seeing is believing

Recent Files

Files RSS Feed
Slackware Security Advisory - tcpdump Updates
Posted Jul 25, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
Ubiquiti Networks Open Redirect
Posted Jul 25, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

tags | exploit
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
Kernel Live Patch Security Notice LSN-0026-1
Posted Jul 25, 2017
Authored by Benjamin M. Romer

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
WebKit JSC ArgumentsEliminationPhase::transform Incorrect LoadVarargs Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.

tags | exploit
WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.

tags | exploit, overflow
WebKit WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.

tags | exploit
WebKit WebCore::RenderObject Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.

tags | exploit
WebKit WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.

tags | exploit
WebKit WebCore::InputType::element Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.

tags | exploit
WebKit WebCore::Node::getFlag Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.

tags | exploit
WebKit WebCore::getCachedWrapper Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.

tags | exploit
WebKit WebCore::Node::nextSibling Use-After-Free
Posted Jul 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.

tags | exploit
WebKit JSC JSObject::putInlineSlow / JSValue::putToPrimitive XSS
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.

tags | exploit, xss
WebKit JSC ObjectPatternNode::appendEntry Use-After-Free
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from an ObjectPatternNode::appendEntry stack use-after-free.

tags | advisory
MEDHOST Connex Hard-Coded Credentials
Posted Jul 25, 2017
Authored by Allen Franks

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.

tags | exploit
WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.

tags | exploit
WebKit JSC Incorrect Scope Register Handling
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).

tags | exploit
WebKit JSC arrayProtoFuncSplice Uninitiailzed Memory Reference
Posted Jul 25, 2017
Authored by Google Security Research, lokihardt

WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.

tags | exploit
REDDOXX Appliance Remote Command Execution
Posted Jul 25, 2017
Site redteam-pentesting.de

RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.

tags | exploit, remote, arbitrary, root
REDDOXX Appliance Unauthenticated Access
Posted Jul 25, 2017
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.

tags | exploit
REDDOXX Appliance Undocumented Administrative Service Account
Posted Jul 25, 2017
Site redteam-pentesting.de

RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.

tags | exploit
Faraday 2.6.0
Posted Jul 25, 2017
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added the ability to select more than one target when creating a vuln in the Web UI. Fixed formula injection vulnerability in export to CSV feature. Various other improvements and fixes.
tags | tool, rootkit
systems | unix
Debian Security Advisory 3917-1
Posted Jul 24, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3917-1 - A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.

tags | advisory, denial of service
systems | linux, debian
Slackware Security Advisory - seamonkey Updates
Posted Jul 24, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
View Older Files →

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    23 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close