Twenty Year Anniversary
Showing 1 - 25 of 27,023 RSS Feed

Vulnerability Files

WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
Posted Sep 18, 2018
Authored by Larry W. Cashdollar

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2018-1002001
MD5 | 7d535ca7853080a8b831de38f014cd8a
Apple Security Advisory 2018-9-17-4
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2018-4195, CVE-2018-4307, CVE-2018-4329
MD5 | a568d7158566c7148b8c1fa79bd1a522
Red Hat Security Advisory 2018-2713-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
MD5 | 3797b81d564b8029513cab464185b869
Red Hat Security Advisory 2018-2712-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
MD5 | f77d31f8e66a2618c51fef80f516e567
Debian Security Advisory 4296-1
Posted Sep 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

tags | advisory, crypto, vulnerability
systems | linux, debian
advisories | CVE-2018-0497, CVE-2018-0498
MD5 | 59293157a0f21f3228071e876b5a0988
Apple Security Advisory 2018-9-17-1
Posted Sep 17, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2016-1777, CVE-2018-4305, CVE-2018-4307, CVE-2018-4313, CVE-2018-4322, CVE-2018-4325, CVE-2018-4329, CVE-2018-4330, CVE-2018-4335, CVE-2018-4338, CVE-2018-4352, CVE-2018-4356, CVE-2018-4362, CVE-2018-4363, CVE-2018-5383
MD5 | 94c7b08f05542c1e82ef6e458f60b472
Ubuntu Security Notice USN-3761-3
Posted Sep 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3761-3 - USN-3761-1 fixed vulnerabilities in Firefox. The update caused several regressions affecting spellchecker dictionaries and search engines, which were partially fixed by USN-3761-2. This update contains the remaining fix. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-12378, CVE-2018-12383
MD5 | 6d86615e6427f6c484cd9030a34da1d7
Oracle WebCenter Interaction XSS / Insecure Redirect / CSRF / DoS
Posted Sep 17, 2018
Authored by Ben N

Oracle WebCenter Interaction version 10.3.3 suffers from cross site request forgery, cross site scripting, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2018-16952, CVE-2018-16953, CVE-2018-16954, CVE-2018-16955, CVE-2018-16956, CVE-2018-16957, CVE-2018-16958, CVE-2018-16959
MD5 | ad870b83464d9a944075001fc18b75fb
Ubuntu Security Notice USN-3747-2
Posted Sep 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-2952, CVE-2018-2972
MD5 | 67a9c4972cb887b4f256e30f4bdf6d68
Ubuntu Security Notice USN-3747-2
Posted Sep 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-2952, CVE-2018-2972
MD5 | 67a9c4972cb887b4f256e30f4bdf6d68
Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference
Posted Sep 13, 2018
Authored by S. M. Zia Ur Rashid

Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-16970, CVE-2018-16971
MD5 | 34b23ee4bf4c54e688cf0bc81308cbd1
Seagate Personal Cloud Information Disclosure
Posted Sep 13, 2018
Authored by Yorick Koster

Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.

tags | exploit, web, local, vulnerability, info disclosure
MD5 | 0c22c4000bdb46ed6b32781ad8339aaa
Red Hat Security Advisory 2018-2693-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379
MD5 | ba202b454b0aa867d68b359535603f85
Red Hat Security Advisory 2018-2692-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379
MD5 | 174a341e1a9432fb9bf9abde31e54dfa
Red Hat Security Advisory 2018-2684-01
Posted Sep 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.

tags | advisory, vulnerability
systems | linux, redhat
MD5 | daa05cbc1fd8bb4138ff1edf62c3b8ee
Debian Security Advisory 4290-1
Posted Sep 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4290-1 - Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-14346, CVE-2018-14347, CVE-2018-16430
MD5 | 95ada67ea55021facccf6ed6bd2c100d
Red Hat Security Advisory 2018-2669-01
Posted Sep 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2669-01 - Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, path sanitization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2014-0114, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2016-5397, CVE-2017-14063, CVE-2018-1000129, CVE-2018-1000130, CVE-2018-1000180, CVE-2018-1114, CVE-2018-1271, CVE-2018-1272, CVE-2018-1338, CVE-2018-1339, CVE-2018-8036, CVE-2018-8088
MD5 | e2467e2f9a34b5dd740776d2a5621843
Ubuntu Security Notice USN-3762-2
Posted Sep 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3762-2 - USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-13695, CVE-2018-1118
MD5 | b3f8831743a64c024a52601e55681af9
Red Hat Security Advisory 2018-2666-01
Posted Sep 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2666-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068, CVE-2018-16069, CVE-2018-16070, CVE-2018-16071, CVE-2018-16073, CVE-2018-16074, CVE-2018-16075, CVE-2018-16076, CVE-2018-16077, CVE-2018-16078, CVE-2018-16079, CVE-2018-16080, CVE-2018-16081, CVE-2018-16082, CVE-2018-16083, CVE-2018-16084, CVE-2018-16085, CVE-2018-16086, CVE-2018-16087, CVE-2018-16088
MD5 | 641dc5403658aa3dd26200b59b29ed6a
Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion
Posted Sep 10, 2018
Authored by Pedro Andujar

Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-15610
MD5 | 19f5b0846706f9c5967437b6d530042e
Debian Security Advisory 4289-1
Posted Sep 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4289-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068, CVE-2018-16069, CVE-2018-16070, CVE-2018-16071, CVE-2018-16073, CVE-2018-16074, CVE-2018-16075, CVE-2018-16076, CVE-2018-16077, CVE-2018-16078, CVE-2018-16079, CVE-2018-16080, CVE-2018-16081, CVE-2018-16082, CVE-2018-16083, CVE-2018-16084, CVE-2018-16085
MD5 | 432b3a7c247732970055d96ca8d676d1
Debian Security Advisory 4288-1
Posted Sep 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4288-1 - Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-15908, CVE-2018-15910, CVE-2018-15911, CVE-2018-16511, CVE-2018-16513, CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542, CVE-2018-16543, CVE-2018-16585
MD5 | 10e2c7e46f6ca39a6c5ea6ea84540da4
KONE KGC 4.6.4 DoS / Code Execution / LFI / Bypass
Posted Sep 6, 2018
Authored by Sebastian Neuner

KONE KGC versions 4.6.4 and below suffer from unauthenticated remote code execution, denial of service, local file inclusion, and missing FTP access control vulnerabilities.

tags | exploit, remote, denial of service, local, vulnerability, code execution, file inclusion
advisories | CVE-2018-15483, CVE-2018-15484, CVE-2018-15485, CVE-2018-15486
MD5 | 1ea70d967952d609d0b2793be81f9417
VMware Security Advisory 2018-0023
Posted Sep 5, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0023 - AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2018-6975, CVE-2018-6976
MD5 | d9129080eb942fb3be69ed15e131da6b
SQLMAP - Automatic SQL Injection Tool 1.2.9
Posted Sep 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 001dd095cf0009c79d3e957e256abc10
Page 1 of 1,081
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close