what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2018-10-08

Red Hat Security Advisory 2018-2884-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
SHA-256 | a503d8f752218d1ebc2a0f3c9de265aac7e02a167b6516ef1f115e1f3369b673
Kernel Live Patch Security Notice LSN-0044-1
Posted Oct 8, 2018
Authored by Benjamin M. Romer

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3620, CVE-2018-3646, CVE-2018-6555
SHA-256 | 1ae6dc1bc4438da330374ea7c963d1a59dd4454020d117a4fef1a28f4474b821
Tinc Virtual Private Network Daemon 1.0.35
Posted Oct 8, 2018
Authored by Ivo Timmermans | Site tinc.nl.linux.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: Prevented oracle attacks. Prevented a MITM from forcing a NULL cipher for UDP. Various other fixes.
tags | tool, encryption
systems | unix
advisories | CVE-2018-16737, CVE-2018-16738, CVE-2018-16758
SHA-256 | 18c83b147cc3e2133a7ac2543eeb014d52070de01c7474287d3ccecc9b16895e
I2P 0.9.37
Posted Oct 8, 2018
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 0c3736572182519f4831201c72609f069229a2cc73d29ca135417c143061a18d
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
Posted Oct 8, 2018
Authored by t4rkd3vilz, hubertwslin | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.

tags | exploit, overflow
systems | windows
advisories | CVE-2018-10594
SHA-256 | e4890d38f7e77e0fc47c8e04e33af1e27192fdc6cf14b35bc40478d30d87c47e
ifwatchd Privilege Escalation
Posted Oct 8, 2018
Authored by Tim Brown, Brendan Coles, cenobyte | Site metasploit.com

This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).

tags | exploit, arbitrary, x86, root
advisories | CVE-2014-2533
SHA-256 | 520b8401fb7375e448a96f4237b4662a5608ef3cf6d4d3323e0c69df08ce3fa4
Cisco Prime Infrastructure Unauthenticated Remote Code Execution
Posted Oct 8, 2018
Authored by Pedro Ribeiro | Site metasploit.com

Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | cisco
advisories | CVE-2018-15379
SHA-256 | d4ddf2dda84d92bb39709e2fad5c269d7848c88a7bfbb904dd9732556b6c1a55
Imperva SecureSphere 13 Remote Command Execution
Posted Oct 8, 2018
Authored by rsp3ar

Imperva SecureSphere 13 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | c5d956d30ecc2ae3b22184cc33a9b6d0f0aa918bffcfc329c14cae070c8785dd
net-snmp 5.7.3 Unauthenticated Denial Of Service
Posted Oct 8, 2018
Authored by Magnus Klaaborg Stubman

net-snmp version 5.7.3 suffers from an unauthenticated denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8a47315cb13031259275fabde237dae81f5e3dd9e4010de7c9145bec06f1aef5
Ubuntu Security Notice USN-3786-1
Posted Oct 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3786-1 - It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-15853, CVE-2018-15857, CVE-2018-15858, CVE-2018-15862, CVE-2018-15863
SHA-256 | e5c11ec082c06adbab0b693f55dda0ae528422c4a0ba303eb697f9e2dac46b87
FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffers from a websocket device manipulation vulnerability.

tags | exploit
SHA-256 | d5ee085f3976b70b8de3f214f1234d395c57223bed41854d9ebd6cf3c4af88f7
FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.

tags | exploit
SHA-256 | f65f2f6d488c81f677bcd9bbadf582687ea5b1b17b888d215e2c7c4ce7ea981a
Apache PDFBox 1.8.15 / 2.0.11 Denial Of Service
Posted Oct 8, 2018
Authored by Shawn Rasheed, Jens Dietrich | Site pdfbox.apache.org

Apache PDFBox versions 1.8.15 and below and 2.0.11 and below suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2018-11797
SHA-256 | fb5bddecf2cb651a7e68b957684dbef557c798caee7d511f374b9e651c0a0733
Red Hat Security Advisory 2018-2882-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2882-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include an out-of-bounds read.

tags | advisory, web, tcp
systems | linux, redhat
advisories | CVE-2018-14645
SHA-256 | 704c6d8910906768ab26688d3013c5047b43b29f16be67bc61a5180637772295
Red Hat Security Advisory 2018-2881-01
Posted Oct 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2881-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include an out-of-bounds read.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12386, CVE-2018-12387
SHA-256 | 8be099e7a5728383e2bf6b4a48e46f149d1ef5b73774acdf5f44311b39e6b277
Git Submodule Arbitrary Code Execution
Posted Oct 8, 2018
Authored by Junio C Hamano

Updated releases address a security flaw that allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules.

tags | exploit, arbitrary
advisories | CVE-2018-17456
SHA-256 | a7bfbc5c58e56b3f5f562b25a0f4882e6dde1f1740a22255ddb7d848dc2d7d40
Chamilo LMS 1.11.8 firstname Cross Site Scripting
Posted Oct 8, 2018
Authored by Cakes

Chamilo LMS version 1.11.8 suffers from a cross site scripting vulnerability in the firstname variable.

tags | exploit, xss
SHA-256 | bbe1d55f689ba413aec86a4102488acccd062ff22979ab0c0999379fddb1f385
Android current-fs Improper Locking
Posted Oct 8, 2018
Authored by Jann Horn, Google Security Research

Android sdcardfs changes current->fs without proper locking.

tags | exploit
advisories | CVE-2018-9515
SHA-256 | 8d214a2b630981750d5c1762a10ef86a2a4ae621726bba9e014147f488f9c0f2
Linux Kernel mq_notify: double sock_put() Local Privilege Escalation
Posted Oct 8, 2018
Authored by LEXFO

Linux kernel versions prior to 4.11.8 suffer from an mq_notify: double sock_put() local privilege escalation vulnerability.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2017-11176
SHA-256 | d856e8f0e3a24bb6da7c039ea069a1db6509879ee46ac5e3dae61b153c2d7369
net-snmp 5.7.3 Denial Of Service
Posted Oct 8, 2018
Authored by Magnus Klaaborg Stubman

net-snmp version 5.7.3 suffers from an authenticated denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8e2f9ac672c73a2f2aa095307e242fb1a6637e86a3a3d715cd0616592950896f
360 3.5.0.1033 Sandbox Escape
Posted Oct 8, 2018
Authored by vr_system

360 version 3.5.0.1033 suffers from a sandbox escape vulnerability.

tags | exploit
SHA-256 | bdf44f9b6db8ed13bf0d7b5a7a4fc50b2567a9194a85b9d37ee7d8679575d597
Linux/x86 execve(/bin/sh) + MMX/ROT13/XOR Shellcode
Posted Oct 8, 2018
Authored by Kartik Durg

104 bytes small Linux/x86 execve(/bin/sh) + MMX/ROT13/XOR shellcode (encoder/decoder).

tags | x86, shellcode
systems | linux
SHA-256 | 6ddab3763d37dfbbb724243a6de756c793e102720e772e8122341c6111c3786a
Linux/MIPS (Big Endian) execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode
Posted Oct 8, 2018
Authored by cq674350529

181 bytes small Linux/MIPS (Big Endian) execve(/bin/sh) + reverse TCP 192.168.2.157/31337 shellcode.

tags | tcp, shellcode
systems | linux
SHA-256 | 245109394ab2bdfc2a8c0d490131768798eae49f523ec021591b5093147082ac
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close