jetlib.sec

Feeds

232880 items (0 unread) in 27 feeds

• 0day.today (was: 1337day, Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Recent items

• May 17, 2018
• 7:01

  Review: FG-100 DDS Function Generator

   » ‎ Hack a Day

  I don’t have a signal generator, or more specifically I don’t have a low frequency signal generator or a function generator. Recently this fact collided with my innocent pleasure in buying cheap stuff of sometimes questionable quality. A quick search of your favourite e-commerce site and vendor of voice-controlled internet appliances turned up an FG-100 low frequency 1Hz to 500kHz DDS function generator for only £15 ($21), what was not to like? I was sold, so placed my order and eagerly awaited the instrument’s arrival.

  The missing function generator is a gap in the array of electronic test instruments on …read more

  Tags:  featured  

• 4:12

  #0daytoday #Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Vulnerability [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Vulnerability [#0day #Exploit]

  Tags:   

• 4:10

  #0daytoday #Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit CVE-2018-11094 [webapps #exploits #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit CVE-2018-11094 [webapps #exploits #0day #Exploit]

  Tags:   

• 4:07

  #0daytoday #NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Vulnerabilities [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Vulnerabilities [#0day #Exploit]

  Tags:   

• 4:00

  Open Gaming To Everyone With A Controller Meant To Be Hacked

   » ‎ Hack a Day

  Gaming controllers have come a long way from an Atari 2600’s single button and digital joystick. As games grew more sophisticated, so did the controllers. This development had a dark side – controllers’ growing complexity have made it increasingly difficult for different-abled bodies to join in the fun. Microsoft has extended an invitation to this audience with their upcoming Xbox Adaptive Controller.

  Creative minds have been working on this problem for a while, building an ecosystem of controller hacks to get more people into gaming. These projects require solving problems in two broad categories: the first is to interface with …read more

  Tags:  games  

• 2:46

  [slackware-security] curl (SSA:2018-136-01)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 17

  [slackware-security] curl (SSA:2018-136-01)
  
  New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
  fix security issues.
  
  Here are the details from the Slackware 14.2 ChangeLog:
  +--------------------------+
  patches/packages/curl-7.60.0-i586-1_slack14.2.txz: Upgraded.
  This release contains security fixes:
  FTP: shutdown response buffer overflow
  RTSP: bad headers buffer over-read
  For more information, see:...
  

  Tags:   

• 2:38

  [slackware-security] php (SSA:2018-136-02)

   » ‎ Bugtraq

  Posted by Slackware Security Team on May 17

  [slackware-security] php (SSA:2018-136-02)
  
  New php packages are available for Slackware 14.0, 14.1, and 14.2 to
  fix security issues.
  
  Here are the details from the Slackware 14.2 ChangeLog:
  +--------------------------+
  patches/packages/php-5.6.36-i586-1_slack14.2.txz: Upgraded.
  This fixes many bugs, including some security issues:
  Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  stream filter convert.iconv leads to infinite loop...
  

  Tags:   

• 1:00

  Long PCB Shows Effects of Ludicrous Speed

   » ‎ Hack a Day

  Transmission lines can seem like magic. When you make use of them it seems strange that a piece of wire can block or pass certain frequencies. It is less common to use transmission lines with pulses and typically your circuit’s transmission line behavior isn’t all that significant. That is, until you have to move a signal a relatively long distance. [Robert Baruch] has been using a long PCB to test pulse behavior on a bus he’s working on. He actually has a few videos in this series that are worth watching.

  What makes it interesting is that [Robert] has enough …read more

  Tags:  tool hacks  

• 0:00

  Vuln: PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP CVE-2018-10547 Incomplete Fix Cross Site Scripting Vulnerability

  Tags:   

• 0:00

  Vuln: PHP CVE-2018-10545 Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  PHP CVE-2018-10545 Security Bypass Vulnerability

  Tags:   

• 0:00

  Vuln: PHP Multiple Security Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  PHP Multiple Security Vulnerabilities

  Tags:   

• 0:00

  Vuln: Xen CVE-2018-10981 Local Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Xen CVE-2018-10981 Local Denial of Service Vulnerability

  Tags:   

• May 16, 2018
• 22:00

  Arduino Star Tracker Raises the Bar

   » ‎ Hack a Day

  Proving that astrophotography doesn’t have to break the bank, [Gerald Gattringer] has recently documented his DIY “barn door” style star tracker which is built almost entirely from scratch. Short of the Arduino and stepper motor, all the components were either made by hand or are standard hardware store finds.

  The build starts with three aluminum plates which [Gerald] cut by hand with an angle grinder. He then drilled all the necessary screw holes and a rectangular opening for the threaded rod to pass through. He even used epoxy to mount a nut to the bottom plate which would eventually attach …read more

  Tags:  digital cameras hacks  

• 19:28

  [SECURITY] [DSA 4202-1] curl security update

   » ‎ Bugtraq

  Posted by Alessandro Ghedini on May 16

  -------------------------------------------------------------------------
  Debian Security Advisory DSA-4202-1 security () debian org
  https://www.debian.org/security/ Alessandro Ghedini
  May 16, 2018 https://www.debian.org/security/faq
  -------------------------------------------------------------------------
  
  Package : curl
  CVE ID : CVE-2018-1000301
  Debian Bug :...
  

  Tags:   

• 19:27

  CVE-2018-11101: Signal-desktop HTML tag injection variant 2

   » ‎ Bugtraq

  Posted by Alfredo Ortega on May 16

  Title: Signal-desktop HTML tag injection variant 2
  
  Date Published: 2018-05-16
  
  Last Update: 2018-05-16
  
  CVE Name: CVE-2018-11101
  
  Class: Code injection
  
  Remotely Exploitable: Yes
  
  Locally Exploitable: No
  
  Vendors contacted: Signal.org
  
  Vulnerability Description:
  
  Signal-desktop is the standalone desktop version of the secure
  Signal messenger. This software is vulnerable to remote code execution
  from a malicious contact, by sending a specially...
  

