what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2018-09-18

Solaris libnspr NSPR_LOG_FILE Privilege Escalation
Posted Sep 18, 2018
Authored by Marco Ivaldi, Brendan Coles | Site metasploit.com

This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).

tags | exploit, arbitrary, x86, root
systems | solaris
advisories | CVE-2006-4842
SHA-256 | b57db71ccf98d02c8a379232fc9a6d979e01cb2fa202952f06f55019b37e8722
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS
Posted Sep 18, 2018
Authored by Larry W. Cashdollar

WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2018-1002001
SHA-256 | 876e35305620fc31c8d2c65c203d9b3764e3c9d842428decfbf08fdaeaf1bd41
Apple Security Advisory 2018-9-17-3
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-3 - tvOS 12 is now available and addresses interception issues.

tags | advisory
systems | apple
advisories | CVE-2016-1777, CVE-2018-4305, CVE-2018-4313, CVE-2018-4363, CVE-2018-5383
SHA-256 | 420ff5219701ebce879fde0b3d90e42c8553a761f22e27272df9fd92641948df
Apple Security Advisory 2018-9-17-2
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-2 - watchOS 5 is now available and addresses validation issues.

tags | advisory
systems | apple
advisories | CVE-2016-1777, CVE-2018-4305, CVE-2018-4313, CVE-2018-4363
SHA-256 | 8d2a517d95f6bd4e577c084b95152cbe4ff39acb8e458c103150e0a0255cab78
Apple Security Advisory 2018-9-17-5
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-5 - Apple Support 2.4 for iOS is now available and addresses a data interception issue.

tags | advisory
systems | apple, ios
advisories | CVE-2018-4397
SHA-256 | d7eb334b8db8b9f785ee15a0a7f48bd73e0aa7ed5fc1f1604344776046820156
Apple Security Advisory 2018-9-17-4
Posted Sep 18, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-9-17-4 - Safari 12 is now available and addresses browser history deletion and user interface spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
systems | apple
advisories | CVE-2018-4195, CVE-2018-4307, CVE-2018-4329
SHA-256 | 7b0493b95cb6b9aa19eaf249f0ba052a0be69a3c31cc656dfde85dd414104f89
Red Hat Security Advisory 2018-2715-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2715-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-14635
SHA-256 | 3698c6f413b5b58d8e8194bbbf419e38df3811d406eac6aa127d29a08f1f004d
Red Hat Security Advisory 2018-2714-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2714-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-18191
SHA-256 | 842f3cd94f5e21ca8717710a120b344f86bd97e45ba420c50f70113dde8d66b8
Red Hat Security Advisory 2018-2710-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2710-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-14635
SHA-256 | 712a4be54329d9fcc1577015595a73af373682ad9e043dc337453712f433ea8f
Red Hat Security Advisory 2018-2713-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2713-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
SHA-256 | 16c2056d090785be8a94fc1a5ad4fcf383eef85c7a47bbb4b6f442c4d6911e12
Red Hat Security Advisory 2018-2712-01
Posted Sep 18, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2712-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-12539, CVE-2018-1517, CVE-2018-1656, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973
SHA-256 | c8a03a3a1708949badb7bfd4cd2fbbefbe52f94fd0a925b5c38d1b9cccdc80ef
Debian Security Advisory 4296-1
Posted Sep 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

tags | advisory, cryptography, vulnerability
systems | linux, debian
advisories | CVE-2018-0497, CVE-2018-0498
SHA-256 | 5d3485e58aed10ea74809fdebbda1ff43b8d5d7612ae0a1b4170ddacd18b3b58
Rollup 18 For Microsoft Exchange Server 2010 SP3 Server-Side Request Forgery
Posted Sep 18, 2018
Authored by Alphan Yavas

Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.

tags | advisory
advisories | CVE-2018-16793
SHA-256 | 21c4cf2557cdae57096b76c2fb41d1b4ed8b3452e40921277e40d601c4b580da
QBee MultiSensor Camera 4.16.4 Cookie Reuse
Posted Sep 18, 2018
Authored by Francesco Servida

QBee MultiSensor Camera versions through 4.16.4 suffer from a cookie reuse vulnerability. Swisscom Home App products are also affected.

tags | advisory
advisories | CVE-2018-16225
SHA-256 | 395cd48b4a5259628c5c2ef65d18f9ea29602caac6159d66264f973c1064f529
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.

tags | exploit
advisories | CVE-2018-8384
SHA-256 | 4e5a6b1c1ad36809123bcb9eced0fa48ac450dae86ec04c8b0efbd7b86c77fd8
Microsoft Edge Chakra JIT localeCompare Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.

tags | exploit
advisories | CVE-2018-8355
SHA-256 | 78f38be2f2306af460f7ceb3b4272fa71d5e515678096e5f3e5ef2769afdf332
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close