what you don't know can hurt you
Showing 101 - 125 of 396 RSS Feed

Files Date: 2018-11-01 to 2018-11-30

Ticketly 1.0 SQL Injection
Posted Nov 21, 2018
Authored by Javier Olmedo

Ticketly version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18923
MD5 | 7e4378143396c0e0e46df5f74d10c399
OpenSSL Toolkit 1.1.1a
Posted Nov 21, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a timing vulnerability in DSA signature generation and another in ECDSA signature generation. Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). Various other updates.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0734, CVE-2018-0735
MD5 | 963deb2272d6be7d4c2458afd2517b73
Dell EMC Avamar / IDPA Command Injection
Posted Nov 21, 2018
Site emc.com

Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from a command injection vulnerability. Affected versions include Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1, Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2.

tags | advisory
advisories | CVE-2018-11077
MD5 | 3b0110cc3a978fcc65325ceb59fed789
Dell EMC Avamar / IDPA Information Exposure
Posted Nov 21, 2018
Site emc.com

Dell EMC Avamar and Integrated Data Protection Appliance (IDPA) suffer from an information exposure vulnerability. Affected versions include Dell EMC Avamar Server 7.2.0 and 7.2.1, Dell EMC Avamar Server 7.3.0 and 7.3.1, Dell EMC Avamar Server 7.4.0 and 7.4.1, and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0.

tags | advisory
advisories | CVE-2018-11076
MD5 | e17d04b72932a55dcc499bfc40b8b1f6
Microsoft Security Advisory Updates For November 20, 2018
Posted Nov 21, 2018
Site microsoft.com

This Microsoft summary lists Microsoft security updates released for November 20, 2018.

tags | advisory
MD5 | cd8d93882375ef946e14bfb39f60acde
Dell EMC Avamar / IDPA Remote Code Execution / Open Redirection
Posted Nov 21, 2018
Authored by Jarrod Farncomb | Site emc.com

Dell EMC Avamar and IDPA suffer from remote code execution and open redirection vulnerabilities. Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 are affected.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2018-11066, CVE-2018-11067
MD5 | aa8fc98fcef1bc7d6f4151d73af7edd2
Red Hat Security Advisory 2018-3643-01
Posted Nov 21, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3643-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2018-14634
MD5 | 6d25a3162fa4900b38136d8459c91896
Red Hat Security Advisory 2018-3644-01
Posted Nov 21, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3644-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.153. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-15981
MD5 | 2d0750dcfd116fcbf04f537a11233b1e
VMware Security Advisory 2018-0029
Posted Nov 20, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0029 - vSphere Data Protection (VDP) updates address multiple security issues.

tags | advisory
advisories | CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077
MD5 | a13b05da406af20fd576764026e2c0d7
CarolinaCon 15 Call For Papers
Posted Nov 20, 2018
Site carolinacon.org

The 15th CarolinaCon will be hosted in Charlotte at the Renaissance Charlotte Suites April 26th through the 28th in 2019.

tags | paper, conference
MD5 | d9eff78eb0616cc4e51fbbf1ade39942
Richfaces 3.x Remote Code Execution
Posted Nov 20, 2018
Authored by Joao F M Figueiredo

Richfaces version 3.x suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-14667
MD5 | 4427edfb92d2e0dd973927a4785c6b81
Debian Security Advisory 4341-1
Posted Nov 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4341-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-10268, CVE-2017-10378, CVE-2017-15365, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2766, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819, CVE-2018-3058, CVE-2018-3063, CVE-2018-3064, CVE-2018-3066, CVE-2018-3081, CVE-2018-3143, CVE-2018-3156
MD5 | fc306a198a645996743e5878aaf89086
Red Hat Security Advisory 2018-2908-01
Posted Nov 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2908-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.51. Issues addressed include a crash vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14632
MD5 | b5a76f504049616fb49229cd330ad427
ACM CCS 2019 Call For Papers
Posted Nov 20, 2018
Site ccs2019.sigsac.org

The 26th ACM Conference on Computer and Communications Security will take place in London, UK, November 11th through the 15th, 2019. The Conference on Computer and Communications Security (CCS) seeks submissions presenting novel contributions related to all real-world aspects of computer security and privacy. Theoretical papers must make a convincing case for the relevance of their results to practice. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. In particular, authors should bear in mind that anyone on the program committee may be asked to give an opinion about any paper.

tags | paper, conference
MD5 | a24c626f168ab9d55ba065750ed9dbce
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Posted Nov 20, 2018
Authored by Murat Aydemir

Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.

tags | advisory, xss
advisories | CVE-2018-19288
MD5 | 5bc1cd2ea752443b86b3347aff7824ff
Debian Security Advisory 4340-1
Posted Nov 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4340-1 - An out-of-bounds bounds memory access issue was discovered in chromium's v8 javascript library by cloudfuzzer.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2018-17478
MD5 | bfd24298c65684c48f7dfd5a9793a54e
ELBA5 Electronic Banking Remote Code Execution
Posted Nov 20, 2018
Authored by Florian Bogner

ELBA5 Network Installation versions prior to 5.8.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | ba7788fdf0fa27e278488d4097dc9a62
Microsoft Windows Unnamed Kernel Object Privilege Escalation
Posted Nov 20, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It's possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege.

tags | exploit, kernel
systems | windows
MD5 | ef10a4d238e0690bde490f41457b96fe
Microsoft Windows DfMarshal Unsafe Unmarshaling Privilege Escalation
Posted Nov 20, 2018
Authored by James Forshaw, Google Security Research

Microsoft Windows 10 1803 suffers from a DfMarshal unsafe unmarshaling elevation of privilege vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-8550
MD5 | 09ad3ab8d6e51e9b91013505bdb58986
macOS 10.13 workq_kernreturn Denial Of Service
Posted Nov 20, 2018
Authored by Fabiano Anemone

macOS version 10.13 workq_kernreturn denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | f4f5e8b2df78998f0e595a8f21d1072e
ImageMagick Memory Leak
Posted Nov 20, 2018
Authored by barracud4

ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.

tags | exploit, memory leak, info disclosure
advisories | CVE-2018-16323
MD5 | 482e9c431cd68a68cdd9e40a6053a6a8
Ticketly 1.0 Cross Site Request Forgery
Posted Nov 20, 2018
Authored by Javier Olmedo

Ticketly version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ac5f9df402a3aad1f61107be9ccd6ebc
Ubuntu Security Notice USN-3816-2
Posted Nov 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3816-2 - USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-15686, CVE-2018-15687, CVE-2018-6954
MD5 | 90d52b61ecc5f6f5a4a47d93591f9c28
Ricoh myPrint Hardcoded Credentials / Information Disclosure
Posted Nov 20, 2018
Authored by Hodorsec

Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected.

tags | exploit, vulnerability, info disclosure
systems | windows
advisories | CVE-2018-18006
MD5 | 4d051bae92eaadb5058aaec46aca59d2
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-0801DU version 7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c58aeb7ef6b68b80d63bcfe2db7d1b15
Page 5 of 16
Back34567Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close