  Tags:   

• 19:18

  SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

   » ‎ Bugtraq

  Posted by SEC Consult Vulnerability Lab on May 16

  SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
  =======================================================================
  title: XXE & XSS vulnerabilities
  product: RSA Authentication Manager
  vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
  fixed version: 8.3 P1 and later
  CVE number: CVE-2018-1247
  impact: High
  homepage: https://www.rsa.com...
  

  Tags:   

• 19:00

  Location Sharing with Google Home

   » ‎ Hack a Day

  With Google’s near-monopoly on the internet, it can be difficult to get around in cyberspace without encountering at least some aspect of this monolithic, data-gathering giant. It usually takes a concerted effort, but it is technically possible to do. While [Mat] is still using some Google products, he has at least figured out a way to get Google Home to work with location data without actually sharing that data with Google, which is a step in the right direction.

  [Mat]’s goal was to use Google’s location sharing features through Google Home, but without the creepiness factor of Google knowing everything …read more

  Tags:  google hacks  

• 17:00

  [webapps] NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

   » ‎ Exploit-DB
  NodAPS 4.0 - SQL injection / Cross-Site Request Forgery

  Tags:   

• 17:00

  [webapps] Intelbras NCLOUD 300 1.0 - Authentication bypass

   » ‎ Exploit-DB
  Intelbras NCLOUD 300 1.0 - Authentication bypass

  Tags:   

• 17:00

  [remote] Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

   » ‎ Exploit-DB
  Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

  Tags:   

• 17:00

  [webapps] SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass

   » ‎ Exploit-DB
  SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass

  Tags:   

• 17:00

  [webapps] Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

   » ‎ Exploit-DB
  Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

  Tags:   

• 17:00

  [dos] Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall

   » ‎ Exploit-DB
  Linux

  Tags:   

• 17:00

  [remote] Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

   » ‎ Exploit-DB
  Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)

  Tags:   

• 17:00

  [remote] Jenkins CLI - HTTP Java Deserialization (Metasploit)

   » ‎ Exploit-DB
  Jenkins CLI - HTTP Java Deserialization (Metasploit)

  Tags:   

• 16:00

  Prop WWII Machine Gun Courtesy of Home Depot

   » ‎ Hack a Day

  There’s perhaps nothing worse than working on a project and realizing you don’t have the part you need to complete it. You look through all your stuff twice, maybe three times, on the off chance it’s hiding somewhere. Perhaps even reach out to a few nearby friends to see if they might have something you can use. Forget local stores, what you need is so specific that nobody’s going to keep it in stock. You’re stuck, and now everything has to be put on hold.

  That’s precisely what happened to [Nathan Cragun] recently. He needed a Japanese Type 96 Light …read more

  Tags:  classic hacks  

• 15:38

  Julian Assange Said To Have Racked Up $5m Security Bill For Ecuador

   » ‎ Packet Storm Security Headlines
  Julian Assange Said To Have Racked Up $5m Security Bill For Ecuador

  Tags:  headlinehackerbritaindata loss  

• 15:38

  Ex-CIA Man Named As Suspect In Vault 7 Leak

   » ‎ Packet Storm Security Headlines
  Ex-CIA Man Named As Suspect In Vault 7 Leak

  Tags:  headlinegovernmentusadata lossspywarecia  

• 15:38

  Senators Pass A Resolution To Restore Net Neutrality

   » ‎ Packet Storm Security Headlines
  Senators Pass A Resolution To Restore Net Neutrality

  Tags:  headlinegovernmentusa  

• 15:38

  Hacker Breaches Securus, The Company That Helps Cops Track Phones Across The US

   » ‎ Packet Storm Security Headlines
  Hacker Breaches Securus, The Company That Helps Cops Track Phones Across The US

  Tags:  headlinehackergovernmentprivacyphonespyware  

• 15:27

  Blue Team Training Toolkit (BT3) 2.7

   » ‎ Packet Storm Security Recent Files
  Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

  Tags:   

• 15:27

  Blue Team Training Toolkit (BT3) 2.7

   » ‎ Packet Storm Security Tools
  Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

  Tags:   

• 15:27

  Blue Team Training Toolkit (BT3) 2.7

   » ‎ Packet Storm Security Misc. Files
  Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

  Tags:   

• 15:24

  Ubuntu Security Notice USN-3646-2

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3646-2 - USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. Various other issues were also addressed.

  Tags:   

• 15:24

  Ubuntu Security Notice USN-3646-2

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3646-2 - USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. Various other issues were also addressed.

  Tags:   

• 15:24

  Ubuntu Security Notice USN-3646-2

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3646-2 - USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. Various other issues were also addressed.

  Tags:   

• 15:24

  Red Hat Security Advisory 2018-1575-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1575-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.

  Tags:   

• 15:24

  Red Hat Security Advisory 2018-1575-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1575-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.

  Tags:   

• 15:24

  Red Hat Security Advisory 2018-1575-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1575-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a code execution vulnerability.

  Tags:   

• 15:20

  RSA Authentication Manager XML Injection / Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  RS Authentication Manager versions prior to 8.3 P1 suffer from cross site scripting and XML external entity injection vulnerabilities.

  Tags:   

• 15:20

  RSA Authentication Manager XML Injection / Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  RS Authentication Manager versions prior to 8.3 P1 suffer from cross site scripting and XML external entity injection vulnerabilities.

  Tags:   

• 15:20

  RSA Authentication Manager XML Injection / Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  RS Authentication Manager versions prior to 8.3 P1 suffer from cross site scripting and XML external entity injection vulnerabilities.

  Tags:   

• 15:17

  Jenkins CLI HTTP Java Deserialization

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.

  Tags:   

• 15:17

  Jenkins CLI HTTP Java Deserialization

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.

  Tags:   

• 15:17

  Jenkins CLI HTTP Java Deserialization

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.

