what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 318 RSS Feed

Files Date: 2019-06-01 to 2019-06-30

Red Hat Security Advisory 2019-1591-01
Posted Jun 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1591-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where OAuth access tokens were written in plaintext to the API server audit logs.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10165
SHA-256 | 875ed960bd02e2d6da0aadd2d47f0640ff931c963517d678060c39a77a556906
GNUnet P2P Framework 0.11.5
Posted Jun 26, 2019
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: Added CAA record type. Various other updates.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 98e0355ff0627bf88112b3b92a7522e98c0ae6071fc45efda5a33daed28199b3
Coldfusion / JNBridge Remote Code Execution
Posted Jun 26, 2019
Authored by Moritz Bechler | Site syss.de

Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2019-7839
SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d
Ubuntu Security Notice USN-4038-2
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbe
Ubuntu Security Notice USN-4038-1
Posted Jun 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3189, CVE-2019-12900
SHA-256 | 674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171b
AMD Secure Encrypted Virtualization (SEV) Key Recovery
Posted Jun 26, 2019
Authored by Google Security Research, Cfir Cohen

AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.

tags | advisory, remote
advisories | CVE-2019-9836
SHA-256 | 54e8e560ed6f2e12e8bd0223096ce8c586842a0a89aebf2c3ac2adafd44af784
D-Link Administrative Password Disclosure
Posted Jun 26, 2019
Authored by Marty

D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 836a2a284ed2a9985417986d306b4db1f5742beca7f44da2a471cb893fd99d6c
WebEx Man-In-The-Middle
Posted Jun 26, 2019
Authored by RDX Guy

WebEx appears to suffer from man-in-the-middle attacks due to accepting any TLS certificates as valid.

tags | advisory
SHA-256 | 22e3cd7a64dcb66910ad59f0e79c228bad57d0d9720924bbaa649a7da3e814a8
Nagios XI Magpie_debug.php Root Remote Code Execution
Posted Jun 25, 2019
Authored by Chris Lyne, Guillaume Andre | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.

tags | exploit, remote, shell, local, root, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
SHA-256 | 497ccf076e88aa8797c172933964fb4ad92dddf4ca42816ab9c5f28af82b486b
Red Hat Security Advisory 2019-1603-01
Posted Jun 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1603-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-11707, CVE-2019-11708
SHA-256 | 1c3f2ab92856bea753598266e0cc7112742e48a1357ca4f5bcdf1245036a66c2
Red Hat Security Advisory 2019-1604-01
Posted Jun 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1604-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-11707, CVE-2019-11708
SHA-256 | efd19650a5c49f811bbd4c75bac4c43febd3026a5a92342fc9aa1c76b748f966
Red Hat Security Advisory 2019-1602-01
Posted Jun 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1602-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
SHA-256 | 44681c017f6cb6453545b8a6d66047878734200ddb425c65cba895080004b65a
Debian Security Advisory 4471-1
Posted Jun 25, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4471-1 - Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2019-11707, CVE-2019-11708
SHA-256 | 4efa717e1288d15a4d933ab0a6403d42fc7d8662286f3a6e0d8b5818ccf16912
Ubuntu Security Notice USN-4035-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4035-1 - It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-14662, CVE-2018-16846, CVE-2018-16889, CVE-2019-3821
SHA-256 | 85436c925c63103095d0ad444af8d9ef4922926097f5c1fdde3ab59dcf521e93
Ubuntu Security Notice USN-4036-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4036-1 - Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-9735
SHA-256 | e4e59fbad634306202b9b1275923fc716c0b615791f01c6e7aa73e2b89177a0b
Ubuntu Security Notice USN-4034-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4034-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-12805, CVE-2018-16323, CVE-2018-16645, CVE-2018-18023, CVE-2018-20467, CVE-2019-11470, CVE-2019-7175, CVE-2019-7398
SHA-256 | ecf3a57b2183bd65d70fdbbe614267c9c6cd7c405ee6f4ce6e0d3d339ad01411
Ubuntu Security Notice USN-4037-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4037-1 - The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication.

tags | advisory
systems | linux, ubuntu
SHA-256 | c5f3ca2d62880c10f006e915b63814648747d70ea633f8c5229865fda1477d3e
Red Hat Security Advisory 2019-1594-01
Posted Jun 25, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1594-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
SHA-256 | 42cc94d32edd63d60d4201b04d197d324050b9d1d3c45b0f2c6a12cc47a4bf7f
Ubuntu Security Notice USN-4033-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4033-1 - It was discovered that a libmysofa component does not properly validate multiplications and additions, and may crash with some specific input.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-10672
SHA-256 | 09c6ad3c40f1db2d8e16728433af45b79bd7368acb7ca9b9293a6890e680a595
BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal
Posted Jun 25, 2019
Authored by Aaron Bishop

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from a path directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6a2c42641d4296f9a21aee848c4725f2494a67b5f3c258c250034179e2a48cf2
Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution
Posted Jun 25, 2019
Authored by XORcat

Fortinet FCM-MB40 suffers from remote command execution and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, csrf
SHA-256 | f3304438db41066a361a9c48682e8fe987bd5904a7ad099883d46442445cc1a3
WordPress Live Chat Unlimited 2.8.3 Cross Site Scripting
Posted Jun 25, 2019
Authored by m0ze

WordPress Live Chat Unlimited plugin version 2.8.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab8bc1948bcdc3f2bfb4fe1c92cd333ba1e13b7b2227e3a9a5462063b0160841
WordPress iLive 1.0.4 Cross Site Scripting
Posted Jun 25, 2019
Authored by m0ze

WordPress iLive plugin version 1.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fd619811b05b204dfc56b440e51d9beff8359cf1c99ba855c68323667b6eb6f7
SAPIDO RB-1732 Remote Command Execution
Posted Jun 25, 2019
Authored by k1nm3n.aotoi

SAPIDO RB-1732 version 2.0.43 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 8c2ffa8c45bd6258d34b73f2418379b89138a62e8600141be0baac10df62bde8
SuperDoctor5 NRPE Remote Code Execution
Posted Jun 25, 2019
Authored by Simon Gurney

SuperDoctor5 implemented a remote command execution plugin in their implementation of NRPE that can be leveraged without authentication.

tags | exploit, remote
SHA-256 | d6c0429243c969acaf8ffc7a427c26c5b9f2c01b2c9571c53034ba8870bba0d9
Page 2 of 13
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close