exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2018-02-06

Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Feb 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2017-5715
SHA-256 | cec4318e6170cf890d70887ea261d7b817e29df36602bfbfb364e75cb35456bb
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
Posted Feb 6, 2018
Authored by Core Security Technologies, Leandro Barragan | Site coresecurity.com

Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
SHA-256 | 1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6
WINCVS 2009R2 DLL Hijacking
Posted Feb 6, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WINCVS 2009R2 suffers from a dll hijacking vulnerability.

tags | exploit
advisories | CVE-2018-6461
SHA-256 | 8f24b2af32b71ac5cad26d01ac20c481556848daf3e3aafa9f3ff1d2ac88d55a
Android KeyStore Permission Bypass
Posted Feb 6, 2018
Authored by Google Security Research, laginimaineb

The keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.

tags | exploit, bypass
advisories | CVE-2017-13236
SHA-256 | 6ed0443148f7bc7399d221b938f4d9d513e62f7eb29fc37ea0cebb2f098bfa44
Ubuntu Security Notice USN-3558-1
Posted Feb 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3558-1 - Karim Hossen and Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2017-15908, CVE-2018-1049
SHA-256 | 40ed4bd213d015adbf8700ceb28be23886b7e4626e9bc4280f7438442773262b
Ubuntu Security Notice USN-3550-2
Posted Feb 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3550-2 - USN-3550-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
SHA-256 | 5918cb04624e965f38645c52470749fb78cd680dfe835943d724453aaf530d4e
Red Hat Security Advisory 2018-0279-01
Posted Feb 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0279-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb100-mariadb. Security Fix: A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2016-5617, CVE-2016-6664, CVE-2017-10268, CVE-2017-10286, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3302, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653
SHA-256 | a10d4430b1563b65dc84a124006aca5c1d2734452706c7bcb08d3153a5a71b6d
Grammarly Auth Token Exposure
Posted Feb 6, 2018
Authored by Tavis Ormandy, Google Security Research

The Grammarly chrome extension (approximately ~20M users) exposes it's auth tokens to all websites, therefore any website can login to grammarly.com as you and access all your documents, history, logs, and all other data.

tags | advisory
SHA-256 | 38a9c89eebeb3e6644a94f0e937ee633297f223f24e55bd0ad56fef9c72d79e0
Joomla! Zh GoogleMap 8.4.0.0 SQL Injection
Posted Feb 6, 2018
Authored by Ihsan Sencan

Joomla! Zh GoogleMap component version 8.4.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6582
SHA-256 | 156a0f30432833d2d13808081a86b78538af7bbfeedc0b3b7593d9f2505b4ec1
Joomla! Zh YandexMap 6.2.1.0 SQL Injection
Posted Feb 6, 2018
Authored by Ihsan Sencan

Joomla! Zh YandexMap component version 6.2.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6604
SHA-256 | 3d5a35cd6aab360d7b470fbb1dd739a5d2476b6bacee591c07a9a2da01a8b343
Joomla! Zh BaiduMap 3.0.0.1 SQL Injection
Posted Feb 6, 2018
Authored by Ihsan Sencan

Joomla! Zh BaiduMap component version 3.0.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6605
SHA-256 | a00f36cdfaab918e95944d358ef0516fd1d2d32dbdaaa1d255ce39aed539bf35
Joomla! JSP Tickets 1.1 SQL Injection
Posted Feb 6, 2018
Authored by Ihsan Sencan

Joomla! JSP Tickets component version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-6609
SHA-256 | 6a7cf1d3a183c2f24dac40f52aaba18889b6f68de25ac61ebe7c7b16f2084a79
WordPress Core Denial Of Service
Posted Feb 6, 2018
Authored by Ali Razmjoo

WordPress load-scripts.php denial of service exploit.

tags | exploit, denial of service, php
advisories | CVE-2018-6389
SHA-256 | 4ff182338afde73dcc6721be907a2609bb13e9d8d91a21ef22853cc21b636785
Wall Of Sheep 2018 Call For Presentations
Posted Feb 6, 2018
Authored by Ming

The Wall of Sheep would like to announce a call for presentations at DEF CON 26 at the Caesars Palace in Las Vegas, NV from Thursday, August 9th to Sunday, August 12th, 2018.

tags | paper, conference
SHA-256 | 2030babf1e02f845127878477c4e58685b1612241b63eaa61139c1447eb61b0a
EuskalHack Security Congress III Call For Papers
Posted Feb 6, 2018
Site euskalhack.org

EuskalHack Security Congress Third Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this third edition. The participants include specialized companies, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. This conference will be held June 22nd and 23rd, 2018 in Donostia, San Sebastian.

tags | paper, conference
SHA-256 | 8ad7941f17ed9f8d6b63bfec3eff21a1f1284e0e24cce27188de1aeb55ab701c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close