  Tags:   

• 15:14

  Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.

  Tags:   

• 15:14

  Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.

  Tags:   

• 15:14

  Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a malicious field value.

  Tags:   

• 15:10

  Signal Desktop HTML Tag Injection Variant 2

   » ‎ Packet Storm Security Exploits
  This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

  Tags:   

• 15:10

  Signal Desktop HTML Tag Injection Variant 2

   » ‎ Packet Storm Security Recent Files
  This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

  Tags:   

• 15:10

  Signal Desktop HTML Tag Injection Variant 2

   » ‎ Packet Storm Security Misc. Files
  This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3642-2

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3642-2 - USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Various other issues were also addressed.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3642-2

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3642-2 - USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Various other issues were also addressed.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3642-2

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3642-2 - USN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Various other issues were also addressed.

  Tags:   

• 15:09

  Ubuntu Security Notice USN-3649-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3649-1 - Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

  Tags:   

• 15:09

  Ubuntu Security Notice USN-3649-1

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3649-1 - Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

  Tags:   

• 15:09

  Ubuntu Security Notice USN-3649-1

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3649-1 - Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

  Tags:   

• 15:08

  MyBB Admin Notes 1.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  MyBB Admin Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:08

  MyBB Admin Notes 1.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  MyBB Admin Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:08

  MyBB Admin Notes 1.1 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  MyBB Admin Notes plugin version 1.1 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:07

  VirtueMart 3.1.14 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  VirtueMart version 3.1.14 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:07

  VirtueMart 3.1.14 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  VirtueMart version 3.1.14 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:07

  VirtueMart 3.1.14 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  VirtueMart version 3.1.14 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:06

  Ubuntu Security Notice USN-3648-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

  Tags:   

• 15:06

  Ubuntu Security Notice USN-3648-1

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

  Tags:   

• 15:06

  Ubuntu Security Notice USN-3648-1

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3648-1 - Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

  Tags:   

• 15:05

  Rockwell Scada System 27.011 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:05

  Rockwell Scada System 27.011 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:05

  Rockwell Scada System 27.011 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Rockwell Scada System version 27.011 suffers from a cross site scripting vulnerability.

  Tags:   

• 15:04

  Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Multiplayer BlackJack Online Casino Game version 2.5 suffers from a persistent cross site scripting vulnerability.

  Tags:   

• 15:04

  Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Multiplayer BlackJack Online Casino Game version 2.5 suffers from a persistent cross site scripting vulnerability.

  Tags:   

• 15:04

  Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Multiplayer BlackJack Online Casino Game version 2.5 suffers from a persistent cross site scripting vulnerability.

  Tags:   

• 15:03

  Horse Market Sell And Rent Portal Script 1.5.7 CSRF

   » ‎ Packet Storm Security Exploits
  Horse Market Sell and Rent Port Script version 1.5.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:03

  Horse Market Sell And Rent Portal Script 1.5.7 CSRF

   » ‎ Packet Storm Security Recent Files
  Horse Market Sell and Rent Port Script version 1.5.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:03

  Horse Market Sell And Rent Portal Script 1.5.7 CSRF

   » ‎ Packet Storm Security Misc. Files
  Horse Market Sell and Rent Port Script version 1.5.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:02

  Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution

   » ‎ Packet Storm Security Exploits
  Inteno IOPSYS version 2.0 - 4.2.0 p910nd suffers from a remote command execution vulnerability.

  Tags:   

• 15:02

  Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution

   » ‎ Packet Storm Security Recent Files
  Inteno IOPSYS version 2.0 - 4.2.0 p910nd suffers from a remote command execution vulnerability.

  Tags:   

• 15:02

  Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution

   » ‎ Packet Storm Security Misc. Files
  Inteno IOPSYS version 2.0 - 4.2.0 p910nd suffers from a remote command execution vulnerability.

  Tags:   

• 14:58

  vcftools 0.1.15 Out-Of-Bounds Read / Denial Of Service / Buffer Overflow

   » ‎ Packet Storm Security Advisories
  vcftools version 0.1.15 suffers from out-of-bounds read, denial of service, buffer overflow, and use-after-free vulnerabilities.

  Tags:   

• 14:58

  vcftools 0.1.15 Out-Of-Bounds Read / Denial Of Service / Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  vcftools version 0.1.15 suffers from out-of-bounds read, denial of service, buffer overflow, and use-after-free vulnerabilities.

  Tags:   

• 14:58

  vcftools 0.1.15 Out-Of-Bounds Read / Denial Of Service / Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  vcftools version 0.1.15 suffers from out-of-bounds read, denial of service, buffer overflow, and use-after-free vulnerabilities.

  Tags:   

• 13:49

  #0daytoday #Horse Market Sell &amp; Rent Portal Script 1.5.7 - Cross-Site Request Forgery V [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Horse Market Sell &amp; Rent Portal Script 1.5.7 - Cross-Site Request Forgery V [#0day #Exploit]

  Tags:   

• 13:09

  #0daytoday #RSA Authentication Manager 8.2.1.4.0-build1394922 / &lt; 8.3 P1 - XML External [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #RSA Authentication Manager 8.2.1.4.0-build1394922 / &lt; 8.3 P1 - XML External [#0day #Exploit]

  Tags:   

• 13:08

  #0daytoday #MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Vulnerability [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Vulnerability [#0day #Exploit]

  Tags:   

• 13:08

  #0daytoday #WordPress Metronet Tag Manager 1.2.7 Plugin - Cross-Site Request Forgery Vulnerability [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #WordPress Metronet Tag Manager 1.2.7 Plugin - Cross-Site Request Forgery Vulnerability [#0day #Exploit]

  Tags:   

• 13:01

  Neural Networks Using Doom Level Creator Like It’s 1993

   » ‎ Hack a Day

  Readers of a certain vintage will remember the glee of building your own levels for DOOM. There was something magical about carefully crafting a level and then dialing up your friends for a death match session on the new map. Now computers scientists are getting in on that fun in a new way. Researchers from Politecnico di Milano are using artificial intelligence to create new levels for the classic DOOM shooter (PDF whitepaper).

  While procedural level generation has been around for decades, recent advances in machine learning to generate game content (usually levels) are different because they don’t use a …read more

  Tags:  games  

• 12:33

  #0daytoday #totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Vulnerabilit [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Vulnerabilit [#0day #Exploit]

  Tags:   

• 12:27

  #0daytoday #Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Vulnerab [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Vulnerab [#0day #Exploit]

  Tags:   

• 12:27

  #0daytoday #Rockwell Scada System 27.011 - Cross-Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Rockwell Scada System 27.011 - Cross-Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

  Tags:   

• 12:27

  #0daytoday #VirtueMart 3.1.14 - Persistent Cross-Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #VirtueMart 3.1.14 - Persistent Cross-Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

  Tags:   

• 11:55

  CVE-2018-11101: Signal-desktop HTML tag injection variant 2

   » ‎ Full Disclosure

  Posted by Alfredo Ortega on May 16

  Title: Signal-desktop HTML tag injection variant 2
  
  Date Published: 2018-05-16
  
  Last Update: 2018-05-16
  
  CVE Name: CVE-2018-11101
  
  Class: Code injection
  
  Remotely Exploitable: Yes
  
  Locally Exploitable: No
  
  Vendors contacted: Signal.org
  
  Vulnerability Description:
  
  Signal-desktop is the standalone desktop version of the secure
  Signal messenger. This software is vulnerable to remote code execution
  from a malicious contact, by sending a specially...
  

  Tags:   

• 11:55

  Privilege escalation on Windows10/x by shortcut alteration.

   » ‎ Full Disclosure

  Posted by Davide Lombardo on May 16

  According to Microsoft it is not a security concern: UAC is rendered useless by the possibility of an unprivileged
  session to modify shortcuts to point at an identical looking executable which can silently run malicious code with
  admin approval, Windows defender would not help much.
  
  I have told them to fix this issue by limiting unprivileged sessions to only point at unprivileged executable, they
  replied by saying that unless I could...
  

  Tags:   

• 11:55

  PDFParser vulnerability

   » ‎ Full Disclosure

  Posted by bear.xiong on May 16

  PDFParser vulnerability
  ================
  Author : Webin security lab - dbapp security Ltd
  ===============
  
  Introduction:
  =============
  A tool to parse pdf file.
  
  Affected version:
  =====
  lastest version
  
  Vulnerability Description:
  ==========================
  1. The ObjReader::ReadObj() function in ObjReader.cpp in PDFParser allow remote attackers to cause a remote code
  execution (stack buffer overflow) via a crafted pdf file.
  
  ./PDFParser...
  

  Tags:   

• 11:55

  vcftools 0.1.15 vuln bugs

   » ‎ Full Disclosure

  Posted by bear.xiong on May 16

  vcftools multiple vulnerabilities
  ================
  Author : Webin security lab - dbapp security Ltd
  ===============
  
  Introduction:
  =============
  A set of tools written in Perl and C++ for working with VCF files, such as those generated by the 1000 Genomes Project.
  Project website: https://vcftools.github.io/
  
  Affected version:
  =====
  0.1.15
  
  Vulnerability Description:
  ==========================
  1. the header::add_INFO_descriptor function in...
  

  Tags:   

• 11:46

  #0daytoday #WhatsApp 2.18.31 - Memory Corruption Exploit [dos #exploits #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #WhatsApp 2.18.31 - Memory Corruption Exploit [dos #exploits #0day #Exploit]

  Tags:   

• 11:42

  #0daytoday #Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Ex [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Ex [#0day #Exploit]

  Tags:   

• 11:37

  #0daytoday #Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit [remote #exploits #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit [remote #exploits #0day #Exploit]

  Tags:   

• 11:30

  Flood Fault Circuit Interrupter Could Save Lives

   » ‎ Hack a Day

  What if you didn’t have to risk your life to disconnect the power during a catastrophic storm? That’s a question many people in Houston were asking themselves as they watched water from Hurricane Harvey and other storms surge through the streets, swell in the gutters, and flood their homes.

  Among these Houstonians were engineering students [Jon] and [Cyrus Jyan]. They watched as homeowners fought to safely disconnect their homes from the power grid and said, it shouldn’t have to be this way. They designed the Flood Fault Circuit Interrupter to monitor target areas and disconnect the power automatically when a …read more

  Tags:  the hackaday prize  

• 10:01

  Retrotechtacular: The Saturn Propulsion System

   » ‎ Hack a Day

  “We choose to go to the Moon in this decade and do the other things, not because they are easy, but because they are hard; because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one we intend to win, and the others, too”

  When President Kennedy gave his famous speech in September 1962, the art of creating liquid-fueled rocket engines of any significant size was still in its relative infancy. All the rocketry and power …read more

  Tags:  retrotechtacular  

• 8:30

  Welcome to the Internet of Hamsters

   » ‎ Hack a Day

  It was only a matter of time. Everything else is getting its data logged and reported to the Internet for detailed analysis, so why should our rodents be any different? The cover story is that [Nicole Horward] hooked her pet hamster Harold up to the web because she wanted to see if he was getting as much exercise as he should. The real reason is, of course, that Harold wanted to show off to his “friends” on Hamsterbook.

  The hardware side of this hack is very simple, a magnetic door sensor (like the kind used in alarm systems) is used …read more

  Tags:  internet hacks  

• 7:13

  SEC Consult SA-20180516-0 :: XXE & XSS vulnerabilities in RSA Authentication Manager

   » ‎ Full Disclosure

  Posted by SEC Consult Vulnerability Lab on May 16

  SEC Consult Vulnerability Lab Security Advisory < 20180516-0 >
  =======================================================================
  title: XXE & XSS vulnerabilities
  product: RSA Authentication Manager
  vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1
  fixed version: 8.3 P1 and later
  CVE number: CVE-2018-1247
  impact: High
  homepage: https://www.rsa.com...
  

  Tags:   

• 7:01

  3D Printering: When an STL File is Not Quite Right

   » ‎ Hack a Day

  STL files are everywhere. When there’s something to 3D print, it’s probably going to be an STL. Which, as long as the model is good just as it is, is no trouble at all. But sooner or later there will be a model that isn’t quite right in some way and suddenly project progress hits a snag.

  When models interface with other physical things, those other components may not always be exactly as the designer expected. Being mindful about such potential inconsistencies during the design phase can help prevent problems, but it’s not always avoidable. The reason it’s a problem …read more

  Tags:  printer hacks  

• 4:00

  IKEA Lamp with Raspberry Pi as the Smartest Bulb in the House

   » ‎ Hack a Day

  We love to hack IKEA products, marvel at Raspberry Pi creations, and bask in the glow of video projection. [Nord Projects] combined these favorite things of ours into Lantern, a name as minimalist as the IKEA lamp it uses. But the result is nearly magic.

  The key component in this build is a compact laser-illuminated video projector whose image is always in focus. Lantern’s primary user interface is moving the lamp around to switch between different channels of information projected on different surfaces. It would be a hassle if the user had to refocus after every move, but the focus-free …read more

  Tags:  android hacks  

• 1:00

  Gentle Electric Eel

   » ‎ Hack a Day

  It’s no shock that electric eels get a bad rap for being scary creatures. They are slithery fleshy water snakes who can call down lightning. Biologists and engineers at the University of California had something else in mind when they designed their electric eel. Instead of hunting fish, this one swims harmlessly alongside them.

  Traditional remotely operated vehicles have relied on hard shells and spinning propellers. To marine life, this is noisy and unnatural. A silent swimmer doesn’t raise any eyebrows, not that fish have eyebrows. The most innovative feature is the artificial muscles, and although the details are scarce, …read more

  Tags:  robots hacks  

• 0:55

  Microsoft Security Bulletin CVE Revision Increment For May, 2018

   » ‎ Packet Storm Security Advisories
  This Microsoft bulletin summary holds CVE updates for CVE-2018-8147, CVE-2018-8162, and CVE-2018-8176.

  Tags:   

• 0:55

  Microsoft Security Bulletin CVE Revision Increment For May, 2018

   » ‎ Packet Storm Security Recent Files
  This Microsoft bulletin summary holds CVE updates for CVE-2018-8147, CVE-2018-8162, and CVE-2018-8176.

  Tags:   

• 0:55

  Microsoft Security Bulletin CVE Revision Increment For May, 2018

   » ‎ Packet Storm Security Misc. Files
  This Microsoft bulletin summary holds CVE updates for CVE-2018-8147, CVE-2018-8162, and CVE-2018-8176.

  Tags:   

• 0:54

  Debian Security Advisory 4201-1

   » ‎ Packet Storm Security Advisories
  Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

  Tags:   

• 0:54

  Debian Security Advisory 4201-1

   » ‎ Packet Storm Security Recent Files
  Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

  Tags:   

• 0:54

  Debian Security Advisory 4201-1

   » ‎ Packet Storm Security Misc. Files
  Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

  Tags:   

• 0:00

  Vuln: Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Symantec IntelligenceCenter CVE-2017-18268 Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Symantec SSLV CVE-2017-15533 Information Disclosure Vulnerability

  Tags:   

• 0:00

  Vuln: Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Cisco DNA Center Software CVE-2018-0271 Authentication Bypass Vulnerability

  Tags:   

• May 15, 2018
• 22:00

  Case Mod Takes “All In One” Printer to the Next Level

   » ‎ Hack a Day

  You’ve seen printers with scanners in them, printers with copiers in them, even ones with the ancient technology known as “facsimile” built-in. But have you ever seen a printer with a full gaming computer built into it? No? Well, you still haven’t, technically. There’s no printer to be had anymore inside this re-purposed HP Photosmart 6520 case, but it’s probably the closest we’re going to get.

  [Jacob Lee] wrote in to share this awesome build with us, which sees the motherboard, graphics card, ATX power supply, and hard drives all fit seamlessly into the shell of a disused “All-in-one” style …read more

  Tags:  computer hacks  

• 21:04

  [SECURITY] [DSA 4201-1] xen security update

   » ‎ Bugtraq

  Posted by Moritz Muehlenhoff on May 15

  -------------------------------------------------------------------------
  Debian Security Advisory DSA-4201-1 security () debian org
  https://www.debian.org/security/ Moritz Muehlenhoff
  May 15, 2018 https://www.debian.org/security/faq
  -------------------------------------------------------------------------
  
  Package : xen
  CVE ID : CVE-2018-8897 CVE-2018-10471...
  

  Tags:   

• 19:00

  Dark Field Microscopy on the Cheap with a PCB

   » ‎ Hack a Day

  It might seem like a paradox that you want a dark field to see things with an expensive microscope. As [IMSAI Guy] explains, a dark field microscope doesn’t make the subject dark. It makes the area surrounding the subject dark. After selling his expensive microscope, he found he missed having the capability, so he decided to make one cheaply. You can see how he did it in the video, below.

  Dark field microscopy gives better contrast and resolution by discarding light that shines directly through or reflects directly from a sample. The only light you see is any that scatters. …read more

  Tags:  tool hacks  

• 17:00

  [webapps] VirtueMart 3.1.14 - Persistent Cross-Site Scripting

   » ‎ Exploit-DB
  VirtueMart 3.1.14 - Persistent Cross-Site Scripting

  Tags:   

• 17:00

  [webapps] MyBB Admin Notes Plugin v1.1 - Cross-Site Request Forgery

   » ‎ Exploit-DB
  MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

  Tags:   

• 17:00

  [webapps] Rockwell Scada System 27.011 - Cross-Site Scripting

   » ‎ Exploit-DB
  Rockwell Scada System 27.011 - Cross-Site Scripting

  Tags:   

• 17:00

  [webapps] Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site scripting

   » ‎ Exploit-DB
  Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting

  Tags:   

• 17:00

  [webapps] Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

   » ‎ Exploit-DB
  Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery

  Tags:   

• 17:00

  [dos] WhatsApp 2.18.31 - Memory Corruption

   » ‎ Exploit-DB
  WhatsApp 2.18.31 - Memory Corruption

  Tags:   

• 17:00

  [webapps] totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

   » ‎ Exploit-DB
  totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery

  Tags:   

• 17:00

  [local] Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

   » ‎ Exploit-DB
  Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation

  Tags:   

• 17:00

  [webapps] RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting

   » ‎ Exploit-DB
  RSA Authentication Manager 8.2.1.4.0-build1394922 /

  Tags:   

• 17:00

  [local] Libuser - roothelper Privilege Escalation (Metasploit)

   » ‎ Exploit-DB
  Libuser - 'roothelper' Privilege Escalation (Metasploit)

  Tags:   

• 17:00

  [webapps] WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

   » ‎ Exploit-DB
  WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery

  Tags:   

• 17:00

  [remote] Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution

   » ‎ Exploit-DB
  Inteno IOPSYS 2.0

  Tags:   

• 16:01

  Lucky Cat POV Display Ditches the Waving and Windmills Out of Control

   » ‎ Hack a Day

  If you’ve been in a Japanese restaurant, you’ve probably seen a maneki-neko, the lucky cat charm, where a cat welcomes you with a beckoning arm. It’s considered to bring good luck, but we’re not sure if [Martin Fitzpatrick] is pushing his luck with this Lucky Cat POV display. He hacked one of the figurines so the arm forms a persistence of vision (POV) display, where blinking LEDs on the paw create a dot-matrix style display.

  Inside the hapless neko is a Wemos D1, motor driver, and a few other components that turn the cat into a working display. The five …read more

  Tags:  classic hacks  

• 15:10

  Red Hat Security Advisory 2018-1525-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1525-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Issues addressed include bypass and code execution vulnerabilities.

  Tags:   

• 15:10

  Red Hat Security Advisory 2018-1525-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1525-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Issues addressed include bypass and code execution vulnerabilities.

  Tags:   

• 15:10

  Red Hat Security Advisory 2018-1525-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1525-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance. Issues addressed include bypass and code execution vulnerabilities.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3647-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3647-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3647-1

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3647-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

  Tags:   

• 15:10

  Ubuntu Security Notice USN-3647-1

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3647-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

  Tags:   

• 15:08

  Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:08

  Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:08

  Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1427-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1427-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. The docker-latest package provides a version of Docker that iterates outside of the release cadence of Red Hat's container platforms. The docker-latest package will no longer be updated through the Extras channel. Instead, Red Hat customers are advised to use the docker package, which continues to be updated and fully supported.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1427-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1427-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. The docker-latest package provides a version of Docker that iterates outside of the release cadence of Red Hat's container platforms. The docker-latest package will no longer be updated through the Extras channel. Instead, Red Hat customers are advised to use the docker package, which continues to be updated and fully supported.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1427-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1427-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. The docker-latest package provides a version of Docker that iterates outside of the release cadence of Red Hat's container platforms. The docker-latest package will no longer be updated through the Extras channel. Instead, Red Hat customers are advised to use the docker package, which continues to be updated and fully supported.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1523-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1523-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.

  Tags:   

• 15:06

  Red Hat Security Advisory 2018-1523-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.

  Tags:   

• 15:04

  WhatsApp 2.18.31 iOS Memory Corruption

   » ‎ Packet Storm Security Exploits
  WhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.

  Tags:   

• 15:04

  WhatsApp 2.18.31 iOS Memory Corruption

   » ‎ Packet Storm Security Recent Files
  WhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.

  Tags:   

• 15:04

  WhatsApp 2.18.31 iOS Memory Corruption

   » ‎ Packet Storm Security Misc. Files
  WhatsApp version 2.18.31 on iOS suffers from a remote memory corruption vulnerability.

  Tags:   

• 15:02

  Metronet Tag Manager 1.2.7 Cross Site Request Forgery

   » ‎ Packet Storm Security Exploits
  Metronet Tag Manager version 1.2.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:02

  Metronet Tag Manager 1.2.7 Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  Metronet Tag Manager version 1.2.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 15:02

  Metronet Tag Manager 1.2.7 Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  Metronet Tag Manager version 1.2.7 suffers from a cross site request forgery vulnerability.

  Tags:   

• 14:57

  Red Hat Security Advisory 2018-1415-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1415-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 14:57

  Red Hat Security Advisory 2018-1415-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1415-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 14:57

  Red Hat Security Advisory 2018-1415-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1415-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 14:55

  Microsoft Windows Token Process Trust SID Access Check Bypass Privilege Escalation

   » ‎ Packet Storm Security Exploits
  Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.

  Tags:   

• 14:55

  Microsoft Windows Token Process Trust SID Access Check Bypass Privilege Escalation

   » ‎ Packet Storm Security Recent Files
  Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.

  Tags:   

• 14:55

  Microsoft Windows Token Process Trust SID Access Check Bypass Privilege Escalation

   » ‎ Packet Storm Security Misc. Files
  Microsoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1455-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1455-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1455-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1455-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1455-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1455-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1448-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1448-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1448-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1448-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1448-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1448-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1374-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1374-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include denial of service and remote file inclusion vulnerabilities.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1374-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1374-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include denial of service and remote file inclusion vulnerabilities.

  Tags:   

• 14:54

  Red Hat Security Advisory 2018-1374-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1374-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include denial of service and remote file inclusion vulnerabilities.

  Tags:   

• 14:53

  Red Hat Security Advisory 2018-1446-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1446-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.170. Issues addressed include a buffer overflow vulnerability.

  Tags:   

• 14:53

  Red Hat Security Advisory 2018-1446-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1446-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.170. Issues addressed include a buffer overflow vulnerability.

  Tags:   

• 14:53

  Red Hat Security Advisory 2018-1446-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1446-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.170. Issues addressed include a buffer overflow vulnerability.

  Tags:   

• 14:52

  Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking

   » ‎ Packet Storm Security Exploits
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.

  Tags:   

• 14:52

  Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking

   » ‎ Packet Storm Security Recent Files
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.

  Tags:   

• 14:52

  Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking

   » ‎ Packet Storm Security Misc. Files
  Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.

  Tags:   

• 14:47

  White House Eliminates Cybersecurity Coordinator Role

   » ‎ Packet Storm Security Headlines
  White House Eliminates Cybersecurity Coordinator Role

  Tags:  headlinegovernmentusa  

• 14:47

  Facebook Details Scale Of Abuse On Its Site

   » ‎ Packet Storm Security Headlines
  Facebook Details Scale Of Abuse On Its Site

  Tags:  headlineprivacyfraudfacebooksocial  

• 14:47

  GDPR Has MPs In A Bind

   » ‎ Packet Storm Security Headlines
  GDPR Has MPs In A Bind

  Tags:  headlinegovernmentprivacybritain  

• 14:47

  This Map Tracks Which Cops Have GrayKey iPhone Cracking Tech

   » ‎ Packet Storm Security Headlines
  This Map Tracks Which Cops Have GrayKey iPhone Cracking Tech

  Tags:  headlinegovernmentprivacyusaphoneapple  

• 14:18

  Red Hat Security Advisory 2018-1452-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1452-01 - The ovirt-ansible-roles package contains Ansible roles which automate common Red Hat Virtualization administration tasks. Issues addressed include a password revelation vulnerability.

  Tags:   

• 14:18

  Red Hat Security Advisory 2018-1452-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1452-01 - The ovirt-ansible-roles package contains Ansible roles which automate common Red Hat Virtualization administration tasks. Issues addressed include a password revelation vulnerability.

  Tags:   

• 14:18

  Red Hat Security Advisory 2018-1452-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1452-01 - The ovirt-ansible-roles package contains Ansible roles which automate common Red Hat Virtualization administration tasks. Issues addressed include a password revelation vulnerability.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1372-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1372-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include buffer overflow and denial of service vulnerabilities.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1372-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1372-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include buffer overflow and denial of service vulnerabilities.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1372-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1372-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include buffer overflow and denial of service vulnerabilities.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1459-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1459-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1459-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1459-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:17

  Red Hat Security Advisory 2018-1459-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1459-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1458-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1458-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1458-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1458-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1458-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1458-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1457-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1457-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1457-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1457-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1457-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1457-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1454-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1454-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1454-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1454-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:16

  Red Hat Security Advisory 2018-1454-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1454-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1463-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1463-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1463-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1463-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1463-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1463-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1456-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1456-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1456-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1456-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:15

  Red Hat Security Advisory 2018-1456-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1456-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a code execution vulnerability.

  Tags:   

• 14:14

  Red Hat Security Advisory 2018-1449-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1449-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:14

  Red Hat Security Advisory 2018-1449-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1449-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:14

  Red Hat Security Advisory 2018-1449-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1449-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:12

  Red Hat Security Advisory 2018-1461-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1461-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:12

  Red Hat Security Advisory 2018-1461-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1461-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:12

  Red Hat Security Advisory 2018-1461-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1461-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:11

  Red Hat Security Advisory 2018-1380-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1380-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include an ns-slapd crash vulnerability.

  Tags:   

• 14:11

  Red Hat Security Advisory 2018-1380-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1380-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include an ns-slapd crash vulnerability.

  Tags:   

• 14:11

  Red Hat Security Advisory 2018-1380-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1380-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include an ns-slapd crash vulnerability.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1460-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1460-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1460-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1460-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1460-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1460-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1447-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1447-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1447-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1447-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:10

  Red Hat Security Advisory 2018-1447-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1447-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:09

  Red Hat Security Advisory 2018-1451-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1451-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:09

  Red Hat Security Advisory 2018-1451-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1451-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:09

  Red Hat Security Advisory 2018-1451-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1451-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:09

  Ubuntu Security Notice USN-3600-2

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 3600-2 - USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

  Tags:   

• 14:09

  Ubuntu Security Notice USN-3600-2

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 3600-2 - USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

  Tags:   

• 14:09

  Ubuntu Security Notice USN-3600-2

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 3600-2 - USN-3600-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

  Tags:   

• 14:08

  Red Hat Security Advisory 2018-1416-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1416-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

  Tags:   

• 14:08

  Red Hat Security Advisory 2018-1416-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1416-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

  Tags:   

• 14:08

  Red Hat Security Advisory 2018-1416-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1416-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

  Tags:   

• 14:07

  Red Hat Security Advisory 2018-1396-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1396-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a resource exhaustion vulnerability.

  Tags:   

• 14:07

  Red Hat Security Advisory 2018-1396-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1396-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a resource exhaustion vulnerability.

  Tags:   

• 14:07

  Red Hat Security Advisory 2018-1396-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1396-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a resource exhaustion vulnerability.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1453-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1453-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1453-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1453-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1453-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1453-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a command injection vulnerability.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1450-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1450-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1450-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1450-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:06

  Red Hat Security Advisory 2018-1450-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1450-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.

  Tags:   

• 14:05

  Red Hat Security Advisory 2018-1414-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2018-1414-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 14:05

  Red Hat Security Advisory 2018-1414-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2018-1414-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 14:05

  Red Hat Security Advisory 2018-1414-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2018-1414-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

  Tags:   

• 13:01

  Hawkeye, the 3D-Printed Tourbillon Movement

   » ‎ Hack a Day

  As if building tiny mechanisms with dozens of moving parts that all need to mesh together perfectly to work weren’t enough, some clock and watchmakers like to put their horology on hard mode with tourbillon movements. Tourbillons add multiple axes to the typical gear trains in an attempt to eliminate errors caused by the influence of gravity — the movement essentially spins on gimbals while tick-tocking away.

