This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8fDebian Linux Security Advisory 4163-1 - It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.
3fece1677cfb826015a103052e62ca45ac5a9ceb696632f41906192942570f50Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.
65f8a0d0aab5a2c6072e2706dcbe72635130ec35592468e4424476e34701f86fUbuntu Security Notice 3613-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
928013bd5e1ee1d64cc4573070b7f35cde515ccf144ffe9f8098bc389a7993d3Wi-Fi Protected Access (WPA and WPA2) allows re-installation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
3fde9377ed3b41ddea90371b60b3d05b2204d2683198fbcab8cd5b1e3776aaa3ShoprLynx version 9.2.3 suffers from an insecure file permissions vulnerability.
e362c0fdeab4aa963f6d3d8e506c6aab6089a896ea133ec97cb690904febaaceOpenCMS version 10.5.3 suffers from a cross site request forgery vulnerability.
84469fe852f9d6f4971d524232b31b0a4cba522491047c40d096c683fb691aeaOpenCMS version 10.5.3 suffers from a cross site scripting vulnerability.
4f095bb724fa8f4604f38b620e3786cd239c7da362337cb2c9ee97b610f5e404This archive contains all of the 149 exploits added to Packet Storm in March, 2018.
71771db4bbf6cafbfb21fb4a9ecf8f271a0382abab4130979bb2a238430a3c2cSecutech RiS-11/RiS-22/RiS-33 version 5.07.52_es_FRI01 remote DNS changer proof of concept exploit.
66b4d40310e015f02050ba629ca94d214670eab09db9aec79b5f331b07ba3234Ubuntu Security Notice 3587-2 - USN-3587-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
c1f6d6e6682487d0c9dcfa66fa41c4337fa8d5078553630d242b82e7cbd1dc0dDebian Linux Security Advisory 4160-1 - It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
9eaa66293fda7fa8042a915427c6ee38ac9809f1c6a5a55487cf94548b5b9f7aIfchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
94a86b57df925c74b1a5b9955b8844d13c666e34bcd266915a8d7858206c495bThis is a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.
fc5f907db7dcd23c2e6445c581a2f27b7cef8a195847fe0d6c060e93892e6cc0WampServer version 3.1.2 suffers from a cross site request forgery vulnerability.
a61fd8d4b853201a8bbcbab7fb2f6882611630adb4c48116300c0c51b0e7bf12WebLog Expert Enterprise version 9.4 suffers from a privilege escalation vulnerability.
3346dbee613df2f8df502bbfbd82ef8b54562fd90c2c7aa62a6f03b938b6b862IBM Virtual Security Operations Center (VSOC) suffers from a cross site scripting vulnerability.
7c759331e428cec81e550f4a974a9bfce4235b230901e6a5f088e75e3bb78851
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed