exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-06-11 to 2018-06-12

Ubuntu Security Notice USN-3675-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3675-1 - Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-12020, CVE-2018-9234
SHA-256 | 3766e8329e34b63027e4f5cf9a8633afd662c34ab0ba403d391cd6bb6a60ae4b
Asterisk Project Security Advisory - AST-2018-008
Posted Jun 11, 2018
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

tags | advisory
SHA-256 | 0a8df976f443c76825aaacd37af4fd8f1b496b41d03db87301ebcb184dddb134
Asterisk Project Security Advisory - AST-2018-007
Posted Jun 11, 2018
Authored by Sean Bright | Site asterisk.org

Asterisk Project Security Advisory - When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying to read the data stream. Thus rendering the system as unusable.

tags | advisory, tcp
SHA-256 | b374d470f9dcc44672552df78fa345a74c969e43f270c085e9d4019049d28547
Ubuntu Security Notice USN-3674-2
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-2 - USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
SHA-256 | d9670de8ee5732e1f317876d13852a8d12a2013a36b3d7dd2d941db95d255de8
Ubuntu Security Notice USN-3674-1
Posted Jun 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3674-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the RDS protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2017-0627, CVE-2018-1068, CVE-2018-7492, CVE-2018-8781
SHA-256 | d808284e76889914a80353a1e3422eace8b93049648e16d9582cece4693fb7c1
VMware Security Advisory 2018-0015
Posted Jun 11, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2018-6968
SHA-256 | 8eedf84a536af539e3b782efa5002b2304872f2285e51ab25ee1e8a223443c8a
Red Hat Security Advisory 2018-1824-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1824-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.113. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002
SHA-256 | eb085c3e02115ffe7d44e26102878dd393e3745df415b5e9970e0e5dc3f16fa5
Red Hat Security Advisory 2018-1825-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1825-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.79. Issues addressed include an incorrect handling of the CSP header.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6148
SHA-256 | 0b40e8fb6cb8d1e698165ee2fe8e40315dbf848332de820448b6308ca1da5a3f
Red Hat Security Advisory 2018-1820-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1820-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | f2d957f9b40130aa3fdabbf4336e770d69893b20f1d8e6d68e0566726a5819b1
Splunk 6.2.3 / 7.0.1 Information Disclosure
Posted Jun 11, 2018
Authored by KoF2002

Splunk versions 6.2.3 through 7.0.1 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-11409
SHA-256 | 799e5977c37e92a4b8cae606ad19d8dfc60e9a513a80f2cef6e0a03e025ecdb6
userSpice 4.3.24 Username Enumeration
Posted Jun 11, 2018
Authored by Dolev Farhi

userSpice version 4.3.24 suffers from a username enumeration vulnerability.

tags | exploit
SHA-256 | 1dd5f5e4c2e9fccbf4b67cf18579d258dbfb1cc68d65cce24865514de10f13be
userSpice 4.3.24 X-Forwarded-For Cross Site Scripting
Posted Jun 11, 2018
Authored by Dolev Farhi

userSpice version 4.3.24 suffers from an X-Forwarded-For cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4ea0d12a03a60e6b02bb7c5210264ce73e64dfd04cc3e842e48eec6e4bd3d5b1
Schools Alert Management Script Arbitrary File Delete
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-12053
SHA-256 | a30d184e06e7195ec70fb958780df5a9d4b448ad6cf584d2525d35bbf3c9dcb6
Joomla Ek Rishta 2.10 SQL Injection
Posted Jun 11, 2018
Authored by 41!kh4224rDz

Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 16f737f4ee08cfe42a11a7224814e8d5af02676fc6a87da86b0c109711bc2a8e
Event Manager Admin Panel events_new.php SQL Injection
Posted Jun 11, 2018
Authored by telahdihapus

The Event Manager PHP Script admin panel suffers from a remote SQL injection vulnerability in events_new.php.

tags | exploit, remote, php, sql injection
SHA-256 | b368ead29a2f750662393f8925e30b2d5a4d527a518307aa521c140f1f2ca00d
WordPress Pie Register Blind SQL Injection
Posted Jun 11, 2018
Authored by Manuel Garcia Cardenas

WordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10969
SHA-256 | e04cd55a98ab1899a458679951e539e9b862845e1385e23ce312536b968454f9
Schools Alert Management Scripts get_sec.php SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12052
SHA-256 | 717d15eff170a4c6ac733a4ee608d8802bacc07fecb3c1cf87baca10ac0b4e13
Schools Alert Management Scripts Arbitrary File Read
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from an arbitrary file real vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-12054
SHA-256 | c06a12a979c39b653b47c3a4e1007f597fcae38135ee120c0721a899c3f45c54
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
Posted Jun 11, 2018
Authored by Dhiraj Mishra, Zubin Devnani, Hardik Mehta, Manuel Caballero

This Metasploit module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.

tags | exploit, denial of service
advisories | CVE-2018-11646
SHA-256 | 2d4a36193a36d5db933286558911bee2976dd1809ed77e8e72e1d0079e824e85
Schools Alert Management Script SQL Injection
Posted Jun 11, 2018
Authored by M3 at Pandas

Schools Alert Management Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-12055
SHA-256 | 066335c2b5756a5000c5d5a3e08fe5c6c686c697437f28e0b6648d343908d0bd
Reverse Engineering - Simple Patching
Posted Jun 11, 2018
Authored by Haboob Team

Whitepaper called Reverse Engineering - Simple Patching. Written in Arabic.

tags | paper
SHA-256 | 1ddf1f7571967b1956d2af44522a52d2025891f1307b9286469463bc59474a65
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close