what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 354 RSS Feed

Files Date: 2018-06-01 to 2018-06-30

Microsoft Windows Desktop Bridge Virtual Registry Incomplete Fix
Posted Jun 20, 2018
Authored by James Forshaw, Google Security Research

The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.

tags | exploit, arbitrary, registry
SHA-256 | 7b7af078798b5964467bf7757383127c12dad481c4522e1f5ea6e8b1a37d710a
Ubuntu Security Notice USN-3689-2
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3689-2 - USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that Libgcrypt was susceptible to a side- channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-0495
SHA-256 | e28a6878c39988d3f66523fc14a66afd0c58b05460c84d389240bcaf04b1f87d
Ubuntu Security Notice USN-3689-1
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3689-1 - Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-0495
SHA-256 | 88555ac1dd1d49a8d5c958883feb730a625259656c33ee350e93c19be692fc93
Ubuntu Security Notice USN-3688-1
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3688-1 - Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7810, CVE-2017-7826, CVE-2018-5089, CVE-2018-5125, CVE-2018-5150
SHA-256 | 93478e51c11d985f691c7579523cae27ecd53c6663b7fd6e55f95a3b991929ad
Gentoo Linux Security Advisory 201806-07
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-7 - A vulnerability in Transmission could allow a remote attacker to execute arbitrary RPC commands. Versions less than 2.93 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-5702
SHA-256 | 640c64903e586437d69269a8a2a8debd82824f63ea0620732f55b98c30dcdf38
Gentoo Linux Security Advisory 201806-06
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-6 - A vulnerability has been found in Chromium and Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 67.0.3396.87 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6149
SHA-256 | fca2d1e053e24ff1afda570f0222fac0af993f0dd29302decfd26a665ba3944b
Gentoo Linux Security Advisory 201806-05
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-5 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.60.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000300, CVE-2018-1000301
SHA-256 | 84539ba334c2ae70a3648c5332b02a77671ad7695cff1a5131ca6c9ea930ebd4
Red Hat Security Advisory 2018-1854-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1854-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2012-6701, CVE-2015-8830, CVE-2016-8650, CVE-2017-12190, CVE-2017-15121, CVE-2017-18203, CVE-2017-2671, CVE-2017-6001, CVE-2017-7308, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803
SHA-256 | faa3521cba5ea132c14cf1c7356833641996e0d6d030838eba24714f4f797c11
Microsoft Security Advisory Updates For June 19, 2018
Posted Jun 19, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on June 19, 2018.

tags | advisory
SHA-256 | a7e0c09e82c260ff70070b46967752d04491ae55273de0db5ca9189726ee854c
Red Hat Security Advisory 2018-1944-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1944-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-3665
SHA-256 | e4ecf0a030b8d4d1387834b1eedbccf78135f5aa4c8e1b9220099f7243d2b69a
Red Hat Security Advisory 2018-1879-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1879-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat, osx
advisories | CVE-2017-15670, CVE-2017-15804
SHA-256 | 24b061c310fc7ebbe8e6ad6bf55f296c790c319a0e9a1474385c839b520e6586
Red Hat Security Advisory 2018-1949-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1949-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2018-10855
SHA-256 | 7dd1f39b0c41c39953b12a378dd2aafa9de45168e5289e404639259d6a8cd5fd
Microsoft Windows Desktop Bridge Activation Arbitrary Directory Creation
Posted Jun 19, 2018
Authored by James Forshaw, Google Security Research

The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2018-8208
SHA-256 | d0530f0109ea354da30e58c9f1b6f66e77d9f78611b21d45ab804256c40bfa35
Red Hat Security Advisory 2018-1948-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1948-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2018-10855
SHA-256 | d94a2c4056df7fbcae7e5bdf63048582703f05b67dcf8f6d530571426fe1e5b8
CheckSec Canopy Cross Site Scripting
Posted Jun 19, 2018
Authored by ryantzj

CheckSec Canopy versions 3.x before 3.0.7 suffer from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2018-9036
SHA-256 | 51bab819e7d71bae94f9d40d75ed240b77b7ebc2040391c1f9b6e96eb7e887ad
Database Security Threats And Injection Technique
Posted Jun 19, 2018
Authored by darklight

Whitepaper called Database Security Threats and Injection Technique. Written in Persian.

tags | paper
SHA-256 | 5d18ecda87e677b9be4fcc471c55096e2eefcceb48e70cc55ca0ed8b6636b300
Microsoft COM For Windows Improper Serialized Object Handling
Posted Jun 18, 2018
Authored by Code White | Site codewhitesec.blogspot.com

Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.

tags | exploit, remote, web, code execution, proof of concept
systems | windows
advisories | CVE-2018-0624
SHA-256 | 84d82f40b0c54ee1de46ef3f92a87a644fbbf80e0962a7d37f83e11733f0eacc
MagniComp SysInfo Information Exposure
Posted Jun 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.

tags | exploit, info disclosure
advisories | CVE-2018-7268
SHA-256 | e65b31b24a3d31f12c130df16191c10f3cdae0c77df7a247af307f1e92f05036
RabbitMQ Web Management Cross Site Request Forgery
Posted Jun 18, 2018
Authored by Dolev Farhi

RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.

tags | exploit, web, csrf
SHA-256 | ace7a141c2db8c052bee34763aa215ffb0d407181a3bd241dbb192e081aac80a
Pale Moon Browser Use-After-Free
Posted Jun 18, 2018
Authored by Berk Cem Goksel

Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-12292
SHA-256 | 2e0cc42d98a4534d603814887bfa02b06a097f55c015f4948d537bd67a1267f3
Nikto 2.1.6 CSV Injection
Posted Jun 18, 2018
Authored by Adam Greenhill

Nikto version 2.1.6 suffers from a csv injection vulnerability.

tags | exploit
advisories | CVE-2018-11652
SHA-256 | e8097258c4be3f7ba2da7a9ee73cd01b050d3432d47977b5b277f71ca8ea768b
Redatam Web Server Directory Traversal
Posted Jun 18, 2018
Authored by Berk Dusunur

Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | fb104785e2fbb446b26d975f894390f26552f379e969e790f3f06e1f3b0cbd55
Redis-cli Buffer Overflow
Posted Jun 18, 2018
Authored by Fakhri Zulkifli

Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-12326
SHA-256 | fb6da6db94e98640ef6cb6f1408d6f588499ee0b607727625403d91d5754dd7d
Audiograbber 1.83 Buffer Overflow
Posted Jun 18, 2018
Authored by Dennis Herrmann

Audiograbber version 1.83 local SEH buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | 35ad40948dba3e4633859693d0929896e622bd685a0f512bca6e22e2d04ef2e8
Joomla Jomres 9.11.2 Cross Site Request Forgery
Posted Jun 18, 2018
Authored by Borna Nematzadeh

Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | baff04052780f953149e992ce762ba1f4ad9daea993ce2dd48f3b24298933b4f
Page 6 of 15
Back45678Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close