Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers https://packetstormsecurity.com/ en-us Mon, 14 Oct 2019 16:23:31 GMT 144400 https://packetstormsecurity.com/ https://ssl.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1910904596&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1910904596.1571070211.1571070211.1571070211.1%3B%2B__utmz%3D32867617.1571070211.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) https://packetstormsecurity.com/files/154842/Botan-2.12.1.tar.xz https://packetstormsecurity.com/files/154842/Botan-2.12.1.tar.xz https://packetstormsecurity.com/files/154842/Botan-C-Crypto-Algorithms-Library-2.12.1.html Mon, 14 Oct 2019 15:16:36 GMT Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release. https://packetstormsecurity.com/files/154841/RHSA-2019-2989-01.txt https://packetstormsecurity.com/files/154841/RHSA-2019-2989-01.txt https://packetstormsecurity.com/files/154841/Red-Hat-Security-Advisory-2019-2989-01.html Mon, 14 Oct 2019 15:11:40 GMT Red Hat Security Advisory 2019-2989-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. TLS verification and SSH host key verification issues were addressed. https://packetstormsecurity.com/files/154840/asusrtn10-xssxsrfexec.txt https://packetstormsecurity.com/files/154840/asusrtn10-xssxsrfexec.txt https://packetstormsecurity.com/files/154840/ASUS-RT-N10-2.0.3.4-CSRF-XSS-Command-Execution.html Mon, 14 Oct 2019 15:10:11 GMT ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution. https://packetstormsecurity.com/files/154839/APPLE-SA-2019-10-11-1.txt https://packetstormsecurity.com/files/154839/APPLE-SA-2019-10-11-1.txt https://packetstormsecurity.com/files/154839/Apple-Security-Advisory-2019-10-11-1.html Mon, 14 Oct 2019 15:08:24 GMT Apple Security Advisory 2019-10-11-1 - Swift 5.1.1 for Ubuntu is now available and addresses an issue with data disclosure. https://packetstormsecurity.com/files/154838/kironadrs5535-disclose.txt https://packetstormsecurity.com/files/154838/kironadrs5535-disclose.txt https://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html Mon, 14 Oct 2019 15:07:09 GMT Kirona-DRS version 5.5.3.5 suffers from an information disclosure vulnerability. https://packetstormsecurity.com/files/154837/expressinvoice712-xss.txt https://packetstormsecurity.com/files/154837/expressinvoice712-xss.txt https://packetstormsecurity.com/files/154837/Express-Invoice-7.12-Cross-Site-Scripting.html Mon, 14 Oct 2019 14:56:48 GMT Express Invoice version 7.12 suffers from a persistent cross site scripting vulnerability. https://packetstormsecurity.com/files/154836/dsa-4539-3.txt https://packetstormsecurity.com/files/154836/dsa-4539-3.txt https://packetstormsecurity.com/files/154836/Debian-Security-Advisory-4539-3.html Mon, 14 Oct 2019 14:56:07 GMT Debian Linux Security Advisory 4539-3 - The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue. https://packetstormsecurity.com/files/154827/activefax692pop3-dos.txt https://packetstormsecurity.com/files/154827/activefax692pop3-dos.txt https://packetstormsecurity.com/files/154827/ActiveFax-Server-6.92-Build-0316-Denial-Of-Service.html Mon, 14 Oct 2019 14:47:46 GMT ActiveFax Server version 6.92 build 0316 POP3 server denial of service exploit. https://packetstormsecurity.com/files/154826/oxappsuite-ssrfxssdisclose.txt https://packetstormsecurity.com/files/154826/oxappsuite-ssrfxssdisclose.txt https://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.html Mon, 14 Oct 2019 14:44:16 GMT Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities. https://packetstormsecurity.com/files/154825/spotauditor5310-dos.txt https://packetstormsecurity.com/files/154825/spotauditor5310-dos.txt https://packetstormsecurity.com/files/154825/SpotAuditor-5.3.1.0-Denial-Of-Service.html Mon, 14 Oct 2019 14:39:39 GMT SpotAuditor version 5.3.1.0 suffers from a denial of service vulnerability. https://packetstormsecurity.com/files/154824/uplay92-escalate.txt https://packetstormsecurity.com/files/154824/uplay92-escalate.txt https://packetstormsecurity.com/files/154824/Uplay-92.0.0.6280-Local-Privilege-Escalation.html Mon, 14 Oct 2019 14:38:07 GMT Uplay version 92.0.0.6280 suffers from a local privilege escalation vulnerability. https://packetstormsecurity.com/files/154834/joomlasumoku398-sql.txt https://packetstormsecurity.com/files/154834/joomlasumoku398-sql.txt https://packetstormsecurity.com/files/154834/Joomla-Sumoku-3.9.8-SQL-Injection.html Sun, 13 Oct 2019 12:22:22 GMT Joomla Sumoku component version 3.9.8 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154833/joomlavemodnewsmailer10-sql.txt https://packetstormsecurity.com/files/154833/joomlavemodnewsmailer10-sql.txt https://packetstormsecurity.com/files/154833/Joomla-Vemod-News-Mailer-1.0-SQL-Injection.html Sun, 13 Oct 2019 11:11:11 GMT Joomla Vemod News Mailer component version 1.0 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154832/joomlamedialibrary1526-sql.txt https://packetstormsecurity.com/files/154832/joomlamedialibrary1526-sql.txt https://packetstormsecurity.com/files/154832/Joomla-MediaLibrary-1.5.26-SQL-Injection.html Sun, 13 Oct 2019 10:11:11 GMT Joomla MediaLibrary component version 1.5.26 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154831/joomlamisterestate1526-sql.txt https://packetstormsecurity.com/files/154831/joomlamisterestate1526-sql.txt https://packetstormsecurity.com/files/154831/Joomla-MisterEstate-1.5.26-SQL-Injection.html Sun, 13 Oct 2019 09:22:22 GMT Joomla MisterEstate component version 1.5.26 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154830/joomlagooglemaps104-sql.txt https://packetstormsecurity.com/files/154830/joomlagooglemaps104-sql.txt https://packetstormsecurity.com/files/154830/Joomla-Google-Maps-1.0.4-SQL-Injection.html Sat, 12 Oct 2019 14:44:44 GMT Joomla Google Maps component version 1.0.4 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154829/joomlamad4joomla11x-sql.txt https://packetstormsecurity.com/files/154829/joomlamad4joomla11x-sql.txt https://packetstormsecurity.com/files/154829/Joomla-Mad4Joomla-1.1.x-SQL-Injection.html Sat, 12 Oct 2019 14:22:22 GMT Joomla Mad4Joomla component version 1.1.x suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154828/joomlacactus120-sql.txt https://packetstormsecurity.com/files/154828/joomlacactus120-sql.txt https://packetstormsecurity.com/files/154828/Joomla-Cactus-1.2.0-SQL-Injection.html Sat, 12 Oct 2019 13:13:13 GMT Joomla Cactus component version 1.2.0 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154835/joomlaswphotogallery1526-sql.txt https://packetstormsecurity.com/files/154835/joomlaswphotogallery1526-sql.txt https://packetstormsecurity.com/files/154835/Joomla-SwPhotoGallery-1.5.26-SQL-Injection.html Sat, 12 Oct 2019 10:11:11 GMT Joomla SwPhotoGallery component version 1.5.26 suffers from a remote SQL injection vulnerability. https://packetstormsecurity.com/files/154823/NS-19-015.txt https://packetstormsecurity.com/files/154823/NS-19-015.txt https://packetstormsecurity.com/files/154823/Openfire-4.4.1-Cross-Site-Scripting.html Fri, 11 Oct 2019 17:35:02 GMT Openfire version 4.4.1 suffers from multiple cross site scripting vulnerabilities. https://packetstormsecurity.com/files/154821/KIS-2019-09.txt https://packetstormsecurity.com/files/154821/KIS-2019-09.txt https://packetstormsecurity.com/files/154821/SugarCRM-9.0.1-Phar-Deserialization.html Fri, 11 Oct 2019 15:18:50 GMT SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities. https://packetstormsecurity.com/files/154820/KIS-2019-08.txt https://packetstormsecurity.com/files/154820/KIS-2019-08.txt https://packetstormsecurity.com/files/154820/SugarCRM-9.0.1-PHP-Object-Injection.html Fri, 11 Oct 2019 15:17:36 GMT SugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities. https://packetstormsecurity.com/files/154818/KIS-2019-07.txt https://packetstormsecurity.com/files/154818/KIS-2019-07.txt https://packetstormsecurity.com/files/154818/SugarCRM-9.0.1-PHP-Code-Injection.html Fri, 11 Oct 2019 15:14:30 GMT SugarCRM versions 9.0.1 and below suffer from multiple PHP code injection vulnerabilities. https://packetstormsecurity.com/files/154817/KIS-2019-06.txt https://packetstormsecurity.com/files/154817/KIS-2019-06.txt https://packetstormsecurity.com/files/154817/SugarCRM-9.0.1-Path-Traversal.html Fri, 11 Oct 2019 15:13:05 GMT SugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities. https://packetstormsecurity.com/files/154822/GS20191011151944.tgz https://packetstormsecurity.com/files/154822/GS20191011151944.tgz https://packetstormsecurity.com/files/154822/Visual-Studio-Code-Remote-Debugger-Enabled.html Fri, 11 Oct 2019 15:11:11 GMT Visual Studio Code enables its remote debugger by default when installed.