  It feels like tourbillons are too cool to lock inside timepieces meant for the ultra-rich. [Alduinien] agrees and democratized the mechanism with this 3D-printed tourbillon. Dubbed “Hawkeye,” [Alduinien]’s tourbillon is a masterpiece of …read more

  Tags:  printer hacks  

• 12:58

  #0daytoday #ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI Vulnerabilities [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI Vulnerabilities [#0day #Exploit]

  Tags:   

• 12:58

  #0daytoday #IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerab [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerab [#0day #Exploit]

  Tags:   

• 12:58

  #0daytoday #Libuser roothelper Privilege Escalation Exploit [remote #exploits #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #Libuser roothelper Privilege Escalation Exploit [remote #exploits #0day #Exploit]

  Tags:   

• 12:58

  #0daytoday #MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting Vulnerabilities [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting Vulnerabilities [#0day #Exploit]

  Tags:   

• 12:24

  #0daytoday #WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion Vulnerability [#0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion Vulnerability [#0day #Exploit]

  Tags:   

• 12:24

  #0daytoday #WordPress WP ULike 2.8.1 / 3.1 Cross Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #WordPress WP ULike 2.8.1 / 3.1 Cross Site Scripting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

  Tags:   

• 12:21

  #0daytoday #JasperReports - Authenticated File Read Vulnerability CVE-2018-5430 [webapps #exploits #Vulnerability #0day #Exploit]

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  #0daytoday #JasperReports - Authenticated File Read Vulnerability CVE-2018-5430 [webapps #exploits #Vulnerability #0day #Exploit]

  Tags:   

• 11:30

  Reflowduino: Put That Toaster Oven To Good Use

   » ‎ Hack a Day

  There are few scenes in life more moving than the moment the solder paste melts as the component slides smoothly into place. We’re willing to bet the only reason you don’t have a reflow oven is the cost. Why wouldn’t you want one? Fortunately, the vastly cheaper DIY route has become a whole lot easier since the birth of the Reflowduino – an open source controller for reflow ovens.

  This Hackaday Prize entry by [Timothy Woo] provides a super quick way to create your own reflow setup, using any cheap means of heating you have lying around. [Tim] uses a …read more

  Tags:  arduino hacks  

• 10:00

  Richard Feynman: A Life Of Curiosity And Science

   » ‎ Hack a Day

  It was World War II and scientists belonging to the Manhattan Project worked on calculations for the atomic bomb. Meanwhile, in one of the buildings, future Nobel Prize winning theoretical physicist Richard Feynman was cracking the combination lock on a safe because doing so intrigued him. That’s as good a broad summary of Feynman as any: scientific integrity with curiosity driving both his work and his fun.

  If you’ve heard of him in passing it may be because of his involvement on the Space Shuttle Challenger disaster commission or maybe you’ve learned something from one of his many lectures preserved …read more

  Tags:  Biography  

• 9:47

  Keeper Commander

   » ‎ Full Disclosure

  Posted by sosumi on May 15

  Product:
  Keeper Commander
  
  Project URL:
  https://github.com/Keeper-Security/Commander <https://github.com/Keeper-Security/Commander/>
  
  Author/Vendor website:
  https://keepersecurity.com <https://keepersecurity.com/>
  
  [[[ Summary ]]]
  
  Possible flaw may allow someone controlling the Keeper API server to gain access to the the decryption key to the
  user's Keeper Vault which in turn is intended to contain account passwords and other...
  

  Tags:   

• 9:40

  Re: Buffer overflow in xls2csv (xlsparse.c:716) - catdoc

   » ‎ Full Disclosure

  Posted by Vadim Zhukov on May 15

  It seems the Git repo you've mentioned isn't an official repo at all.
  
  The actual home page of this project is this:
  http://www.wagner.pp.ru/~vitus/software/catdoc/
  

  Tags:   

• 9:33

  CVE-2018-10994: HTML tag injection in Signal-desktop

   » ‎ Full Disclosure

  Posted by Alfredo Ortega on May 15

  Title: HTML tag injection in Signal-desktop
  
  Date Published: 14-05-2018
  
  CVE Name: CVE-2018-10994
  
  Class: Code injection
  
  Remotely Exploitable: Yes
  
  Locally Exploitable: No
  
  Vendors contacted: Signal.org
  
  Vulnerability Description:
  
  Signal-desktop is the standalone desktop version of the secure Signal
  messenger.
  This software is vulnerable to remote code execution from a malicious
  contact,
  by sending a specially crafted message containing HTML...
  

  Tags:   

• 9:31

  Multiple Arris Touchstone Gateway Vulnerabilities

   » ‎ Full Disclosure

  Posted by Akshay Sharma on May 15

  Hi,
  
  Multiple vulnerabilities exist in Arris Touchstone Telephony Gateway (TG)
  Series devices, related to its web administration console.
  The CVEs for these devices have been
  created: CVE-2018-10989, CVE-2018-10990, CVE-2018-10991.
  
  A blog post containing the full disclosure has been created:
  https://medium.com/@AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c
  
  Thank you.
  
  Regards
  Akshay...
  

  Tags:   

• 9:30

  Calamp.com Incorrect privilege assignment could lead to full user and vehicle compromise

   » ‎ Full Disclosure

  Posted by Vangelis Stykas on May 15

  There is also a full write up on https://medium.com/@evstykas/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162
  <https://medium.com/@evstykas/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162>
  
  Vulnerability Security Advisory < 20180501 >
  =======================================================================
  title: Incorrect Privilege Assignment
  product: lenderoutlook on colt.calamp-ts.com <...
  

  Tags: