what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2018-04-13

Dell EMC ViPR Controller Information Exposure
Posted Apr 13, 2018
Site emc.com

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.

tags | advisory, denial of service
systems | linux
advisories | CVE-2018-1240
SHA-256 | a62074461924f195daf7bb54348db2d390f610e5063b3125fb5b2c5962cecb92
Red Hat Security Advisory 2018-1119-01
Posted Apr 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
SHA-256 | c3ab054bd411e4262bb33f3ad5d91dbf8754a55858268d691bea4cc312d6f876
Ubuntu Security Notice USN-3621-2
Posted Apr 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076
SHA-256 | 33908d28e8c06edfd44782105bdef3e2e2cdc270a7e2ad67aee118b40bbc7f69
Microsoft Security Bulletin CVE Revision Increment For April, 2018
Posted Apr 13, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2018-1037.

tags | advisory
advisories | CVE-2018-1037
SHA-256 | 8bfe6529e33a7685090d92042b909cf4ac73b6f313865534d419755272e23a9d
Smashing Smart Contracts
Posted Apr 13, 2018
Authored by Bernhard Mueller

This pop-scientific conference paper introduces Mythril, a security analysis tool for Ethereum smart contracts, and its symbolic execution backend LASER-Ethereum. The first part of the paper explains symbolic execution of Ethereum bytecode in a largely formal manner. The second part showcases the vulnerability detection modules already implemented in Mythril. The modules use a pragmatic mix of static analysis, symbolic analysis and control flow checking.

tags | paper
SHA-256 | 8a7fc1857be351bac85ed32986c92e1568085599649c4da76ee6420d59f718c5
Drupal Drupalgeddon2 Remote Code Execution Ruby Port
Posted Apr 13, 2018
Authored by Hans Topo

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.

tags | exploit, remote, code execution, proof of concept, ruby
advisories | CVE-2018-7600
SHA-256 | 9448745ca34223b272016f3a6b85e742d98115ddc80c24382e74fd677ef4be62
KETAMINE: SecureRandom() Weakness
Posted Apr 13, 2018

A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity.

tags | advisory, javascript
SHA-256 | cc8297ecfb188d758f4988f1504a6ab94dbdf9629620e6bbeea4587c06e4ec1c
Drupal Drupalgeddon2 Remote Code Execution
Posted Apr 13, 2018
Authored by Vitalii Rudnykh

Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-7600
SHA-256 | a695c9b933acab25a89439cdbf074c03cd35f1a81063d2b075445d945989d0f6
XSSer Penetration Testing Tool 1.7-2
Posted Apr 13, 2018
Authored by psy | Site xsser.03c8.net

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Changes: Fixed SSL. Updated search engines. Various other updates and fixes.
tags | tool, scanner
systems | unix
SHA-256 | f3643ed372ddd09f0461d33b192bf5f8aba9d83401f609a01c6deda37718b913
Micro Focus Security Bulletin MFSBGN03802 1
Posted Apr 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03802 1 - A potential vulnerability has been identified in Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer. The vulnerability could be exploited to Local Disclosure of Information. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 75484cd0ba169e3e7588efff40b278aa474a3e4fbb8b51605626a76e3b647236
Micro Focus Security Bulletin MFSBGN03803 1
Posted Apr 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03803 1 - A potential security vulnerability has been identified in Micro Focus UCMDB. The vulnerability could be remotely exploited to Local Escalation of Privilege. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2018-6491
SHA-256 | 6a72c02a2c0fda5349a6637556971c47002d56eea4ff8e7c8bc6bff2956abfd6
MikroTik 6.41.4 Denial Of Service
Posted Apr 13, 2018
Authored by Hosein Askari

MikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2018-10070
SHA-256 | 9083c84bfb726097b0717778839eb828a579861215f9333a577516923c0d1284
Appear TV XC Hardware Maintenance Centre Directory Traversal
Posted Apr 13, 2018
Authored by IS Threat Team

Appear TV XC Hardware Maintenance Centre suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7539
SHA-256 | f384369b00e93a225deb5452d382b012e3848ce3a8c09427597705033d1ebb1f
Strong Password Generator Biased Randomness
Posted Apr 13, 2018
Authored by Sean Buckley

Chrome's "Strong Password Generator" extension suffers from a weakness with password generation.

tags | advisory
SHA-256 | 4d5fb6b5e8fa4ac112b35defcafc80e9de797feca81f0813ed90688201e18da5
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close