what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2019-02-18

Red Hat Security Advisory 2019-0367-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0367-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-0739, CVE-2018-1000168, CVE-2018-11759, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333
SHA-256 | 7fc6ff287841b94de3a16d48a7a29e072b8a385a22fc3abffb52431844efbda6
Ubuntu Security Notice USN-3891-1
Posted Feb 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3891-1 - It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-6454
SHA-256 | 0339a4b6bd2cb6bb7568dd845c47138a60750bc8ad7030a395a499ca3c392eb6
Ubuntu Security Notice USN-3850-2
Posted Feb 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
SHA-256 | 7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473
Red Hat Security Advisory 2019-0365-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0365-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, xss
systems | linux, redhat
advisories | CVE-2018-1000632, CVE-2018-10934, CVE-2018-14642
SHA-256 | 6e0db3fe2f3f38836bb6573608efad79fe56089340c18ecdc05321a13b97597d
Red Hat Security Advisory 2019-0361-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0361-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16864, CVE-2018-16865
SHA-256 | a5a8677c8603e96cdd87eb005aaaf0c1f9ed17b0b6b3a027414690708ca0df13
Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read
Posted Feb 18, 2019
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in AlternateSubstitutionSubtable::process.

tags | exploit, java
SHA-256 | 711068adf214eb589d571d06d8497f1cfb5051a638536518b30c31c08d5d0231
Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read
Posted Feb 18, 2019
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in ExtractBitMap_blocClass.

tags | exploit, java
SHA-256 | c633eac93bf0e7c462b6b00a53b37cc8e7ff75a886777b884ba9d2a9adddd340
Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read
Posted Feb 18, 2019
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in OpenTypeLayoutEngine::adjustGlyphPositions.

tags | exploit, java
SHA-256 | 8072fd67d9119178fb46d344eb4a8fda71b6df05c2e1c3da919b750402bf6b0d
Oracle Java Runtime Environment OpenType Font Heap Out-Of-Bounds Read
Posted Feb 18, 2019
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of OpenType fonts.

tags | exploit, java
SHA-256 | 4d8d5ca2f36f83581e05d720df16bb20df75234f7e22c3f5f23ea14ed72874eb
HTMLy 2.7.4 Cross Site Scripting
Posted Feb 18, 2019
Authored by Omar Kurt | Site netsparker.com

HTMLy version 2.7.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-8349
SHA-256 | 5a0e6ad8f0731b3065fd79409e57a51988630faa8088ba321276e393f8e43929
Comodo Dome Firewall 2.7.0 Cross Site Scripting
Posted Feb 18, 2019
Authored by Ozer Goker

Comodo Dome Firewall version 2.7.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a92833378080dfd78664c2b360148fb3735ab98a8a408748ac9e77ec9014cc9e
macOS TCP/4444 Bind Shell Null Free Shellcode
Posted Feb 18, 2019
Authored by Ken Kitahara

123 bytes small macOS TCP/4444 /bin/sh binding null free shellcode.

tags | tcp, shellcode
SHA-256 | 2ae279dcca014cf3fb5d2a1caa2873885ccfdbaea4d0012dccab31d215c3a810
Debian Security Advisory 4388-2
Posted Feb 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4388-2 - Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
SHA-256 | b43a3f2f313bf01fb7950f72211f33e520a48661914365cf7e3ca80f5ae831c5
Master IP CAM 01 3.3.4.2103 Remote Command Execution
Posted Feb 18, 2019
Authored by Raffaele Sabato

Master IP CAM 01 version 3.3.4.2103 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2019-8387
SHA-256 | d4835f4008493fb981a289512401ccbca524365b3c2b147e4f87931b9834929d
ArangoDB Community Edition 3.4.2-1 Cross Site Scripting
Posted Feb 18, 2019
Authored by Ozer Goker

ArangoDB Community Edition version 3.4.2-1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aee24f10569d33e88aa79925ddd679cb7cfe662f38779e70e85a751c56d43a63
qdPM 9.1 Cross Site Scripting
Posted Feb 18, 2019
Authored by Mehmet Emiroglu

qdPM version 9.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-8390, CVE-2019-8391
SHA-256 | 695024bcdea254b0592b99bd9b63b1eec7e0fc742b5f5644d8bfef42062983ec
Apache CouchDB 2.3.0 Cross Site Scripting
Posted Feb 18, 2019
Authored by Ozer Goker

Apache CouchDB version 2.3.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 254a41d5efcfb8e353d98e826e4ea9db25e1337b6a73870abb1e55158dee2698
CMSsite 1.0 post.php SQL Injection
Posted Feb 18, 2019
Authored by Mr Winst0n

CMSsite version 1.0 suffers from a remote SQL injection vulnerability in post.php. This version of the software has been known to have SQL injection vulnerabilities since 2010.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 520d54ec30d8845249e3443a9a454bb3a21871ab47483c383f7426cc6179870b
mIRC Remote Command Execution
Posted Feb 18, 2019
Authored by Baptiste Devigne, Benjamin Chetioui

mIRC versions prior to 7.55 suffer from a remote command execution using argument injection through custom URI protocol handlers.

tags | exploit, remote, protocol
advisories | CVE-2019-6453
SHA-256 | 6f1c40c614535f927e40939d24ffe9b2e0da77480bb7fc7d0d3e5f38d8b8cf45
Digi TransPort LR54 Restricted Shell Escape
Posted Feb 18, 2019
Authored by Stig Palmquist

Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell.

tags | exploit, shell, root, bypass
advisories | CVE-2018-20162
SHA-256 | 838b664bf9b3618f4f631fc67191bcc847222a289937e69e4532983b25620156
Realterm Serial Termianl 2.0.0.70 Buffer Overflow
Posted Feb 18, 2019
Authored by Alejandra Sanchez

Realterm Serial Terminal version 2.0.0.70 local buffer overflow SEH exploit.

tags | exploit, overflow, local
SHA-256 | 5a7dc8b374faa259272cbfd4f7c08b6f381ae5cfbddb3015c6ec566ab45bfd5a
Debian Security Advisory 4392-1
Posted Feb 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, debian
advisories | CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2018-18509, CVE-2019-5785
SHA-256 | 4c871fbac5c3ba2c4e1350c97e650c929c2ea4bcb6654865928a2d98f8192768
MISP 2.4.97 SQL Injection / Command Injection
Posted Feb 18, 2019
Authored by Tm9jdGlz

MISP version 2.4.97 suffers from SQL command execution via command injection in the STIX module.

tags | exploit, sql injection
advisories | CVE-2018-19908
SHA-256 | 7811b39328165265cb2aa54957fa6ff771eb36c20405170ff7465a76d6933941
macOS execve(/bin/sh) Null Free Shellcode
Posted Feb 18, 2019
Authored by Ken Kitahara

31 bytes small macOS execve(/bin/sh) null free shellcode.

tags | shellcode
SHA-256 | 020c83d8d534ce8b9582c5dc0959895b312347181b8dc1d0fea9d37d1498fc43
macOS TCP Port 4444 IPv6 Shellcode
Posted Feb 18, 2019
Authored by Ken Kitahara

129 bytes small macOS TCP/4444 binding IPv6 shellcode.

tags | tcp, shellcode
SHA-256 | d10f577bae02e2cd55160cc316fbbb711090e08106dd836f13a6c650be8fa06b
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close