Twenty Year Anniversary
Showing 76 - 100 of 7,570 RSS Feed

Web Files

Red Hat Security Advisory 2018-1296-01
Posted May 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1296-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php. Issues addressed include buffer overflow, cross site scripting, denial of service, heap overflow, remote file inclusion, and use-after-free vulnerabilities.

tags | advisory, remote, web, denial of service, overflow, php, vulnerability, xss, file inclusion
systems | linux, redhat
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-10167, CVE-2016-10168, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7479, CVE-2016-9933, CVE-2016-9934, CVE-2016-9935, CVE-2016-9936, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11147, CVE-2017-11362, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934
MD5 | 74d414cb061c5ffff37e0dd0dcbd14fa
Ubuntu Security Notice USN-3627-2
Posted May 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3627-2 - USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | 642379a7853be14309a167bceaa1d31f
Ubuntu Security Notice USN-3635-1
Posted May 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165
MD5 | 85531931d71d0277a373662193a6ba19
xdebug Unauthenticated OS Command Execution
Posted May 1, 2018
Authored by Mumbai, Shaksham Jaiswal, Ricter Zheng | Site metasploit.com

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.

tags | exploit, web, arbitrary, php
MD5 | f41618034e1f76ddd17f42794e9dc6c3
Debian Security Advisory 4186-1
Posted May 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4186-1 - It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

tags | advisory, web
systems | linux, debian
advisories | CVE-2018-1000164
MD5 | fa0fbddffa00a407fa0bb9f6c837cd1e
Metasploit msfd Remote Code Execution Via Browser
Posted May 1, 2018
Authored by Robin Stenvi | Site metasploit.com

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.

tags | exploit, web, javascript, tcp
systems | windows
MD5 | 9424518a3a5f452ec2a431c5b398c292
Debian Security Advisory 4182-1
Posted Apr 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4182-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-6056, CVE-2018-6057, CVE-2018-6060, CVE-2018-6061, CVE-2018-6062, CVE-2018-6063, CVE-2018-6064, CVE-2018-6065, CVE-2018-6066, CVE-2018-6067, CVE-2018-6068, CVE-2018-6069, CVE-2018-6070, CVE-2018-6071, CVE-2018-6072, CVE-2018-6073, CVE-2018-6074, CVE-2018-6075, CVE-2018-6076, CVE-2018-6077, CVE-2018-6078, CVE-2018-6079, CVE-2018-6080, CVE-2018-6081, CVE-2018-6082, CVE-2018-6083, CVE-2018-6085, CVE-2018-6086
MD5 | 98a371c8c991350a922b861dabe3051d
Red Hat Security Advisory 2018-1253-01
Posted Apr 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1253-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Issues addressed include an out-of-bounds array dereference.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-12613
MD5 | a1eb5da731e8fe8a8d78ea194a8b93f7
Red Hat Security Advisory 2018-1249-01
Posted Apr 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1249-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.2. Issues addressed include code execution and traversal vulnerabilities.

tags | advisory, web, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1047, CVE-2018-1067, CVE-2018-8088
MD5 | 180279a1388c5837ff5eb5850111926b
SickRage Credential Disclosure
Posted Apr 26, 2018
Authored by Sven Fassbender

SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.

tags | exploit, web, info disclosure
advisories | CVE-2018-9160
MD5 | 98abab617b810c5647b3686d23143970
Easy File Sharing Web Server 7.2 UserID Buffer Overflow
Posted Apr 24, 2018
Authored by Hashim Jawad

Easy File Sharing Web Server version 7.2 UserID remote buffer overflow exploit with DEP bypass.

tags | exploit, remote, web, overflow
advisories | CVE-2018-9059
MD5 | e650294e754a40ce8cacde9c9332bdb0
Red Hat Security Advisory 2018-1195-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1195-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buffer overflow, bypass, remote shell upload, and use-after-free vulnerabilities.

tags | advisory, remote, web, overflow, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-6085, CVE-2018-6086, CVE-2018-6087, CVE-2018-6088, CVE-2018-6089, CVE-2018-6090, CVE-2018-6091, CVE-2018-6092, CVE-2018-6093, CVE-2018-6094, CVE-2018-6095, CVE-2018-6096, CVE-2018-6097, CVE-2018-6098, CVE-2018-6099, CVE-2018-6100, CVE-2018-6101, CVE-2018-6102, CVE-2018-6103, CVE-2018-6104, CVE-2018-6105, CVE-2018-6106, CVE-2018-6107, CVE-2018-6108, CVE-2018-6109, CVE-2018-6110, CVE-2018-6111, CVE-2018-6112
MD5 | 1f2281c68c5837e3f5afd511d38bf5da
Red Hat Security Advisory 2018-1192-01
Posted Apr 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1192-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include multiple overflows.

tags | advisory, web, overflow, perl
systems | linux, redhat
advisories | CVE-2018-6797, CVE-2018-6798
MD5 | b4bdd83179dcb9224f541f5c0cf45e83
Ubuntu Security Notice USN-3627-1
Posted Apr 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3627-1 - Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | e5a14b1abfb9798d648d23b33ff3cbf9
Easy File Sharing Web Server 7.2 Buffer Overflow
Posted Apr 18, 2018
Authored by rebeyond

Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability.

tags | exploit, web, overflow
advisories | CVE-2018-9059
MD5 | 2606153988d6fa631cb09de63eb0e7db
Red Hat Security Advisory 2018-1119-01
Posted Apr 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
MD5 | 97c46db1b7ffc040e97c629c2eacc01c
Red Hat Security Advisory 2018-1098-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1098-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, web, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-5148
MD5 | e15ae7f725c8ea07edef059ce76f700f
Red Hat Security Advisory 2018-1099-01
Posted Apr 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, web, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-5148
MD5 | efd7f9efd1d24c1fb7653eab5d1c9cba
CyberArk Password Vault Web Access Remote Code Execution
Posted Apr 9, 2018
Site redteam-pentesting.de

The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.

tags | exploit, remote, web, code execution
advisories | CVE-2018-9843
MD5 | 15df09b097ae3bbbbbf2b776522b1bc8
Debian Security Advisory 4165-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-8763, CVE-2018-8764
MD5 | a66e7ec3056ac8043de009300dea5eec
ProcessMaker Plugin Code Execution
Posted Apr 3, 2018
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.

tags | exploit, web, php
systems | linux, windows, debian, 7
MD5 | 62ca13841303372ebfe7885ec8e1b271
DuckDuckGo 4.2.0 WebRTC Private IP Leakage
Posted Apr 3, 2018
Authored by Brendan Coles, Mishra Dhiraj | Site metasploit.com

This Metasploit module exploits a vulnerability in browsers using well-known property of WebRTC (Web Real-Time Communications) which enables Web applications and sites to capture or exchange arbitrary data between browsers without requiring an intermediary.

tags | exploit, web, arbitrary
advisories | CVE-2018-6849
MD5 | 1d9975950bdc7255d15ef79cf990fc30
Debian Security Advisory 4161-1
Posted Apr 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4161-1 - James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application.

tags | advisory, web, python
systems | linux, debian
advisories | CVE-2018-7536, CVE-2018-7537
MD5 | baa4d30e80f46f295485a3b682c445a0
RSA Authentication Agent For Web XSS / Buffer Overflow
Posted Mar 28, 2018
Authored by Harrison Neal | Site emc.com

RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.

tags | advisory, web, overflow, vulnerability, xss, info disclosure
advisories | CVE-2018-1232, CVE-2018-1233, CVE-2018-1234
MD5 | cb74fb03e40e4c091cc179f2f257acbd
Web Application Penetration Testing
Posted Mar 20, 2018
Authored by Manh Pham Tien

This is a whitepaper that goes over methodologies for web application penetration testing. It is very thorough with examples and overviews.

tags | paper, web
MD5 | dc7320a4b2fa3f14e7eb81e598507f31
Page 4 of 303
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close