accept no compromises

Recent Files

Files RSS Feed
MIMEDefang Email Scanner 2.80
Posted Jul 26, 2017
Authored by David F. Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: Various bug fixes and updates.
tags | tool
systems | windows, unix
Ubuntu Security Notice USN-3364-3
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-3 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-3365-1
Posted Jul 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3365-1 - It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
Red Hat Security Advisory 2017-1802-01
Posted Jul 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1802-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.

tags | advisory, java, web
systems | linux, redhat
Red Hat Security Advisory 2017-1801-01
Posted Jul 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1801-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.

tags | advisory, java, web
systems | linux, redhat
WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting
Posted Jul 25, 2017
Authored by 8bitsec

WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
Posted Jul 25, 2017
Authored by 8bitsec

WordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
Slackware Security Advisory - tcpdump Updates
Posted Jul 25, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
Ubiquiti Networks Open Redirect
Posted Jul 25, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

tags | exploit
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
Kernel Live Patch Security Notice LSN-0026-1
Posted Jul 25, 2017
Authored by Benjamin M. Romer

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
WebKit JSC ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.

tags | exploit
WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.

tags | exploit, overflow
WebKit WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.

tags | exploit
WebKit WebCore::RenderObject Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.

tags | exploit
WebKit WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.

tags | exploit
WebKit WebCore::InputType::element Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.

tags | exploit
WebKit WebCore::Node::getFlag Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.

tags | exploit
WebKit WebCore::getCachedWrapper Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.

tags | exploit
WebKit WebCore::Node::nextSibling Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.

tags | exploit
WebKit JSC JSObject::putInlineSlow / JSValue::putToPrimitive XSS
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.

tags | exploit, xss
WebKit JSC ObjectPatternNode::appendEntry Use-After-Free
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from an ObjectPatternNode::appendEntry stack use-after-free.

tags | advisory
MEDHOST Connex Hard-Coded Credentials
Posted Jul 25, 2017
Authored by Allen Franks

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.

tags | exploit
WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.

tags | exploit
WebKit JSC Incorrect Scope Register Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).

tags | exploit
View Older Files →

Recent News

News RSS Feed
Adobe To Kill Off Flash By 2020
Posted Jul 25, 2017

tags | headline, hacker, malware, flaw, adobe
Here's The FBI's Internal Presentation About The 9/11 Attacks
Posted Jul 25, 2017

tags | headline, government, usa, terror, fbi
The SEC Just Ruled That Ethereum ICO Tokens Are Securities
Posted Jul 25, 2017

tags | headline, government, usa
Las Vegas Locks Down Ahead Of DEFCON
Posted Jul 25, 2017

tags | headline, hacker, usa, conference
macOS Fruitfly Backdoor Analysis And Spying Capabilities
Posted Jul 25, 2017

tags | headline, malware, spyware, apple, backdoor
How Coders Hacked Back To Rescue $208 Million In Ethereum
Posted Jul 25, 2017

tags | headline, hacker, bank, fraud
Pathetic Patching Leaves Over 70,000 Memcached Servers Still Up For Grabs
Posted Jul 25, 2017

tags | headline, hacker, data loss, flaw
Video: Cash Machine Hacked In 5 Minutes
Posted Jul 25, 2017

tags | headline, bank, cybercrime, fraud, flaw
Companies Are Still Dealing With The Aftermath Of Petya
Posted Jul 24, 2017

tags | headline, malware, cybercrime, fraud, cryptography
Sweden Leaked Every Car Owners' Details Last Year
Posted Jul 24, 2017

tags | headline, government, privacy, data loss, sweden
View More News →

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close