Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
a62074461924f195daf7bb54348db2d390f610e5063b3125fb5b2c5962cecb92Red Hat Security Advisory 2018-1119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Issues addressed include a code execution vulnerability.
c3ab054bd411e4262bb33f3ad5d91dbf8754a55858268d691bea4cc312d6f876Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.
33908d28e8c06edfd44782105bdef3e2e2cdc270a7e2ad67aee118b40bbc7f69This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.
8bfe6529e33a7685090d92042b909cf4ac73b6f313865534d419755272e23a9dThis pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.
8a7fc1857be351bac85ed32986c92e1568085599649c4da76ee6420d59f718c5Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.
9448745ca34223b272016f3a6b85e742d98115ddc80c24382e74fd677ef4be62A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.
cc8297ecfb188d758f4988f1504a6ab94dbdf9629620e6bbeea4587c06e4ec1cDrupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.
a695c9b933acab25a89439cdbf074c03cd35f1a81063d2b075445d945989d0f6XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
f3643ed372ddd09f0461d33b192bf5f8aba9d83401f609a01c6deda37718b913Micro Focus Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.
75484cd0ba169e3e7588efff40b278aa474a3e4fbb8b51605626a76e3b647236Micro Focus Security Bulletin MFSBGN03803 1 - A potential security vulnerability has been identified in Micro Focus UCMDB. The vulnerability could be remotely exploited to Local Escalation of Privilege. Revision 1 of this advisory.
6a72c02a2c0fda5349a6637556971c47002d56eea4ff8e7c8bc6bff2956abfd6MikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.
9083c84bfb726097b0717778839eb828a579861215f9333a577516923c0d1284Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.
f384369b00e93a225deb5452d382b012e3848ce3a8c09427597705033d1ebb1fChrome's "Strong Password Generator" extension suffers from a weakness with password generation.
4d5fb6b5e8fa4ac112b35defcafc80e9de797feca81f0813ed90688201e18da5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed