Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.
57f2b3916aee211add479cb8a0f21e74This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.
d849542e466fa2029f4baafccd269c5fThis pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.
689b059f5f52ffa4211e9e02e8310af5Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.
4d773afb5cb3f718d378c710534bcb27A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.
893d474d121cd29fb6bb8f8f0d4d294cDrupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.
b2dc76bf877508945ce84372e88f3422XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
86cfb5f7fa0e0b0bd34f11ea026b474dHP Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.
1e97454b4f308933230d0c0de9745194HP Security Bulletin MFSBGN03803 1 - A potential security vulnerability has been identified in Micro Focus UCMDB. The vulnerability could be remotely exploited to Local Escalation of Privilege. Revision 1 of this advisory.
288a5d5657c749166f1cc5710c608eebMikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.
e3b2dcdbb7ffa4eb4625fb0a60e4fdc6Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.
1c1b1d52d1d18ad5702c3a09e4ccf1f4Chrome's "Strong Password Generator" extension suffers from a weakness with password generation.
5e29388124a726e14711a14f4531c0abVMware Security Advisory 2018-0009 - vRealize Automation (vRA) updates address multiple security issues.
9c196ee762f1c587bce6777649e182f1Red Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
6c29bd8920e932bf2417c581e66348d1Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
54614beb604eb237c15e09e7ad7f4c48Debian Linux Security Advisory 4079-2 - It was discovered that the poppler upload for the oldstable distribution (jessie), released as DSA-4079-1, did not correctly address CVE-2017-9776 and additionally caused regressions when rendering PDFs embedding JBIG2 streams. Updated packages are now available to correct this issue.
1cf02964f52e8fda0936f7708f41fea5The IMP XForm version 2.0 DatalifeEngine module suffers from a remote SQL injection vulnerability.
8cc5797d2b3c75cb09d1c36bd0f02b5fJoomla Convert Forms extension version 2.0.3 suffers from a CSV formula injection vulnerability.
dfd4595808a0c6dd2bf8b6920f85158fClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
93e8efb489c2afdfca73703b76c24e01GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
2b13d3b6db10b9e93c828703fd6ff823Gentoo Linux Security Advisory 201804-11 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 29.0.0.140 are affected.
cf461d763ae7e6fa274acb76f6287399Red Hat Security Advisory 2018-1113-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include denial of service and use-after-free vulnerabilities.
c300608a8729d3c8130912610b679dc1Red Hat Security Advisory 2018-1112-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Issues addressed include information disclosure.
7ac2421fb7cc0e67349758e616c2c340I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
3c67dc2428ca6159110dfe18be80571fFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
0a7eb5a9fc15e3f46fc60ba04386e335
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed