what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2019-01-09

Ubuntu Security Notice USN-3850-1
Posted Jan 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
SHA-256 | 33dfd212dff4b39a5b8a3ffb081d43f4f2201ce71c47312b15edcf37961cf627
systemd-journald Memory Corruption / Information Leak
Posted Jan 9, 2019
Authored by Qualys Security Advisory

This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws.

tags | advisory, vulnerability
advisories | CVE-2018-16864, CVE-2018-16865, CVE-2018-16866
SHA-256 | 19a689d664d755e0625285bb3e35b7cb5791449a424da89709b8ef0bf6fdcb91
THC-IPv6 Attack Tool 3.6
Posted Jan 9, 2019
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Added error check for openssl BN_ functions (thanks to lc3412). Added support for global destinations for dump_dhcp6. Added new connect6 tool. Various updates and bug fixes.
tags | tool, protocol
systems | unix
SHA-256 | ac3570564999e55c8e8d7aea8b67c398a3b7059f6d03235ab851af9497c38e68
ZTE MF65 BD_HDV6MF65V1.0.0B05 Cross Site Scripting
Posted Jan 9, 2019
Authored by Nathu Nandwani

ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7355
SHA-256 | a1f4305ed80b1edad0ddf850cf89f3031a689bfb87af746b3f5f87da6a50f8af
Ampache 3.8.6 Cross Site Scripting
Posted Jan 9, 2019
Authored by Zekvan Arslan | Site netsparker.com

Ampache version 3.8.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0df6202d2e2ba7b2b3a388c00adfd7cc731f5b2afe54c067226bae1ab49cf904
BlogEngine 3.3 XML External Entity Injection
Posted Jan 9, 2019
Authored by Mustafa Yalcin | Site netsparker.com

BlogEngine version 3.3 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-14485
SHA-256 | 81c346a488af94a4a6e50a7ba4ba5ee7fc1f737b31b6ae0ecbd0220b1a149de6
OrangeForum 1.4.0 Open Redirection
Posted Jan 9, 2019
Authored by Omar Kurt | Site netsparker.com

OrangeForum version 1.4.0 suffers from open redirection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-14474
SHA-256 | 52a54e8dac487a6ef87bc3446a9760fe33265a5c204260d27a24499f6d1144b7
Red Hat Security Advisory 2019-0040-01
Posted Jan 9, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0040-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-0545, CVE-2019-0548, CVE-2019-0564
SHA-256 | 60dc7ea683aed6ff8f8819789e86b7deaa6ab6d423b8691994f39f1071023fc7
Debian Security Advisory 4364-1
Posted Jan 9, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2018-16468
SHA-256 | fbbb51e620d1c0eb3b989fd23a9cffa84aeaadf79ae04a75f02355665e687999
WordPress User Registration 1.5.3 Cross Site Scripting
Posted Jan 9, 2019
Authored by Mr Winst0n

WordPress User Registration plugin version 1.5.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3309833067b6b1a7338dcfae2aaeec5cc34d8bd17c8a20fdb77f6ebcc85a9ba8
Microsoft Windows Error Reporting Local Privilege Escalation
Posted Jan 9, 2019
Authored by SandboxEscaper

Angry Polar Bear is a Microsoft Windows error reporting privilege escalation exploit.

tags | exploit
systems | windows
SHA-256 | 6ba1825663dc4af4d5138e171b80cce360a1ec36f1429feee694aefc93ee3e1b
Heatmiser Wifi Thermostat 1.7 Cross Site Request Forgery
Posted Jan 9, 2019
Authored by sajjadbnd

Heatmiser Wifi Thermostat version 1.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5c0a3afcac35f1c064c628c8b72b11b9a1f6642d72f3ec2af2e154d0b3a4c717
EstudioNeoFilms / Grupo LosGrobo / IdeaSeven SQL Injection
Posted Jan 9, 2019
Authored by KingSkrupellos

Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.

tags | exploit, web, vulnerability, sql injection
SHA-256 | 8a24a48061ed53679c9fcdf369ebc64c50e199f5ef7a6a1492a2fce505973ce0
Google Chrome V8 JavaScript Engine 71.0.3578.98 Denial Of Service
Posted Jan 9, 2019
Authored by Bogdan Kurinnoy

Google Chrome V8 JavaScript Engine version 71.0.3578.98 suffers from a denial of service vulnerability.

tags | exploit, denial of service, javascript
SHA-256 | 7781839e4640b9828af8bca354d5f2ff391d8d4eb54a5a33da6fbde72bcc0dc5
Microsoft Office SharePoint Server 2016 Denial Of Service
Posted Jan 9, 2019
Authored by Gal Zror | Site metasploit.com

A vulnerability in Microsoft SharePoint Server could allow a remote attacker to make the server unavailable. The vulnerability is a result of the dependency SharePoint has in Microsoft.Data.OData library which was vulnerable to remote DOS.

tags | exploit, remote, denial of service
advisories | CVE-2018-8269
SHA-256 | ce47058025f34b12c16191be810750851781cf4964d5249ddcd7414cb84b5b2d
Wifi-soft Unibox 2.x Remote Command / Code Injection
Posted Jan 9, 2019
Authored by Sahil Dhar

Wifi-soft Unibox Controllers versions 0.x through 0.2 suffer from code execution and command injection vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2019-3495, CVE-2019-3496, CVE-2019-3497
SHA-256 | 36f5d2b153128e27aabad7c25baee2bcb915f00a7492e1146d3c7d27e1c7dd0d
MDwiki Cross Site Scripting
Posted Jan 9, 2019
Authored by Evi1m0

MDwiki versions prior to 0.6.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c05cfb7d7709a95e18157203ac396954bbd15aeca5d3482be2b4066a920700c0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close