tags | exploit
SHA-256 | 874c4c7764116651d9a83650dec6e193aab5fcc1361e21905eaeafff212baed1
Red Hat Security Advisory 2018-0627-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
SHA-256 | a7500ac87de56f7040bac69bee986ec73586b26dddd813625155da8bd8a28c98
Red Hat Security Advisory 2018-0628-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
SHA-256 | cd3c594e34a9c5af05483817690e57fd3d73c77a89b1766fdac627e4501964ae
Red Hat Security Advisory 2018-0630-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
SHA-256 | 05601a9f859c438e0ddd2040dc02c39819df83068376fa3b778c281416aa2e65
Red Hat Security Advisory 2018-0629-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
SHA-256 | 5d8777c62423f90790323ee9b1126494c144db274b87d0cbc0c3fe0aeabfeeb2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close