Workable Zone version 1.1 human resource management system suffers from a database backup disclosure vulnerability.
f152896bb9451cca79e595d9479c40bd735cbf7beaa244031994f0fc9fece909
WBiz Desk version 1.0 suffers from a remote SQL injection vulnerability.
751cff97e8fb904a13f9e41dbbc37b857501c631f5985da59e3a9fc8ef9b9551
This is a whitepaper that discusses pivoting attacks with Metasploit. Pivoting is a technique using a compromised system to attack other systems on the same network. Consider a scenario where there is some juicy information hosted inside a local network and there is only one system which is connected to internet. In this scenario, an attacker can compromise the system which is connected to internet and then use that particular compromised system in-order to test or attack other systems in the same network which are only accessible via local network.
33ab5236cd107568dfd2b0fa53e275b3fac5c53227e58d23cc60eab82d6b07e7
NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user.
6ec13406baf539fb83adb212bb192015cc4af93e431d8bb3179d2f34e0475af2
Ubuntu Security Notice 3541-2 - USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.
2bef15d9aab879db3d94b78df252a16c484d98fb8517c35ea9b7de0028cfbf25
Ubuntu Security Notice 3542-2 - USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures. Various other issues were also addressed.
a5579a936801baabe3460bc2e48834a6ab0a14e5d31755f278f7a027f1791f71
Ubuntu Security Notice 3540-2 - USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. Various other issues were also addressed.
ce51b009896d4900774ac27226430b092f1073e8c79d9cade04851689abf372e
Ubuntu Security Notice 3542-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 and amd64 architectures.
b12b48631c56243ecfc30601e84102d06bd0a8d8e6da80f8a98a135248e58338
Ubuntu Security Notice 3541-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3523-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.
9ef5f1ad161688fa3074930ceff911d09b626e952bdc2ea98c50ee76345ffbc1
Ubuntu Security Notice 3540-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 , amd64, ppc64el, and s390x architectures. USN-3522-1 mitigated CVE-2017-5754 for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Various other issues were also addressed.
57dfc7847333c830d6ea9ae92ea7e78da0ee06b911204eebab292ebc07143d84
Red Hat Security Advisory 2018-0115-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 181. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a282016f6ca8ca2c34b370151c16fa7d27f3526cc5f5974a70c432afe358a6b5
Ubuntu Security Notice 3539-1 - It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code.
3641dd9bb53edd38c2a51f004e4ad926b0b6156f946c2ee3e0373eedd2561f61
Ubuntu Security Notice 3538-1 - Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
964c48c0439d989a11cbdd7601e6770b0c099bed3a91031d5cd9afb0716a4b35
The Academic Microsoft API query filter suffers from cross site scripting vulnerabilities.
315383ba3e443caa8589754c91b95a8a02f5b8a130671657e14cbdfe748ada1b
Endonesia version 8.7 suffers from a remote SQL injection vulnerability.
86d46eae5d92c1869555ae2d2ad2461b86db9336c85bbe49f952ec7dbb7bf036
Blizzard's agent rpc authentication mechanism is vulnerable to DNS rebinding attacks.
01e7bdf4703d545404b5ea8d6c13d0e9fc1c4e0a98a205904426f38fbc152873
77 bytes small Linux/x86 ROT-N + Shift-N + XOR-N encoded /bin/sh shellcode. Tested on Ubuntu 12.04.5 LTS.
37eab53116dad029b3e132f9ddd79388f3daaa216b180a34c2c0414d96469e33