Twenty Year Anniversary
Showing 1 - 25 of 101,157 RSS Feed

Files

Adobe Flash Blur Filtering Out-Of-Bounds Write
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a blur filtering out of bounds write vulnerability.

tags | exploit
advisories | CVE-2018-4937
MD5 | 88c1fee8c2461e70f8fb6ccd45168207
Adobe Flash Image Inflation Information Disclosure
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an image inflation information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-4934
MD5 | 5a8202b546643e77eb7e2ebee544e14c
Adobe Flash Sound Playing Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a sound playing overflow.

tags | exploit, overflow
advisories | CVE-2018-4936
MD5 | 764b0bb1ef3ed5a38a8acdb4c7362484
Adobe Flash Slab Rendering Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a slab rendering overflow.

tags | exploit, overflow
advisories | CVE-2018-4935
MD5 | b512de2dc1d1e5461cd3384d37330c84
lastore-daemon D-Bus Privilege Escalation
Posted Apr 21, 2018
Authored by Brendan Coles, Kings Way | Site metasploit.com

This Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This Metasploit module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).

tags | exploit, arbitrary, root, code execution
systems | linux
MD5 | baa73891b2b9f0118971e92d8daa13cc
ASUS infosvr Authentication Bypass Command Execution
Posted Apr 21, 2018
Authored by jduck, Friedrich Postelstorfer | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.

tags | exploit, remote, arbitrary, shell, root, udp, bypass
advisories | CVE-2014-9583
MD5 | 0b841685aaa09cefb0a9621293d64a94
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download
Posted Apr 21, 2018
Authored by Larry W. Cashdollar

Drupal Avatar Uploader module version 7.x-1.0-beta8 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2018-9205
MD5 | f71fbf325b46560419ed396682ba3a33
The Origin And Impact Of Security Vulnerabilities In ST Chipsets
Posted Apr 21, 2018
Site security-explorations.com

This whitepaper explores the origin and impact of the vulnerabilities discovered in ST chipsets.

tags | paper, vulnerability
MD5 | 0c95d5b2547b920efafeca36b10548c1
VMware Security Advisory 2018-0010
Posted Apr 21, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0010 - Horizon DaaS update addresses a broken authentication issue.

tags | advisory
advisories | CVE-2018-6960
MD5 | 11d8d9a67080b256bfa56d03bfafc293
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion
Posted Apr 21, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

tags | exploit
MD5 | d8ca369d4de256bff5cc0437ef5167b1
DrayTek VigorACS 2 Unsafe Flex AMF Java Object Deserialization
Posted Apr 20, 2018
Authored by Pedro Ribeiro

DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.

tags | exploit, java, remote, root, code execution
advisories | CVE-2017-5641
MD5 | 4c7d83cfec04d1724b9d118fb3cd42e1
Microsoft Internet Explorer 11.371.16299.0 Denial Of Service
Posted Apr 20, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 8f802c6b5e7355817d785abe182618e6
Foxit Reader 8.3.1.21155 DLL Hijacking
Posted Apr 20, 2018
Authored by Ye Yint Min Thu Htut

Foxit Reader versions 8.3.1.21155 and below suffer from a dll hijacking vulnerability.

tags | advisory
systems | windows
MD5 | eb22e505d49272a974ea0a09ea10533a
Linux x86 Reverse TCP 127.1.1.1:5555 Shellcode
Posted Apr 20, 2018
Authored by Anurag Srivastava

73 bytes small Linux x86 reverse TCP shellcode that binds to 127.1.1.1:5555.

tags | x86, tcp, shellcode
systems | linux
MD5 | 9e96cce76f9491a2d09409a32e416c26
Cobub Razor 0.8.0 Path Disclosure
Posted Apr 20, 2018
Authored by Kyhvedn

Cobub Razor version 0.8.0 suffers from a path disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-8056, CVE-2018-8770
MD5 | 576cf5b28eecb06a93ee4f29e77f29c5
Red Hat Security Advisory 2018-1191-01
Posted Apr 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1191-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | 3cd3bc9fcfa92b962f6a92478cf0edfd
Red Hat Security Advisory 2018-1188-01
Posted Apr 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1188-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | f9764bd5c107b479ad068a874853b922
Ubuntu Security Notice USN-3628-2
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-2 - USN-3628-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
MD5 | d51441eb31e08b9b0e00243556d85ee3
Ubuntu Security Notice USN-3628-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3628-1 - Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0737
MD5 | ec6bd6ddad8ba2e58ccda93ef6aa7898
Ubuntu Security Notice USN-3627-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3627-1 - Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | e5a14b1abfb9798d648d23b33ff3cbf9
Seagate Media Server SRN21C Cross Site Scripting
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffers from a persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 26ee374c709608e517d6ee7adb023c0b
Seagate Media Server Path Traversal
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | 87a733abc7f20117965d25472991a72b
Seagate Personal Cloud SRN21C Arbitrary File Move
Posted Apr 19, 2018
Authored by Yorick Koster

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 allows for moving of arbitrary files.

tags | exploit, arbitrary
MD5 | 4a1b51ad89566e53f422c327f916fb1c
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 19, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.

tags | advisory
advisories | CVE-2018-1037
MD5 | d17a5cb173cbe39d175a245a74306617
Stegano 0.8.5
Posted Apr 19, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed an encoding problem which occurred on Windows during the installation of the module.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 8e6e537fe7247631b9ec13345a94243d
Page 1 of 4,047
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close