Twenty Year Anniversary
Showing 1 - 25 of 7,646 RSS Feed

Web Files

Ubuntu Security Notice USN-3790-2
Posted Oct 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-2 - USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18074
MD5 | 1b19f7fc14a933f4057623fbde241997
Red Hat Security Advisory 2018-2946-01
Posted Oct 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12541, CVE-2018-12544
MD5 | da115969bfddee040383d0a69ab8841d
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.

tags | exploit, web, shell
systems | linux
MD5 | 33ffa851ac663c1ab4b0b5c38033d8e6
Ubuntu Security Notice USN-3790-1
Posted Oct 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2018-18074
MD5 | 754f9259fdb45184151ad7346cb76c6b
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
Posted Oct 15, 2018
Authored by Siber Guvenlik Hizmetleri

Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, code execution, xss, file inclusion
systems | linux, centos
advisories | CVE-2018-18322, CVE-2018-18323, CVE-2018-18324
MD5 | e7fc8ff71e4d7349b20722fdec06c3b3
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, web, arbitrary, root, php, vulnerability, code execution
MD5 | d06114bdae6c5e38a699adb6567a8ba2
Ubuntu Security Notice USN-3781-2
Posted Oct 10, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3781-2 - USN-3781-1 fixed vulnerabilities in WebKitGTK+. The updated package was missing some header files, preventing certain applications from building. This update fixes the problem. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, javascript, vulnerability, code execution, xss
systems | linux, ubuntu
MD5 | a6bc4a13b0557d357067efa2bbc88f09
Client Side Injection On Web Applications
Posted Oct 10, 2018
Authored by Milad Khoshdel

Whitepaper called Client Side Injection on Web Applications.

tags | paper, web
MD5 | 3d269f2d6a1fbcf25e9c559f0d53d23f
Red Hat Security Advisory 2018-2884-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | f06f3d8b68aa18c8ac9bf3ba50b53405
Red Hat Security Advisory 2018-2882-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2882-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include an out-of-bounds read.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-14645
MD5 | 086dcd0131a3f86fc04839aff14d6a7b
Red Hat Security Advisory 2018-2881-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2881-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include an out-of-bounds read.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | 6d99119798d9c642e65db56f4c2556ae
Unitrends UEB HTTP API Remote Code Execution
Posted Oct 5, 2018
Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.

tags | exploit, remote, web, arbitrary, root
advisories | CVE-2017-12478, CVE-2018-6328
MD5 | a0e08b19c154dc12f718909d936f193c
Easy File Sharing Web Server 7.2 Domain Name Buffer Overflow
Posted Oct 5, 2018
Authored by ZwX

Easy File Sharing Web Server version 7.2 suffers from a domain name buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | 0d3cc7fc1bb84f794d1756a2f00f68bd
Ubuntu Security Notice USN-3783-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3783-1 - Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-11763, CVE-2018-1302, CVE-2018-1333
MD5 | 39a2a20007776652cad0090cdc05afc8
Debian Security Advisory 4310-1
Posted Oct 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | b88ceaa2ffe174a5b82e94d946d662e0
Red Hat Security Advisory 2018-2868-01
Posted Oct 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2868-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8037
MD5 | c7ef7eab42953ebab1c816b029115ddf
Red Hat Security Advisory 2018-2867-01
Posted Oct 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2867-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8037
MD5 | 4a60c4dfbc4ce4112d5fbd7c85c19701
Ubuntu Security Notice USN-3781-1
Posted Oct 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3781-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4191, CVE-2018-4209, CVE-2018-4299, CVE-2018-4312, CVE-2018-4317, CVE-2018-4328
MD5 | b9204d5224fba5ea1f9e172cb10b6dda
SQLMAP - Automatic SQL Injection Tool 1.2.10
Posted Oct 3, 2018
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Various updates.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 55e5aa88807d9ea720edd95792a335a6
Red Hat Security Advisory 2018-2857-01
Posted Oct 2, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2857-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2018-1000115
MD5 | 308fdb14dfd9c3b1cd49c526435d8b30
Red Hat Security Advisory 2018-2835-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | 8f9c83d61cb277d76f94999c085df60b
Red Hat Security Advisory 2018-2834-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | b69b990087b2042ffe81272b960516ab
iWay Data Quality Suite Web Console 10.6.1.ga XML Injection
Posted Sep 27, 2018
Authored by Sureshbabu Narvaneni

iWay Data Quality Suite Web Console version 10.6.1.ga suffers from an XML external entity injection vulnerability.

tags | exploit, web
MD5 | 600d4e1ad23f8f4d97e239fea2520065
Red Hat Security Advisory 2018-2826-01
Posted Sep 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2826-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.

tags | advisory, web, perl, code execution
systems | linux, redhat
advisories | CVE-2011-2767
MD5 | 68d78740d4e091cea9d2b974a51f106c
Red Hat Security Advisory 2018-2825-01
Posted Sep 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2825-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.

tags | advisory, web, perl, code execution
systems | linux, redhat
advisories | CVE-2011-2767
MD5 | 7cd8146c3ec61901eb3a054b2a7a3399
Page 1 of 306
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close