what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2018-06-08 to 2018-06-09

Slackware Security Advisory - gnupg2 Updates
Posted Jun 8, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-12020
SHA-256 | d310e76a0921a6cc2ee16f19d8f8b391df2cb4899707346d543830d25c927438
Debian Security Advisory 4224-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

tags | advisory
systems | linux, debian
advisories | CVE-2018-12020
SHA-256 | 48ffa2083ce23edda66107d7e98133264aff4c0af7aaa1febaa827798b766e31
Debian Security Advisory 4220-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-6126
SHA-256 | 20dac8da2aa3b0850230e9839582a70df5eb615fb9c785abfc18ecae374e9b7d
Debian Security Advisory 4221-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

tags | advisory
systems | linux, debian
advisories | CVE-2018-7225
SHA-256 | 836f52812d9c51553e2be67824d58a661d853e79e2193ac4a05b1a7d0e46b6bc
XiongMai uc-httpd 1.0.0 Buffer Overflow
Posted Jun 8, 2018
Authored by Andrew Watson

XiongMai uc-httpd version 1.0.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10088
SHA-256 | 069dabf4383561057bde692c6f3a559449df9f5431de62760f807308dac7d99b
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
Posted Jun 8, 2018
Authored by Martin Heiland

OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.

tags | exploit, spoof, vulnerability, xss
advisories | CVE-2017-17062, CVE-2018-5751, CVE-2018-5752, CVE-2018-5753, CVE-2018-5754, CVE-2018-5755, CVE-2018-5756
SHA-256 | b05b1425ad2ad09c94d5f8ea14683797a289d6404376b147dc5a8333076d15fc
libfsntfs 20180420 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.

tags | exploit, remote, denial of service, info disclosure
advisories | CVE-2018-11727, CVE-2018-11728, CVE-2018-11729, CVE-2018-11730, CVE-2018-11731
SHA-256 | d51475d526556c38315d3ad495346f228174e57aaea7b756952cb090daa26d44
libmobi 0.3 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

tags | exploit, remote, denial of service, overflow, info disclosure
advisories | CVE-2018-11724, CVE-2018-11725, CVE-2018-11726
SHA-256 | 734054659817f2c6fe191be96ca9463bb463d1768291d5ec1cb547fef8c59d82
libpff 2018-04-28 Information Disclosure
Posted Jun 8, 2018
Authored by Webin Security Lab

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.

tags | exploit, remote, overflow, info disclosure
advisories | CVE-2018-11723
SHA-256 | bb60000f6af9c141c2ef4116d6d57a18a2cf342fb2daab8cb8e5c99b583a5d0a
GNU Privacy Guard 2.2.8
Posted Jun 8, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Updated Russian translation. Multiple bug fixes and code improvements added.
tags | tool, encryption
SHA-256 | 777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd
Debian Security Advisory 4219-1
Posted Jun 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.

tags | advisory, java, denial of service, arbitrary, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079
SHA-256 | 6e5cc1eb575ab1d047c7a67b69e08887ebd38e343b7b9963e1a43e4d616ef663
STMicroelectronics DVB Chipset Reverse Engineering
Posted Jun 8, 2018
Authored by Adam Gowdiak | Site security-explorations.com

This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.

tags | exploit
SHA-256 | 38bffd3496f315e8460e0c28a7d946b77b455c78115e5b31dff9bc4e92356db9
OfficeScan XG 11.0 Unauthorized Change Prevention Bypass
Posted Jun 8, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

OfficeScan XG version 11.0 suffers from an unauthorized change prevention bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-10507
SHA-256 | 32dc9c5686796d41853c8b27d1d4b50ef583c060f39f37106a3843b56056a2a3
Gnome Web (Epiphany) Denial Of Service
Posted Jun 8, 2018
Authored by ldpreload

Gnome Web (Epiphany) versions prior to 3.28.2.1 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | ad038f44f7bbbf2ff97e2ef7529e457cfe0a4797fa9c915a63209bf98270321c
Joomla 2.4.0 Gridbox Cross Site Scripting
Posted Jun 8, 2018
Authored by Yavuz Atlas

Joomla versions 2.4.0 and below suffer from a cross site scripting vulnerability in the Gridbox extension.

tags | exploit, xss
advisories | CVE-2018-11690
SHA-256 | a5c9be825a63ecbce56403bbaa7bc44f16907303759cbb78c94f17f7cb178ffd
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
Posted Jun 8, 2018
Authored by EdTech Secure

The ClassLink OneClick browser extension and the ClassLink Agent are vulnerable to universal cross site scripting and remote code execution.

tags | exploit, remote, code execution, xss
SHA-256 | 9009c6063cf45f973ccdc5297fed83759e8c4e593bf42a2455d616f09143e5c4
ESPN Cross Site Scripting
Posted Jun 8, 2018
Authored by Ismail Doe

ESPN's CDN suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9be24660797a2ad3378aff136f4908999af7c4b7bab45ebf5f069b1ae697cd72
Red Hat Security Advisory 2018-1812-01
Posted Jun 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1812-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include deserialization, insecure handling, randomization, and use-after-free vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 221148ef0de88896f8459f4e5e0cbf8dcb142f45ea6c2e753d125ce1e56b2984
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close