what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2018-05-03

osCommerce Installer Unauthenticated Code Execution
Posted May 3, 2018
Authored by Daniel Teixeira, Simon Scannell | Site metasploit.com

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.

tags | exploit, php
SHA-256 | 806d396b8f8393708196c84967f4c3db14adf4f64c443cf3f37029101e6385f9
GNU Privacy Guard 2.2.7
Posted May 3, 2018
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple bug fixes added.
tags | tool, encryption
SHA-256 | d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976e
Lynis Auditing Tool 2.6.4
Posted May 3, 2018
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Several contributions merged, including grammar improvements. Initial support for Ubuntu 18.04 LTS. Small enhancements for usage.
tags | tool, scanner
systems | unix
SHA-256 | 487dc69cb8c484f05b8d8dc3e425ede0af91cb3524e7e69ed6d83a675ac16e18
CA Spectrum 10.1.x / 10.2.x Denial Of Service
Posted May 3, 2018
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability. The vulnerability occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.

tags | advisory, remote, denial of service
advisories | CVE-2018-6589
SHA-256 | c42461b24c68708141823de35f39bffa1179f622bd996847c2c2cea9ae1ef49a
Trovebox 4.0.0-rc6 SQL Injection / Bypss / SSRF
Posted May 3, 2018
Authored by Robin Verton

Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 2bd9eba90c187412520d8986e92dd1c4480228cda7bb0eec67f1460e5d7e18ac
Arastta 1.6.2 Cross Site Scripting
Posted May 3, 2018
Authored by Matt Landers

Arastta version 1.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab0d5dc30e68f0810d8e6d0256a4d03a044708655b0b5bd5bdccb7bd396d5abc
Apache Hadoop 2.7.3 Privilege Escalation
Posted May 3, 2018
Authored by Freddie Rice

Apache Hadoop versions 2.2.0 through 2.7.3 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2016-6811
SHA-256 | 6c4fa5cf474021190a2bc75365dabc9d8f684355af05542da0662e0af9dc8274
Red Hat Security Advisory 2018-1275-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1275-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1088
SHA-256 | f081bfc860c9249baee3932e9dc2a576ef9e19aafaaa8da832bb76c0f0f9410d
Red Hat Security Advisory 2018-1274-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
SHA-256 | 5a162a410e015621060082f9069e1f4b6660aa3afa2edab19ed988184231de74
Gentoo Linux Security Advisory 201805-03
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-3 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.139 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-6118
SHA-256 | 92fabe6db808b42c994e0d07f211186b4d44ec6892a4137d4a070e8820259a62
Gentoo Linux Security Advisory 201805-02
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-2 - A buffer overflow in Python might allow remote attackers to execute arbitrary code. Versions less than 2.7.14:2.7 are affected.

tags | advisory, remote, overflow, arbitrary, python
systems | linux, gentoo
advisories | CVE-2017-1000158
SHA-256 | 6b299a610b8cc521b013f1fa00322f4750e169529954acece5d98c9ad28f03a0
Gentoo Linux Security Advisory 201805-01
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-1 - A vulnerability was discovered in hesiod which may allow remote attackers to gain root privileges. Versions less than or equal to 3.1.0 are affected.

tags | advisory, remote, root
systems | linux, gentoo
advisories | CVE-2016-10151, CVE-2016-10152
SHA-256 | d71e1907fc85fa9d90fdc79354a0545a3ebeb6c923240f5a0162fe5126a50ff1
Red Hat Security Advisory 2018-1278-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1278-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a bypass vulnerability.

tags | advisory, java, bypass
systems | linux, redhat
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
SHA-256 | bc4c1a7de774c5033cc7404b418e1050514213ab7f4c0f78240d803da8a857cd
Red Hat Security Advisory 2018-1264-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1264-01 - Red Hat Mobile Application Platform 4.6.0 consists of three main components: Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x. MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x. Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms. Issues addressed include denial of service and remote file inclusion vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, file inclusion
systems | linux, redhat, windows, apple
advisories | CVE-2017-15010, CVE-2018-3728
SHA-256 | d0a9835c457668550027216db69532e0ea3e19e0154509a0cf6c1aa4fb7832fd
Flexense DiskSorter 10.7 Cross Site Scripting
Posted May 3, 2018
Authored by Francisco Javier Santiago Vazquez

