Twenty Year Anniversary
Showing 101 - 125 of 101,157 RSS Feed

Files

Ubuntu Security Notice USN-3621-2
Posted Apr 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076
MD5 | 57f2b3916aee211add479cb8a0f21e74
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.

tags | advisory
advisories | CVE-2018-1037
MD5 | d849542e466fa2029f4baafccd269c5f
Smashing Smart Contracts
Posted Apr 13, 2018
Authored by Bernhard Mueller

This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.

tags | paper
MD5 | 689b059f5f52ffa4211e9e02e8310af5
Drupal Drupalgeddon2 Remote Code Execution Ruby Port
Posted Apr 13, 2018
Authored by Hans Topo

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.

tags | exploit, remote, code execution, proof of concept, ruby
advisories | CVE-2018-7600
MD5 | 4d773afb5cb3f718d378c710534bcb27
KETAMINE: SecureRandom() Weakness
Posted Apr 13, 2018

A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.

tags | advisory, javascript
MD5 | 893d474d121cd29fb6bb8f8f0d4d294c
Drupal Drupalgeddon2 Remote Code Execution
Posted Apr 13, 2018
Authored by Vitalii Rudnykh

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-7600
MD5 | b2dc76bf877508945ce84372e88f3422
XSSer Penetration Testing Tool 1.7-2
Posted Apr 13, 2018
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Fixed SSL. Updated search engines. Various other updates and fixes.
tags | tool, scanner
systems | unix
MD5 | 86cfb5f7fa0e0b0bd34f11ea026b474d
HP Security Bulletin MFSBGN03802 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 1e97454b4f308933230d0c0de9745194
HP Security Bulletin MFSBGN03803 1
Posted Apr 13, 2018
Authored by HP | Site hp.com

HP Security Bulletin MFSBGN03803 1 - A potential security vulnerability has been identified in Micro Focus UCMDB. The vulnerability could be remotely exploited to Local Escalation of Privilege. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2018-6491
MD5 | 288a5d5657c749166f1cc5710c608eeb
MikroTik 6.41.4 Denial Of Service
Posted Apr 13, 2018
Authored by Hosein Askari

MikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2018-10070
MD5 | e3b2dcdbb7ffa4eb4625fb0a60e4fdc6
Appear TV XC Hardware Maintenance Centre Directory Traversal
Posted Apr 13, 2018
Authored by IS Threat Team

Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7539
MD5 | 1c1b1d52d1d18ad5702c3a09e4ccf1f4
Strong Password Generator Biased Randomness
Posted Apr 13, 2018
Authored by Sean Buckley

Chrome's "Strong Password Generator" extension suffers from a weakness with password generation.

tags | advisory
MD5 | 5e29388124a726e14711a14f4531c0ab
VMware Security Advisory 2018-0009
Posted Apr 12, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0009 - vRealize Automation (vRA) updates address multiple security issues.

tags | advisory
advisories | CVE-2018-6958, CVE-2018-6959
MD5 | 9c196ee762f1c587bce6777649e182f1
Red Hat Security Advisory 2018-1124-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 6c29bd8920e932bf2417c581e66348d1
Red Hat Security Advisory 2018-1125-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 54614beb604eb237c15e09e7ad7f4c48
Debian Security Advisory 4079-2
Posted Apr 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4079-2 - It was discovered that the poppler upload for the oldstable distribution (jessie), released as DSA-4079-1, did not correctly address CVE-2017-9776 and additionally caused regressions when rendering PDFs embedding JBIG2 streams. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
advisories | CVE-2017-9776
MD5 | 1cf02964f52e8fda0936f7708f41fea5
IMP XForm 2.0 DatalifeEngine SQL Injection
Posted Apr 12, 2018
Authored by Hesam Bazvand

The IMP XForm version 2.0 DatalifeEngine module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8cc5797d2b3c75cb09d1c36bd0f02b5f
Joomla Convert Forms 2.0.3 CSV Injection
Posted Apr 12, 2018
Authored by Jetty Sairam

Joomla Convert Forms extension version 2.0.3 suffers from a CSV formula injection vulnerability.

tags | exploit
advisories | CVE-2018-10063
MD5 | dfd4595808a0c6dd2bf8b6920f85158f
Clam AntiVirus Toolkit 0.100.0
Posted Apr 12, 2018
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: ClamAV 0.100.0 is a feature release which includes many code submissions from the ClamAV community.
tags | tool, virus
systems | unix
MD5 | 93e8efb489c2afdfca73703b76c24e01
GNU Privacy Guard 2.2.6
Posted Apr 11, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes added.
tags | tool, encryption
MD5 | 2b13d3b6db10b9e93c828703fd6ff823
Gentoo Linux Security Advisory 201804-11
Posted Apr 11, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-11 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 29.0.0.140 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
MD5 | cf461d763ae7e6fa274acb76f6287399
Red Hat Security Advisory 2018-1113-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1113-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-15119, CVE-2017-15124
MD5 | c300608a8729d3c8130912610b679dc1
Red Hat Security Advisory 2018-1112-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1112-01 - Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Issues addressed include information disclosure.

tags | advisory, info disclosure
systems | linux, redhat
advisories | CVE-2018-1000060
MD5 | 7ac2421fb7cc0e67349758e616c2c340
I2P 0.9.34
Posted Apr 11, 2018
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates and bug fixes.
tags | tool
systems | unix
MD5 | 3c67dc2428ca6159110dfe18be80571f
Faraday 2.7.2
Posted Apr 11, 2018
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Fixed bug with tornado version 5.0 and GTK client.
tags | tool, rootkit
systems | unix
MD5 | 0a7eb5a9fc15e3f46fc60ba04386e335
Page 5 of 4,047
Back34567Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close