Twenty Year Anniversary
Showing 1 - 25 of 7,674 RSS Feed

Web Files

Ubuntu Security Notice USN-3824-1
Posted Nov 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180
MD5 | b3273044cedac842c5d7a28d003ecd0e
Red Hat Security Advisory 2018-3618-01
Posted Nov 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3618-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-15978
MD5 | e77d2b6f05294f9616cdb3a6fe3be58c
The Powerful Resource Of PHP Stream Wrappers
Posted Nov 15, 2018
Authored by Netsparker

In this article, the author explores ways to bypass protection methods using the PHP Stream Wrappers, which are responsible for handling protocol related tasks like downloading data from a web or ftp server and exposing it in a way in that it can be handled with PHP's stream related functions.

tags | paper, web, php, protocol
MD5 | a947e8c1cb30f07e7cee7d234092661e
Red Hat Security Advisory 2018-3595-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3595-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2018-10894, CVE-2018-14627, CVE-2018-14655, CVE-2018-14657, CVE-2018-14658
MD5 | 1d178bee341c8c03fa56f7cd938f4018
Red Hat Security Advisory 2018-3593-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3593-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2018-10894, CVE-2018-14655, CVE-2018-14657, CVE-2018-14658
MD5 | 617d012a808e6fe3e69075e07de7a4a3
Red Hat Security Advisory 2018-3592-01
Posted Nov 14, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3592-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2018-10894, CVE-2018-14655, CVE-2018-14657, CVE-2018-14658
MD5 | 8419f7c3a8d5aba61247e3a80fd41d78
Red Hat Security Advisory 2018-3558-01
Posted Nov 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007
MD5 | 516f51a00fc5765270c849817fc3f4b4
Alienor Web Libre 2.0 SQL Injection
Posted Nov 13, 2018
Authored by Ihsan Sencan

Alienor Web Libre version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 693dcc4d311b5270b6a8004e70f1fa86
Mongoose Web Server 6.9 Denial Of Service
Posted Nov 12, 2018
Authored by Ihsan Sencan

Mongoose Web Server version 6.9 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | 0bfc59fbbe8fc8dce5ff5ee4bf59679b
Debian Security Advisory 4335-1
Posted Nov 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4335-1 - Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
MD5 | 4d4bf37877010a706d4c0cec4789a57b
Web-Based Firewall Logging Tool 1.1.1
Posted Nov 9, 2018
Authored by Bob Hockney | Site webfwlog.sourceforge.net

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Changes: Added support for checksum fields for database logs for tcp, udp and icmpv6. Multiple bug fixes. Various other updates.
tags | tool, web, firewall
systems | linux, windows, unix, xp
MD5 | 55e3ae30dafdd547a875306bfe18f79a
D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery
Posted Nov 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.

tags | exploit, web, php, tcp
advisories | CVE-2018-15517
MD5 | d9afd3cea418548b6c3b72153c1261fe
Ubuntu Security Notice USN-3812-1
Posted Nov 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3812-1 - It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
MD5 | ff9df4d865e372ebb24923ea96bc6bb2
SQLMAP - Automatic SQL Injection Tool 1.2.11
Posted Nov 5, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 5fdd5bb9be166686620512abe0f11658
CentOS Web Panel 0.9.8.740 Root Account Takeover / Command Execution
Posted Nov 5, 2018
Authored by Numan OZDEMIR

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.

tags | exploit, remote, web, vulnerability, code execution, xss, csrf
systems | linux, centos
advisories | CVE-2018-18772, CVE-2018-18773, CVE-2018-18774
MD5 | 4423810363465943242d5484d215e474
Red Hat Security Advisory 2018-3466-01
Posted Nov 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-1000544
MD5 | c8fd9daeba7ca15104e6c47fe5878c20
Mongo Web Admin 6.0 Information Disclosure
Posted Nov 5, 2018
Authored by Ihsan Sencan

Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.

tags | exploit, web, info disclosure
MD5 | eece1ca5b96e7fa9c81d88136d34a031
Poppy Web Interface Generator 0.8 Shell Upload
Posted Nov 5, 2018
Authored by Ihsan Sencan

Poppy Web Interface Generator version 0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell
MD5 | eca601b2e8566420184951b2fc2bb286
Debian Security Advisory 4330-1
Posted Nov 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4330-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179
MD5 | 274f4b9bed0ab00b97cda6b9faf28b97
Ubuntu Security Notice USN-3804-1
Posted Oct 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3804-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, java, web
systems | linux, ubuntu
advisories | CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214
MD5 | 1499016cce5544fdad2e81db194990e1
Microstrategy Web 7 Cross Site Scripting / Traversal
Posted Oct 31, 2018
Authored by Rafael Pedrero

Microstrategy Web 7 suffers from cross site scripting and traversal vulnerabilities.

tags | exploit, web, vulnerability, xss, file inclusion
advisories | CVE-2018-18775, CVE-2018-18776, CVE-2018-18777
MD5 | 842cc4a0f56ffc9bba7d4f8bb0fa768a
Red Hat Security Advisory 2018-3157-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | 64fd2f3db9f57d9a15f45dfcc25f6450
Red Hat Security Advisory 2018-3052-01
Posted Oct 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3052-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include cookie injection.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2018-0494
MD5 | d5ed6fa7178616584ee6a9e28a703217
MOGG Web Simulator SQL Injection
Posted Oct 29, 2018
Authored by Meisam Monsef

The MOGG Web Simulator script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 36014a27ca4e7a1446ac1d5cd72e3c55
Debian Security Advisory 4324-1
Posted Oct 25, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4324-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure.

tags | advisory, web, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397
MD5 | 76d22f63eab5d95a897899812b146f6f
Page 1 of 307
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close