what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-10-18 to 2018-10-19

Red Hat Security Advisory 2018-2949-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2018-12115
SHA-256 | f241453ffa163d40dd81258a5862a82222959a75a2cbbe5df63dc0fa6673d22d
Red Hat Security Advisory 2018-2946-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12541, CVE-2018-12544
SHA-256 | e29c6150ae8d0030a070aada9327816802a5882ebb9954d037d9af034d62e61c
Red Hat Security Advisory 2018-2944-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2018-12115
SHA-256 | fbd71887a969f803ba77744adb4f3767ff5ac3ced19975e9e474b78bfdce39c6
Red Hat Security Advisory 2018-2945-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2945-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.16 serves as a replacement for RHOAR Spring Boot 1.5.15, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-1336
SHA-256 | ddfaf8bb4cf6423bb14ed2a6d7fa6bb022af219eab477c44382342e63413890f
Ghostscript 1Policy Dangerous Access To Operator
Posted Oct 18, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.

tags | advisory
advisories | CVE-2018-18284
SHA-256 | c212335a3050997bb3269410331972bd215ee205ac25561281f6b950ad7bb670
Linux BPF Verifier Failed Truncation
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.

tags | advisory
systems | linux
advisories | CVE-2018-18445
SHA-256 | bd63997ae2acb84be7a1e8de8677be40bfb12f314579a9e60ee98b321c11a3a0
Linux Semi-Arbitrary Task Stack Read On ARM64 / x86
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.

tags | advisory, arbitrary, x86
systems | linux
SHA-256 | aa57cf6a492d7f45505fa3498cb8e656f5d02f443b0cde3a3cb505708affcfc3
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation
Posted Oct 18, 2018
Authored by Google Security Research, Mark Brand

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.

tags | advisory
advisories | CVE-2018-16068
SHA-256 | d1c10f2bf9feaa3822d838795ee22e210b6fbe031a801f2821a9365aceb1fd14
OwnTicket 1.0 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

OwnTicket version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | afa3c546224151b9410ddd099aab71dd6a14834b1ce39843fcfe35715af02555
PHP-SHOP Master 1.0 Cross Site Request Forgery
Posted Oct 18, 2018
Authored by Alireza Norkazemi

PHP-SHOP Master version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
SHA-256 | 80961f981d7888a03c8cd1d09a5d4b075a376ca4f924e6c7a3fffb851015f9be
Learning With Texts 1.6.2 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

Learning with Texts version 1.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a0314965d94eec9350e5503bf1194f6ad12142e2625a0e4efd7e8098a87b09a9
Time And Expense Management System 3.0 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

Time and Expense Management System version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b7ffe90d6d630f9253a034a6c2b51b585d964fb13fd9b391d729378585e987e0
Microsoft Security Bulletin CVE Revision Increment For October, 2018
Posted Oct 18, 2018
Site microsoft.com

This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.

tags | advisory
advisories | CVE-2018-3190
SHA-256 | 1880caf0f905e87609ecf1274ed2d2e6c11686a539c829aafba22a373483437c
Zenar Content Management System 8.3 Cross Site Request Forgery
Posted Oct 18, 2018
Authored by Ismail Tasdelen

Zenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-18420
SHA-256 | 11b891dae78b89a0b0de8d65ae192050226dafd5b589b7fe2566a673e8dea795
User Management 1.1 Cross Site Scripting
Posted Oct 18, 2018
Authored by Ismail Tasdelen

User Management version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18419
SHA-256 | bd246ce3935fbc933764bdfa47bdf167d570a9c0f6d1c74bab395687327bafbd
Red Hat Security Advisory 2018-2942-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2942-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access controls.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | d1a8daa978552d839173b7222173bf9268ca5a14264ff855e1135931c5b994f8
Red Hat Security Advisory 2018-2943-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2943-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access checks.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
SHA-256 | c21292dc76bd098bf315c666c0c295bef722f34ef0cd50adf37b94f4075f03ff
Red Hat Security Advisory 2018-2939-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2939-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries spring-framework: Address partial fix for CVE-2018-1270 Issues addressed include bypass, code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2017-12617, CVE-2018-1260, CVE-2018-1270, CVE-2018-1271, CVE-2018-1275, CVE-2018-1304, CVE-2018-1305, CVE-2018-1336, CVE-2018-7489
SHA-256 | df886e50a83354eaf0614cdf4bb930a04577e8f124f9e750b2d4ca2e9e06e04e
Ubuntu Security Notice USN-3796-2
Posted Oct 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3796-2 - USN-3796-1 fixed a vulnerability in paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-1000805
SHA-256 | be9629570efc8591bd695beae9a55dc4cd8b3fc56250b3efb7ee5ab5d55cbdab
WordPress Wordfence 7.1.12 XSS / Username Disclosure
Posted Oct 18, 2018
Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7bd9c300ee5c12f903f4a443c03eeac48af0e1085041a04c331ee74dccfda5db
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
Posted Oct 18, 2018
Authored by Blazej Adamczyk

Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, file inclusion
advisories | CVE-2017-6190, CVE-2018-10822, CVE-2018-10823, CVE-2018-10824
SHA-256 | 9541adf37d2c85c0b0f169e169c1066383eece8ec4a5884e9d841c8dbcc16ca5
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close