exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2018-01-18

cryptmount Filesystem Manager 5.2.4
Posted Jan 18, 2018
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Minor updates to documentation and debian packaging. Patched to support cryptsetup-2.x. Updated to automake-1.15.
tags | tool, kernel, encryption
systems | linux
SHA-256 | dba85064377b53015602e2b422faafdefe0c2b8576d25a235906baf6066c57e6
Lynis Auditing Tool 2.6.0
Posted Jan 18, 2018
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Binary paths are now sorted. Greek language added. systemd detection improved. VirtualBox detection extended. Several code enhancements.
tags | tool, scanner
systems | unix
SHA-256 | 3109579e41aa64caff3257beac21ca0db2ac2dc0d1e660fa3515fd9b032b92ef
Primefaces 5.x Remote Code Execution
Posted Jan 18, 2018
Authored by Bjoern Schuette | Site metasploit.com

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

tags | exploit, remote, cryptography, code execution
advisories | CVE-2017-1000486
SHA-256 | 1576a80eac33112b71d8bbd0634e95d85cce414c2c6d818929631b980862b580
Falco 0.9.0
Posted Jan 18, 2018
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Fixed driver incompatibility problems with some linux kernel versions that can disable pagefault tracepoints. Fixed OSX Build incompatibility with latest version of libcurl.
tags | tool, intrusion detection
systems | unix
SHA-256 | f2dd76ebdcf5c7501f6aeaee09b06508b15996cd887cf7efff67eccf43b6188b
glibc getcwd() Local Privilege Escalation
Posted Jan 18, 2018
Authored by halfdog

glibc suffers from a getcwd() local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-1000001
SHA-256 | b441728a6b8ed19a7661442e1bc22c727e93a78e559d6c68e57e3d8ca1f50f52
GitStack 2.3.10 Remote Code Execution
Posted Jan 18, 2018
Authored by Kacper Szurek

GitStack version 2.3.10 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | a91155d4a07456c807cade69e73f702f36305cb7310a3f143e16efc9df4976ca
Oracle JDeveloper IDE Directory Traversal
Posted Jan 18, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Oracle JDeveloper IDE suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-10273
SHA-256 | 1d176bdbee49ba892cf19cf1e3798bd83c3a891b6a5e40b040c9740c38088530
Positive Hack Days VIII Call For Papers
Posted Jan 18, 2018
Site phdays.com

Call For Papers for Positive Hack Days VIII which will take place in Moscow, Russia.

tags | paper, conference
SHA-256 | 19547b03d1faabb364a268b310bbb1daebc93a7ee596c2dc2da0cd343dd3f791
HPE Security Bulletin HPESBHF03805 5
Posted Jan 18, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03805 5 - On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. Revision 5 of this advisory.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 4eadee5be89a39d53f2cbae37a746c713295e463929a44b449e70ab8f214c346
Slackware Security Advisory - bind Updates
Posted Jan 18, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-3145
SHA-256 | b01cd887f6d3b6900903b688eb5fefc894e09f2c99a2415411638b25be0e61b3
HPE Security Bulletin HPESBMU03806 1
Posted Jan 18, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBMU03806 1 - A potential security vulnerability has been identified in HPE IceWall Products. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information or unauthorized modification. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2017-8978
SHA-256 | 39800736e4c67dc7857274fc348d25fe796ff008b59eafbd259c6bf1a6a39657
HP Security Bulletin HPSBGN02925 3
Posted Jan 18, 2018
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02925 3 - Potential security vulnerabilities have been identified with HP IceWall SSO, IceWall File Manager and IceWall Federation Agent. The vulnerabilities could be exploited remotely resulting in unauthorized access. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-4817, CVE-2013-4818, CVE-2013-4819, CVE-2013-4820
SHA-256 | 58327b2f8053c28f31e6ebd4c63a93b76f22bc91d91ff5f9e21c03b7fca5392d
Debian Security Advisory 4090-1
Posted Jan 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4090-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks, as well as bypass some access restrictions.

tags | advisory, remote, web, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2017-16510, CVE-2017-17091, CVE-2017-17092, CVE-2017-17093, CVE-2017-17094, CVE-2017-9066
SHA-256 | f07361ccb27ae461cfa009b68836ce5e2b954133423a01321e3a373c3b8cac45
Smiths Medical Medfusion 4000 DHCP Denial Of Service
Posted Jan 18, 2018
Authored by Scott Gayou

Smiths Medical Medfusion 4000 suffers from a dhcp related denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-12718
SHA-256 | db60cda960b1b42311d58b90ad68304a4e23a518f350cea748358a37108736b5
macOS 10.13 Kernel Memory Disclosure
Posted Jan 18, 2018
Authored by Google Security Research, Ian Beer

macOS version 10.13 suffers from a kernel memory disclosure due to lack of bounds checking in AppleIntelCapriController::getDisplayPipeCapability.

tags | exploit, kernel
advisories | CVE-2017-13878
SHA-256 | fb130620dcdb600a2ebb81e91fb99499f91f82761f79a1fbcc6eee1ab19cfe5d
Microsoft Edge Chakra JIT ImplicitCallFlags Update Bugs
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from multiple ImplicitCallFlags update bugs with RegExp.

tags | advisory
SHA-256 | 1065d508c4c171929a6a28da29e0732150a4065e2c0f01b1c745e4d3632f85ac
Red Hat Security Advisory 2018-0095-01
Posted Jan 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0095-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
SHA-256 | 9a9ead0be0c0b8603f1341e6ae2cc4afc54e6876629a31bc348d58a8e1be5ea7
Ubuntu Security Notice USN-3536-1
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3536-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000001
SHA-256 | b8e54aa839f1953cae81c827296bd6d411bf14b4a0889c2311ae75dee2b376e7
Ubuntu Security Notice USN-3535-2
Posted Jan 18, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3535-2 - USN-3535-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-3145
SHA-256 | fc2e2628b67be6d63e94406b27aba206b799baf71520b2c5c09b6a0aad5fffa0
Microsoft Edge Chakra AsmJSByteCodeGenerator::EmitCall Call Handling
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an AsmJSByteCodeGenerator::EmitCall call handling bug.

tags | exploit
advisories | CVE-2018-0780
SHA-256 | 7852e6e6b74797631b260388f45157c223bcb66924df196f3379c451cad2773b
Microsoft Edge Chakra JIT Loop Analysis Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a loop analysis bug that can perform an out-of-bounds write.

tags | exploit
advisories | CVE-2018-0777
SHA-256 | 3e5ec999eb8d74a1dbd4ccc9bb26b52067a006e4c7f4e4f43a4a999f1cef8d51
Microsoft Edge Chakra JIT Stack-To-Heap Copy Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a stack-to-heap copy bug.

tags | exploit
advisories | CVE-2018-0776
SHA-256 | a1676ee18b08a013b47916fe92086dcbe4bcd51909427cb9e5b3b106e5024a96
Microsoft Edge Chakra Deferred Parsing
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Egde Chakra deferred parsing makes wrong scopes.

tags | exploit
advisories | CVE-2018-0775
SHA-256 | 4cb0d080415b639ddd74d96d80870142fd089f172bcbeab6ff378835a5252ed9
Docker Sudo Privilege Escalation
Posted Jan 18, 2018
Authored by Pype

If a user has sudo permissions to /usr/bin/docker, it can be leveraged to escalated privileges to root.

tags | exploit, root
SHA-256 | a181d17e97674635831b162ae57ef255badec70a2f142f2bfd18ed1903842ef8
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close