VMware Security Advisory 2018-0018 - VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues.
ac793487dee1f719e0455536c96faccc176ed19f06986d195987b2869376caafThis Microsoft advisory notification includes advisories released or updated on July 19, 2018.
72dc18ef0b81f7af9a5ebd17c77350fe5e5a8b61b5a41870c8794bab3379caf3This Microsoft bulletin summary holds CVE updates for CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, and CVE-2018-8356.
6a9893632ff3a78baae4a0071f0a0b023b6c2bdab05366341ac2b013f90376d0RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
028e0f072d0782b26e0ffe1aa7b8b85f2030bab0d4ec5bd24005493c11b5fa30The National Instruments Linux driver package suffers from a remote code injection (software update) vulnerability.
583aba1c966b02f9bbfab9bc9ac711477ba3f166b683c8f6625e88147c6c15d7Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.
df883ee3bce61fab76fb737953e569c776dce1d344a6385409a6926c2d6cf3efCMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
665002696e6aa2586a51b8816a8a1e2a503f1bc489989a9294e0d3632c5224f2WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.
0981c4f9c549ca322909202cf2f6c2af66fabbb260e7ca87b4d6c92465148a64Chrome suffers from floating-point precision errors in Swiftshader blitting.
55329bd2920eaa9d39110322696bef158e0b340f65c27b63cceed9585601bc64MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.
da11ef1523cf7cf91c93aba43e31032f36aa53b573118e55a7e1163ecc6beee6Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
04d325a817231ab9f0764272b559378b2d3fe10f9b33e17341521360cd5f6b9eRed Hat Security Advisory 2018-2214-01 - openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Security fix: openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials.
a645c04c2db09c0649ed6428ff4db02a66c1aab543361fa03329e0fb6f8a778dSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
1751e466b4765f6a7eca3f634337ed57a540c0de395d8e2c93ff160039c66312Red Hat Security Advisory 2018-2228-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
a38d8b4a9ef269f1deca8c1b814952165139072ed0330610b2f751e9234a8f7fAdobe Systems Mail Lead DBMS suffers from an arbitrary code injection vulnerability.
357c23ee595cb19eb4f7d1df4da74a5cd49b57362eca78f2c93da9a6de10959aDebian Linux Security Advisory 4252-1 - Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service.
914b3ea83f72d0dcc9b0c6d010d1220d255648be0af6699555b952847a50ca3eDebian Linux Security Advisory 4251-1 - A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
5253b4c31d0da0c19893d064e2ba6b3b47effeaa41bab133435beffacb724256Red Hat Security Advisory 2018-2225-01 - Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near real-time. Issues addressed include an escape sequence injection vulnerability that allows for arbitrary code execution.
72bc959e6e96b4bd37a7660348b389326f89e770aab54d67e5b9c4ecf9c1133eChrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
6587e8951f4e79c87ecd7b6a16fa91a40d27b5f94453f1ea87b0a9789512a6beRed Hat Security Advisory 2018-2224-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
2743dd98e6c725e5bc7053f65fbd45caf468ec93410522770ccc5fa455a8d5b3Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
49b2895ee3ba17ef9ef0aebfdc4d32a778e0f36ccadde184516557d5f3357094Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.
3a7fa7070c41ddc4726fd312fb66650ad5d4cd33a694060cfd4542206f2d48f1Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
913dd695e7c5a2b972a6f427cb31f2e93677ec1c38f39dda37d18a91c70b6df1Whitepaper called AntiVirus Evasion with Metasploit's Web Delivery - Leveraging PowerShell to Execute Arbitrary Shellcode.
a0501f1abef48105c4b9453298f6b9c87b2432e7bcb6835ab290b09acdbe63b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed