Twenty Year Anniversary
Showing 1 - 25 of 25,966 RSS Feed

Remote Files

Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
Posted Aug 16, 2018
Authored by T. Silpavarangkura, N. Rai-Ngoen | Site sec-consult.com

Pimcore versions 5.2.3 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2018-14057, CVE-2018-14058, CVE-2018-14059
MD5 | d808a938be664e7caf308aa18e9de8b5
Ubuntu Security Notice USN-3738-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3738-1 - Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139
MD5 | f91f296f4171ef9db9a3a6c30a32bca1
Foxit Reader 9.0.1.1049 Use-After-Free
Posted Aug 15, 2018
Authored by Manoj Ahuje

Foxit Reader version 9.0.1.1049 remote code execution exploit with DEP bypass on heap with shellcode.

tags | exploit, remote, shellcode, code execution
advisories | CVE-2018-9948, CVE-2018-9958
MD5 | 2005c597df419e61cea3af3b13a9e0f0
Debian Security Advisory 4272-1
Posted Aug 14, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4272-1 - Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets.

tags | advisory, remote, denial of service, kernel
systems | linux, debian
advisories | CVE-2018-5391
MD5 | 7c5e38c47c610c412e385893c4194f02
ASUSTOR NAS ADM 3.1.0 Remote Command Execution / SQL Injection
Posted Aug 14, 2018
Authored by Kyle Lovett

ASUSTOR NAS ADM version 3.1.0 suffers from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
advisories | CVE-2018-11509, CVE-2018-11510, CVE-2018-11511
MD5 | 2cbb9fa8f1740ec14856c26142f6ffd4
Nasdaq BWise 5.0 JMX/RMI Interface Remote Code Execution
Posted Aug 14, 2018
Authored by Anibal Aguiar

Nasdaq BWise version 5.0 suffers from a JMX/RMI interface remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11247
MD5 | c20152c2cc85ca80573c3e531ec54d1e
PLC Wireless Router GPN2.4P21-C-CN Denial Of Service
Posted Aug 13, 2018
Authored by Chris Rose

PLC Wireless Router GPN2.4P21-C-CN suffers from a denial of service vulnerability via an unauthenticated remote reboot flaws.

tags | exploit, remote, denial of service
MD5 | fa3f0b316a6e316f845b3dc6e3aa2e3b
Ubuntu Security Notice USN-3736-1
Posted Aug 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3736-1 - It was discovered that libarchive incorrectly handled certain archive files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Agostino Sarubbo discovered that libarchive incorrectly handled certain XAR files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10209, CVE-2017-14166, CVE-2017-14501
MD5 | b5bcdd4f81a12b86db333678e61807f5
TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery
Posted Aug 9, 2018
Authored by Wadeek

TP-Link C50 Wireless Router 3 suffers from a remote reboot cross site request forgery vulnerability.

tags | exploit, remote, csrf
MD5 | bc1a34f00e92454947e94995d37fc1ab
Ubuntu Security Notice USN-3732-2
Posted Aug 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3732-2 - USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, tcp, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-5390
MD5 | 802eb3abdd14bdadb5da2e1595870840
OpenEMR 5.0.1.3 Remote Code Execution
Posted Aug 7, 2018
Authored by Cody Zacharias

OpenEMR version 5.0.1.3 remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 214119ee9c04f9480c280b81d78d0e9d
Ubuntu Security Notice USN-3732-1
Posted Aug 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3732-1 - Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp
systems | linux, ubuntu
advisories | CVE-2018-5390
MD5 | 43c84ca28d83281850c44600f89423ee
Dell EMC Data Protection Advisor XML Injection
Posted Aug 6, 2018
Site emc.com

Dell EMC Data Protection Advisor, versions 6.4 through 6.5, contains a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

tags | advisory, remote, denial of service
advisories | CVE-2018-11048
MD5 | 66b403365b7c8ab139a4ef411025c4a5
CA API Developer Portal Cross Site Scripting
Posted Aug 6, 2018
Authored by Kevin Kotas, Joe Schottman | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability. The vulnerability occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.

tags | advisory, remote, web, xss
advisories | CVE-2018-6590
MD5 | add512fadcb03afec9eee769e4fca170
Red Hat Security Advisory 2018-2317-01
Posted Aug 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2317-01 - XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server using the HTTP protocol, and gets back the response as XML. Issues addressed include a deserialization vulnerability.

tags | advisory, remote, web, protocol
systems | linux, redhat
advisories | CVE-2016-5003
MD5 | 19c1f0116a68d7484fa0a5e62b46d00f
Debian Security Advisory 4260-1
Posted Aug 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4260-1 - Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682
MD5 | d755de94a97a35ef3445c6980f25e25c
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
Posted Aug 2, 2018
Authored by Fakhri Zulkifli

ASUS DSL-N12E_C1 version 1.1.2.3_345 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 68858eb68a135237de86d8478315d5e4
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
Posted Aug 2, 2018
Authored by 0x09AL

CoSoSys Endpoint Protector version 4.5.0.1 suffers from an authenticated remote root command injection vulnerability.

tags | exploit, remote, root
MD5 | 55e44da31aa68dc41af25b68ebbeb0bb
FB Inboxer 1.2 SQL Injection
Posted Aug 2, 2018
Authored by Ozkan Mustafa Akkus

FB Inboxer version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5496fc6be56a2f192ff49a70135dd755
Ubuntu Security Notice USN-3726-1
Posted Aug 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3726-1 - Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-14574
MD5 | 06c8c2fdc8ee7e6ef3db72bd4a4eded2
Ubuntu Security Notice USN-3727-1
Posted Aug 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

tags | advisory, remote, crypto
systems | linux, ubuntu
advisories | CVE-2015-6644, CVE-2016-1000341, CVE-2016-1000346
MD5 | 6c82547bd80b4fdc261181f54ff1ebb8
EMC NetWorker Insecure Transit
Posted Jul 30, 2018
Site emc.com

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a clear-text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.

tags | advisory, remote, protocol
advisories | CVE-2018-11050
MD5 | 8fa258c990062b421d7f2ccfc60ca833
Gentoo Linux Security Advisory 201807-04
Posted Jul 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201807-4 - A heap-based buffer overflow in cURL might allow remote attackers to execute arbitrary code. Versions less than 7.61.0 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0500
MD5 | d1eab4e145e6e1b33fc6fddb5dce05d5
ProjectSend R1053 SQL Injection
Posted Jul 28, 2018
Authored by Guia Brahim Fouad

ProjectSend version R1053 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e188d76af8d5bdbce988c0b31f144e58
Symfony Remote Information Disclosure
Posted Jul 27, 2018
Authored by Abdeljalil Nouiri

Symfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.

tags | exploit, remote, info disclosure
MD5 | 24ccf4690feb930cce80b458f01201c7
Page 1 of 1,039
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close