Flexense DiskSorter versions 9.5.12 through 10.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10568
SHA-256 | 2cb546d947d2f7a09cf7f9be7331d70a72a933992fc636e3229da8a416f239a5
Flexense VX Search 10.7 Cross Site Scripting
Posted May 3, 2018
Authored by Francisco Javier Santiago Vazquez

Flexense VX Search versions 10.1.12 through 10.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10567
SHA-256 | 4c85fdf321105e43718e02bdc42a298d3580629c47db62853e09597ec9d82ecb
Flexense DupScout 10.7 Cross Site Scripting
Posted May 3, 2018
Authored by Francisco Javier Santiago Vazquez

Flexense DupScout versions 10.0.18 through 10.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10566
SHA-256 | 951657f6ad6ac49a82b5963b4c9ecdca3cf12989b725cad31e79f7409e82bd14
Exim base64d Remote Code Execution
Posted May 3, 2018
Authored by straight_blast

Exim versions prior to 4.90.1 suffer from a base64d remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-6789
SHA-256 | 7ca9d4d2ad8a8f94f402c2a0986a1bcb33596bff697621e2afcde815f2f4b0d8
LibreOffice 6.0.3 / OpenOffice 4.1.5 Information Disclosure
Posted May 3, 2018
Authored by Richard Davy

LibreOffice version 6.0.3 and OpenOffice version 4.1.5 suffers from a .odt information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-10583
SHA-256 | 8dfaa0fc230503b0a244b16cf2420d39f87af8b19b498af30d536f1a99b040c9
Debian Security Advisory 4188-1
Posted May 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-17975, CVE-2017-18193, CVE-2017-18216, CVE-2017-18218, CVE-2017-18222, CVE-2017-18224, CVE-2017-18241, CVE-2017-18257, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000199, CVE-2018-10323, CVE-2018-1065, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-1093, CVE-2018-1108, CVE-2018-5803, CVE-2018-7480, CVE-2018-7566, CVE-2018-7740, CVE-2018-7757, CVE-2018-7995, CVE-2018-8087, CVE-2018-8781, CVE-2018-8822
SHA-256 | c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068a
Flexense Disksavvy 10.7 Cross Site Scripting
Posted May 3, 2018
Authored by Francisco Javier Santiago Vazquez

Flexense Disksavvy versions 10.4 through 10.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10565
SHA-256 | 6b16df74a22073fe41ea3af1efe19e833c26518f07c851e215d42bc4f5840aa2
Flexense DiskBoss 9.1.16 Cross Site Scripting
Posted May 3, 2018
Authored by Francisco Javier Santiago Vazquez

Flexense DiskBoss versions 7.4.28 through 9.1.16 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10294
SHA-256 | 06530afdb4c44f4ac3c0b4515fc745c604a661b62d3a009b336669c7ff9bfefb
Debian Security Advisory 4187-1
Posted May 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2015-9016, CVE-2017-0861, CVE-2017-13166, CVE-2017-13220, CVE-2017-16526, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-18017, CVE-2017-18203, CVE-2017-18216, CVE-2017-18232, CVE-2017-18241, CVE-2017-5715, CVE-2017-5753, CVE-2018-1000004, CVE-2018-1000199, CVE-2018-1066, CVE-2018-1068, CVE-2018-1092, CVE-2018-5332, CVE-2018-5333, CVE-2018-5750, CVE-2018-5803, CVE-2018-6927, CVE-2018-7492
SHA-256 | e47605adb85ececbd4ae2974c9376652991663a139c1e597e8d245b3700d48a9
Slackware Security Advisory - mozilla-firefox Updates
Posted May 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | b494f05ed9a35591f44777c8963b8773ab29cff1382fb4c5a02794038fc07ffe
Slackware Security Advisory - libwmf Updates
Posted May 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-0941, CVE-2006-3376, CVE-2007-0455, CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3477, CVE-2009-3546, CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696, CVE-2016-10167, CVE-2016-10168, CVE-2016-9011, CVE-2016-9317, CVE-2017-6362
SHA-256 | e36e4f72eb165ba8766f63e12181c95dca942d5b1f2756db4eedb949f09b3bc5
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close