Twenty Year Anniversary
Showing 26 - 50 of 7,616 RSS Feed

Web Files

Red Hat Security Advisory 2018-2331-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2331-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security fix: memcached: UDP server support allows spoofed traffic amplification DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, udp, spoof
systems | linux, redhat
advisories | CVE-2018-1000115
MD5 | 238360ec1fbe236ebadd8dc1d45feff9
Debian Security Advisory 4278-1
Posted Aug 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4278-1 - Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling.

tags | advisory, java, web, vulnerability
systems | linux, debian
advisories | CVE-2017-7656, CVE-2017-7657, CVE-2017-7658
MD5 | a5a121578714bc50afb58a659094d9e1
Red Hat Security Advisory 2018-2486-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-0718, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9598, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-6004, CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246, CVE-2018-0500
MD5 | 4ed8879f71a593f7de2299931bf8ea6f
Red Hat Security Advisory 2018-2469-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8019, CVE-2018-8020
MD5 | dbd3b2dc30c09f616dc6078a6fecc282
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12911, CVE-2018-4263, CVE-2018-4267, CVE-2018-4278
MD5 | 40cbebca101b1768a0afa00205ce7873
Red Hat Security Advisory 2018-2470-01
Posted Aug 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2470-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes. Issues addressed include insecure defaults.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8019, CVE-2018-8020
MD5 | 0978b9a105f760eb1d02c662aad1ec27
Red Hat Security Advisory 2018-2435-01
Posted Aug 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2435-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.154. Issues addressed include bypass and information leakage vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827, CVE-2018-12828
MD5 | 1ade2950ca8e91daf2400b4965357ff9
Red Hat Security Advisory 2018-2428-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2428-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-12624, CVE-2018-1000180, CVE-2018-10237, CVE-2018-10862, CVE-2018-10912, CVE-2018-8039
MD5 | b7f5e94b3fe341dd249dd5e53290aa95
Red Hat Security Advisory 2018-2373-01
Posted Aug 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2373-01 - The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat Infrastructure. It can currently be used in the latest releases of Red Hat Certified Cloud and Service Provider Certification, Red Hat OpenStack Certification and Red Hat Hardware Certification Programs. Issues addressed include writeable and downloadable file vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-10864, CVE-2018-10869, CVE-2018-10870
MD5 | 9011f0406b503eef4d0a261e2e5b7cb2
CA API Developer Portal Cross Site Scripting
Posted Aug 6, 2018
Authored by Kevin Kotas, Joe Schottman | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA API Developer Portal. A medium risk vulnerability exists that can allow a remote attacker to conduct reflected cross-site scripting attacks. CA published solutions to address the vulnerability. The vulnerability occurs due to insufficient parameter filtering in the web user interface, which can allow a remote attacker to launch reflected cross-site scripting attacks.

tags | advisory, remote, web, xss
advisories | CVE-2018-6590
MD5 | add512fadcb03afec9eee769e4fca170
Red Hat Security Advisory 2018-2317-01
Posted Aug 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2317-01 - XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server using the HTTP protocol, and gets back the response as XML. Issues addressed include a deserialization vulnerability.

tags | advisory, remote, web, protocol
systems | linux, redhat
advisories | CVE-2016-5003
MD5 | 19c1f0116a68d7484fa0a5e62b46d00f
Debian Security Advisory 4259-1
Posted Aug 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4259-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.

tags | advisory, web, vulnerability, info disclosure, ruby
systems | linux, debian
advisories | CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780
MD5 | a76e5483b8c8bfad98c37d0bb78f7568
MicroFocus Secure Messaging Gateway Remote Code Execution
Posted Jul 31, 2018
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity execute operation system commands under the context of the web user.

tags | exploit, web, php, vulnerability, sql injection
advisories | CVE-2018-12464, CVE-2018-12465
MD5 | e1ed8b7a67ea6ddd018934d8c751a6d1
SonicWall Global Management System XMLRPC
Posted Jul 31, 2018
Authored by kernelsmith, Michael Flanders | Site metasploit.com

This Metasploit module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a holistic way to manage your entire network security environment.' These vulnerable versions (8.1 Build 8110.1197 and below) do not prevent unauthenticated, external entities from making XML-RPC requests to port 21009 of the virtual app. After the XML-RPC call is made, a shell script is called like so: 'timeSetup.sh --tz="`command injection here`"' --usentp="blah"'.

tags | exploit, web, shell
MD5 | 70c44d4d505bc2fcf508abeea31a28a9
Red Hat Security Advisory 2018-2290-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2290-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include an integer overflow.

tags | advisory, web, overflow
systems | linux, redhat
advisories | CVE-2018-1000127
MD5 | c26aa9cb1f312c0d63fed70db09bddae
Red Hat Security Advisory 2018-2282-01
Posted Jul 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2282-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and information leakage vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-4117, CVE-2018-6044, CVE-2018-6150, CVE-2018-6151, CVE-2018-6152, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176
MD5 | ebe959506bce23a345eeeda9a2fcda81
Debian Security Advisory 4256-1
Posted Jul 27, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4256-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-4117, CVE-2018-6044, CVE-2018-6150, CVE-2018-6151, CVE-2018-6152, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176
MD5 | 5bb620c32bfc3016ca0649d9d9d6d40b
Red Hat Security Advisory 2018-2279-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2279-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2018-8039
MD5 | c3d63485b88e30d23ace68663b9b57fc
Red Hat Security Advisory 2018-2245-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2245-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | 4cddbf970a525c46f424b9018ec2be7a
Red Hat Security Advisory 2018-2244-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2244-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | c8e6a8b16ca9c1af84c6ecdfe2748f94
RSA Archer 6.x Cross Site Scripting / Authorization Bypass
Posted Jul 20, 2018
Authored by Francesca Perrone, Donato Onofri | Site emc.com

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

tags | advisory, remote, web, javascript, xss, bypass
advisories | CVE-2018-11059, CVE-2018-11060
MD5 | 574ac49865a7a3a381903494b92d19f8
AntiVirus Evasion With Metasploit's Web Delivery
Posted Jul 18, 2018
Authored by Dr. Adrian Vollmer

Whitepaper called AntiVirus Evasion with Metasploit's Web Delivery - Leveraging PowerShell to Execute Arbitrary Shellcode.

tags | paper, web, arbitrary, shellcode
MD5 | 68e94c755f9d49405de6fd9c85c19ce2
Debian Security Advisory 4250-1
Posted Jul 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4250-1 - A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.

tags | advisory, remote, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12895
MD5 | c77d3671a0226dd735d8b2e5abd1ea23
QNAP Q'Center change_passwd Command Execution
Posted Jul 17, 2018
Authored by Ivan Huertas, Brendan Coles | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.

tags | exploit, web, arbitrary
advisories | CVE-2018-0706, CVE-2018-0707
MD5 | 53cb0615ae05a91ee87abd7989407825
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.

tags | exploit, web, shell, root
MD5 | 3679d738983dec17aa3243aa408c3212
Page 2 of 305
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close