exploit the possibilities
Showing 51 - 75 of 353 RSS Feed

Files Date: 2018-06-01 to 2018-06-30

Red Hat Security Advisory 2018-1997-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1997-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 942c63fb7d4c891e93e28bb498675417
Red Hat Security Advisory 2018-1965-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1965-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2017-11600, CVE-2018-3639
MD5 | 0a627951dd2983c6a29d8a8db3e5f8b3
Red Hat Security Advisory 2018-2003-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2003-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2017-11600, CVE-2018-3639
MD5 | 7b7f1730f4d54dc80e02eec13b3a435a
Red Hat Security Advisory 2018-1979-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1979-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a mishandled ACL configuration.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1080
MD5 | ceb64e477b66c1394ada2e9899d137b4
Red Hat Security Advisory 2018-2020-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2020-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Issues addressed include a file disclosure vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-9159
MD5 | 9794723e53380628d9ffcebdd154186a
Red Hat Security Advisory 2018-2006-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2006-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | c578e698209ff3566ea12a777fb847dc
Red Hat Security Advisory 2018-1967-01
Posted Jun 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1967-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-3639
MD5 | 8f2def7ba1f6ffde4374f8670824a267
Quest KACE Systems Management Command Injection
Posted Jun 26, 2018
Authored by Brendan Coles, Leandro Barragan, Guido Leo | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).

tags | exploit, web, arbitrary, local, php
systems | windows
advisories | CVE-2018-11138
MD5 | 48ba6b06f4b01737a61a9c63d90ba594
Lynis Auditing Tool 2.6.5
Posted Jun 26, 2018
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Improved tests.
tags | tool, scanner
systems | unix
MD5 | cf77bb3afb5d3b1492b6b57f711855bc
Ubuntu Security Notice USN-3692-1
Posted Jun 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
MD5 | 56cd52a341cc1f84b0df7977939c8ef3
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
Posted Jun 26, 2018
Authored by Matthew Bergin | Site korelogic.com

HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.

tags | exploit, remote, root
MD5 | bf9904ea89edad3e901e6b2663316e90
Polaris Office 2017 8.1 Remote Code Execution
Posted Jun 26, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.

tags | exploit, arbitrary, trojan
advisories | CVE-2018-12589
MD5 | cb627d3986c07f094a3e4282ca8924de
Slackware Security Advisory - mozilla-firefox Updates
Posted Jun 26, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | ce8245c3b4d1ce00d3f9e9465cd5a1ca
Ubuntu Security Notice USN-3692-2
Posted Jun 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-0737, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737
MD5 | 9be3e658c83ed593e3a872b40b7f8a54
Liferay Portal Server-Side Request Forgery
Posted Jun 26, 2018
Authored by Mehmet Ince

Liferay Portal versions prior to 7.0.4 suffer from a server-side request forgery vulnerability.

tags | exploit
MD5 | dd6d01a7688e9d716b44c10e42ef9b87
PoDoFo 0.9.5 Buffer Overflow
Posted Jun 26, 2018
Authored by r4xis

PoDoFo version 0.9.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-8002
MD5 | 8bfed571dcda975b809de00adc2768e4
Microsoft Internet Explorer HTML Help Control 4.74 Bypass
Posted Jun 26, 2018
Authored by Eduardo Braun Prado

Microsoft Internet Explorer HTML Help Control version 4.74 local zone bypass exploit. Proof of concept code for an ancient vulnerability.

tags | exploit, local, proof of concept, bypass
advisories | CVE-2004-1043
MD5 | 31b8cba305e7c04047d7eace49fd4d94
GRR 3.2.3.0
Posted Jun 25, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: UI improvements and bugfixes. Various other updates.
tags | tool, remote, web, forensics
systems | unix
MD5 | d71ddd87116451d074d7e6b62656bc4e
Ecessa ShieldLink SL175EHQ 10.7.4 Add Superuser Cross Site Request Forgery
Posted Jun 25, 2018
Authored by LiquidWorm | Site zeroscience.mk

Ecessa ShieldLink SL175EHQ version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8a8c1de2a67b10c2994223ebb10d07b6
Ecessa WANWorx WVR-30 10.7.4 Add Superuser Cross Site Request Forgery
Posted Jun 25, 2018
Authored by LiquidWorm | Site zeroscience.mk

Ecessa WANWorx WVR-30 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | f9ae008e6a2e97e05d2523eb4a0e7f95
Ecessa Edge EV150 10.7.4 Add Superuser Cross Site Request Forgery
Posted Jun 25, 2018
Authored by LiquidWorm | Site zeroscience.mk

Ecessa Edge EV150 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 32235352c43c1764ff3761997d4f28eb
Red Hat Security Advisory 2018-1975-01
Posted Jun 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1975-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800
MD5 | 05f4a4e560f285ec0d88caf0fcc9a246
Debian Security Advisory 4234-1
Posted Jun 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4234-1 - Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.

tags | advisory, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2018-12564, CVE-2018-12565
MD5 | d7ae0435c3ba64ecf87bbe6f49699712
Digisol DG-BR4000NG Cross Site Scripting
Posted Jun 25, 2018
Authored by Adipta Basu

Digisol DG-BR4000NG suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-12705
MD5 | 61d5541a4ac9cc31ba3c8777eeb61854
Intex Router N-150 Cross Site Request Forgery
Posted Jun 25, 2018
Authored by Navina Asrani

Intex Router N-150 suffers from an add admin cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | cb429e85cc29d6eecefe0542095d9e09
Page 3 of 15
Back12345Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close