ignore security and it'll go away

Recent Files

Files RSS Feed
Tenshi Log Monitoring Program 0.16
Posted Aug 17, 2017
Authored by Andrea Barisani | Site dev.inversepath.com

tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: PID file is now created before dropping privileges (CVE-2017-11746). Removed old redhat, solaris and suse init scripts. Rewrote and simplified the OpenRC init script. Renamed the "gentoo" init script to "openrc". Throttled monitoring loop on empty reads. Added options for listening on Redis queues (redisqueue, redisserver).
tags | tool, system logging
systems | unix
Red Hat Security Advisory 2017-2489-01
Posted Aug 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2489-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
Debian Security Advisory 3928-2
Posted Aug 17, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3928-2 - The update shipped in DSA 3928-1 failed to build on the mips, mipsel and powerpc architectures for the oldstable distribution (jessie). This has been fixed in 52.3.0esr-1~deb8u2.

tags | advisory
systems | linux, debian
Gentoo Linux Security Advisory 201708-02
Posted Aug 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-2 - Multiple vulnerabilities have been found in TNEF, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 1.4.15 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
Gentoo Linux Security Advisory 201708-01
Posted Aug 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-1 - Multiple vulnerabilities have been found in BIND, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 9.11.1_p1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
Red Hat Security Advisory 2017-2486-01
Posted Aug 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2486-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

tags | advisory, java, remote, code execution, python, ruby
systems | linux, redhat
Adobe Flash Invoke Accesses Trait Out-Of-Bounds
Posted Aug 17, 2017
Authored by Google Security Research, natashenka

The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.

tags | exploit, proof of concept
Microsoft Edge Chakra Incorrect Jit Optimization
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.

tags | exploit
Microsoft Edge Chakra EmitNew Integer Overflow
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.

tags | exploit, overflow
Microsoft Edge Chakra Parser::ParseFncFormals Uninitialized Arguments
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the "PNodeFlags::fpnArguments_overriddenInParam" flag.

tags | exploit
Microsoft Edge Chakra Uninitialized Arguments
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability.

tags | exploit
Microsoft Edge Chakra JavascriptFunction::EntryCall Mishandled CallInfo
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Charka does not handle CallInfo properly in JavascriptFunction::EntryCall.

tags | exploit
Microsoft Edge Chakra JavascriptArray::ConcatArgs Type Confusion
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability in JavascriptArray::ConcatArgs.

tags | advisory
Microsoft Edge Chakra Incorrect Jit Optimization
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.

tags | exploit
Microsoft Edge Chakra EmitAssignment Register Issue
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing.

tags | advisory
Microsoft Edge Chakra TryUndeleteProperty Incorrect Usage
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an incorrect usage of TryUndeleteProperty.

tags | exploit
Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule.

tags | exploit
Microsoft Edge Charka Failed Re-Parse
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

InterpreterStackFrame::ProcessLinkFailedAsmJsModule in Microsoft Edge Chakra incorrectly re-parses.

tags | exploit
Microsoft Edge Source Fetch Out-Of-Bounds Access
Posted Aug 16, 2017
Authored by Google Security Research, natashenka

Microsoft Edge suffers from an out-of-bounds access vulnerability when fetching source.

tags | exploit
Microsoft Edge Charka PreVisitCatch Missing Call
Posted Aug 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra does not call SetIsCatch for all cases in PreVisitCatch.

tags | exploit
Red Hat Security Advisory 2017-2485-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2485-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
Red Hat Security Advisory 2017-2484-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2484-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
Red Hat Security Advisory 2017-2483-01
Posted Aug 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2483-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.

tags | advisory, remote, web
systems | linux, redhat
Microsoft Chakra JIT Server Out-Of-Bounds Write
Posted Aug 16, 2017
Authored by Ivan Fratric, Google Security Research

The Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.

tags | advisory
Microsoft Chakra JIT Server IRBuilder::Build Integer Overflow
Posted Aug 16, 2017
Authored by Ivan Fratric, Google Security Research

The Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.

tags | advisory, overflow
View Older Files →

Recent News

News RSS Feed
Ukraine Malware Author Turns Witness In Russian DNC Investigation
Posted Aug 17, 2017

tags | headline, government, privacy, email, usa, russia, data loss, cyberwar
Flash's Final Countdown Has Begun
Posted Aug 17, 2017

tags | headline, flaw, adobe
GOP Lawmakers Shamed On Billboards Over Net Neutrality
Posted Aug 17, 2017

tags | headline, government, usa
Secret Service Agent From Silk Road Case Cops To Second Heist
Posted Aug 16, 2017

tags | headline, government, usa, fraud
Russian Malware Scum Post New Rent-An-Exploit
Posted Aug 16, 2017

tags | headline, hacker, malware, russia, flaw
Creepy Backdoor Found In NetSarang Server Management
Posted Aug 16, 2017

tags | headline, flaw, backdoor
Uber Agrees To 20 Years Of Privacy Audits To Settle FTC Charges
Posted Aug 16, 2017

tags | headline, government, privacy, usa, data loss
Marcus Hutchins Pleads Not Guilty To Writing Bank Malware
Posted Aug 15, 2017

tags | headline, hacker, government, malware, usa, britain, fbi, conference
Indian Police Arrest Four For Game Of Thrones Leak
Posted Aug 15, 2017

tags | headline, hacker, india, data loss
Blizzard Entertainment Hit With Weekend DDoS Attack
Posted Aug 15, 2017

tags | headline, denial of service
View More News →

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    12 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close