Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
8f605b925cb9d088e6b40181696d28707ac6043bd0a7ef4bf3c0a8ce56a7b349mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.
5cde5e7365b154e8262b6205e6637682d79c5af218b7b7eaba96caf20fd7870aMultiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.
a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066JD-HITB2018 Beijing CTF plus Finals of the 4th XCTF International League (XCTF Finals 2018) will take place on the 1st and 2nd of November alongside the first-ever HITB Security Conference in Beijing! Participate and stand a chance to win cash prizes worth up to USD 2000.
bb00326be0b6f8fd583292bdb4b09bcb27b5748af66c5d2b07679146b294f0b9Asterisk Project Security Advisory - There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker's request causes Asterisk to run out of stack space and crash.
999593047c91cf17e94b5126542d0b61c193e900ccb49dfceb842eb260de225fRed Hat Security Advisory 2018-2733-01 - The rubygem provided by rubygem-smart_proxy_dynflow is a plugin into Foreman's Smart Proxy for running Dynflow actions on the Smart Proxy. Issues addressed include a bypass vulnerability.
a201ba80cf41b2e8454a166980591a2ecbde6963da5fb580adcbd7b70154738fRed Hat Security Advisory 2018-2731-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.
23900b36cdff27082597e6b70d95158d686e8ecaf614d7da64a18af61ae12279Red Hat Security Advisory 2018-2732-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.
e264c5c96375ac322a07e6f5c765c7f66253865927998a86f539d0d07fd5f601Ubuntu Security Notice 3770-2 - USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Pedro Ribeiro discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
b7ae09b3b470437f185a3c58a0d7a633f23be3692d66752b8f69b0951720a0b8Red Hat Security Advisory 2018-2729-01 - Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service cloud running on commonly available physical hardware. Issues addressed include an insecure download vulnerability.
099815accdca69b86b216ad4677c25fe611f39ca5deb1d101545b1f0d25b3270Ubuntu Security Notice 3770-1 - Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Quang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
ac66e84eef2a9535a990bf633acdc293ebae38990675c4e6ffb4d2804d785b40Ubuntu Security Notice 3769-1 - It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.
2609751ad3d2ba094fda13f609fccd10b8f3b9da0ef7f0ab8bd42f92baf2b53eThere is a use-after-free vulnerability in VP9 processing in WebRTC.
3de9dfbe45b600a81bef11b3e0c8dba9d10f8c1083af8613355a70d4f24ad53fThere is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.
39793d38c3a29b7600f62812e46288144c0f4fffd5e5f5bc792d95d84c28a362NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.
ebc728c2e47eea683b7fea5f92f87087497f0e4f257154434f811ff73dfb04f2ManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
4b6a4ea76848ab6114a56a416f3fbcbcf9f30c0019d583b5a31c9da234e2a04f27 bytes small Linux/x86 egghunter (0x50905090) + sigaction() shellcode.
0540d3ce5c8ce0a0b7d747d4e9371ba9e0ef21403e57c4eac0bc6d3477425a63Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.
403d589cc6a5ea07271b82c1735eb2b83f8bd8d26b73314ba14ca09778438e33
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed