Twenty Year Anniversary
Showing 1 - 17 of 17 RSS Feed

Files Date: 2017-03-02

Red Hat Security Advisory 2017-0396-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0396-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2017-2615, CVE-2017-2620
MD5 | 5965cd67b6cc01da441914fe1589613a
Ubuntu Security Notice USN-3214-1
Posted Mar 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3214-1 - A large number of security issues were discovered in the w3m browser. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9426, CVE-2016-9428, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442, CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624, CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628
MD5 | bdc5bf3c60bcf930be757ea5bf363bee
Ubuntu Security Notice USN-3215-1
Posted Mar 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3215-1 - It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.

tags | advisory, remote, arbitrary, cgi
systems | linux, ubuntu
advisories | CVE-2017-6188
MD5 | d0bd199e11e50ba5fc58c92cc87bbcf3
Ubuntu Security Notice USN-3211-2
Posted Mar 2, 2017
Authored by Ubuntu | Site security.ubuntu.com

buntu Security Notice 3211-2 - USN-3211-1 fixed vulnerabilities in PHP by updating to the new 7.0.15 upstream release. PHP 7.0.15 introduced a regression when using MySQL with large blobs. This update fixes the problem with a backported fix. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php, vulnerability
advisories | CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-7479, CVE-2016-9137, CVE-2016-9935, CVE-2016-9936, CVE-2017-5340
MD5 | 7ce6a856c68f82a64ec200d01585c249
WordPress Mobile App Native 3.0 Shell Upload
Posted Mar 2, 2017
Authored by Larry W. Cashdollar

WordPress Mobile App Native plugin version 3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 33588d70b1e4e4d09b5f020e76ad9d56
Debian Security Advisory 3794-2
Posted Mar 2, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3794-2 - The update for munin issues as DSA-3794-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue.

tags | advisory, cgi
systems | linux, debian
MD5 | 5a45a9cbf54f376d207a54d4f5dc52b1
Red Hat Security Advisory 2017-0359-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0359-01 - openstack-puppet-modules provides a collection of Puppet modules which Red Hat OpenStack Platform director uses to install and configure OpenStack. Security Fix: An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9590
MD5 | e150f85f429f0a569ee0c0457439405b
Red Hat Security Advisory 2017-0361-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0361-01 - openstack-puppet-modules provides a collection of Puppet modules which Red Hat OpenStack Platform director uses to install and configure OpenStack. Security Fix: An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9590
MD5 | 978caaa02acd712689556d43de49916f
Red Hat Security Advisory 2017-0365-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0365-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
MD5 | 9a035bc44e07eeb4d06aa1efe1e26924
Red Hat Security Advisory 2017-0366-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0366-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
MD5 | ed25f3c43832317c1d499dcb36623513
Red Hat Security Advisory 2017-0352-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0352-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2017-2620
MD5 | a643b5b12b856f508a20aa321e1efc9f
Red Hat Security Advisory 2017-0350-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0350-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-2857, CVE-2017-2615, CVE-2017-2620
MD5 | 4c24f6985cfd3b66cf056a2d6a031979
Red Hat Security Advisory 2017-0351-01
Posted Mar 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0351-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-2620
MD5 | bd5038a5f3970e98faf4cdf8392ada01
Debian Security Advisory 3798-1
Posted Mar 2, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3798-1 - Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310
MD5 | cc1c02212771bd786a0faff562704ac5
Packet Storm New Exploits For February, 2017
Posted Mar 2, 2017
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 285 exploits added to Packet Storm in February, 2017.

tags | exploit
MD5 | cdd2b5cdbf02984f8e965dd1b9c7cf02
Cisco AnyConnect SBL 4.3.04027 Local Privilege Escalation
Posted Mar 2, 2017
Authored by Pcchillin

Cisco AnyConnect Start Before Logon (SBL) versions 4.3.04027 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
systems | cisco
advisories | CVE-2017-3813
MD5 | 5e693d56fb7155f3571387b32cb5244f
PHP Classified OLX Clone Script SQL Injection
Posted Mar 2, 2017
Authored by Ihsan Sencan

PHP Classified OLX Clone Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | de1bc4720fc1717b7fa1f9ac7f669194
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close