the original cloud security
Showing 1 - 24 of 24 RSS Feed

Files Date: 2017-04-11

Proxifier 2.18 Privilege Escalation / Code Execution
Posted Apr 11, 2017
Authored by Mark Wadham

Proxifier versions 2.18 and below ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and unload Proxifier's kernel extension. Unfortunately it does this by taking the first parameter passed to it on the commandline without any sanitisation and feeding it straight into system().

tags | exploit, kernel, root
advisories | CVE-2017-7643
MD5 | 6303ce293523ba76e75217030e88c039
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
MD5 | b293531296a344dda48b8ff307777b9b
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0047da464e35dbebfaf88dadaf2cde82
MyBB Directory Traversal
Posted Apr 11, 2017
Authored by Zhiyang Zeng

MyBB versions prior to 1.8.11 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | dbf0e2512ca759d8dd910d1da5c2a2bf
MyBB Cross Site Scripting
Posted Apr 11, 2017
Authored by Zhiyang Zeng

MyBB versions prior to 1.8.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 591df73b7ff44e890d53d2d7d2cbd00e
s9y Serendipity Cross Site Request Forgery
Posted Apr 11, 2017
Authored by Zhiyang Zeng

s9y Serendipity versions prior to 2.0.5 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 6d7bd3fb925761c7ecfe0423c5e1fd4b
Red Hat Security Advisory 2017-0893-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0893-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-2668
MD5 | d051bddb9555bd83096338e321c3936a
Red Hat Security Advisory 2017-0892-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0892-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-7910, CVE-2017-2636
MD5 | 2004fa2d5bb969c50016a2bb40186ec2
Ubuntu Security Notice USN-3258-2
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-2 - USN-3258-1 intended to fix a vulnerability in Dovecot. Further investigation revealed that only Dovecot versions 2.2.26 and newer were affected by the vulnerability. Additionally, the change introduced a regression when Dovecot was configured to use the "dict" authentication database. This update reverts the change. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
MD5 | 1b7f20688cdee39f1561015c533c2767
Red Hat Security Advisory 2017-0901-01
Posted Apr 11, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0901-01 - In accordance with the Red Hat Directory Server Life Cycle policy, Red Hat Directory Server 9 will be retired as of June 10, 2017 and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date.

tags | advisory
systems | linux, redhat
MD5 | c0d9e480da0b09ce89d8fcef75a0a92f
Quest Privilege Manager 6.0.0 Arbitrary File Write
Posted Apr 11, 2017
Authored by m0t

Quest Privilege Manager version 6.0.0 suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
advisories | CVE-2017-6554
MD5 | fe4cbc7e54eae0922e21e4d86d92173f
Adobe XML Injection File Content Disclosure
Posted Apr 11, 2017
Authored by Thomas Sluyter

Multiple Adobe products suffer from an XML injection file content disclosure vulnerability.

tags | exploit
advisories | CVE-2009-3960
MD5 | b95afbac6fbfe74f21407e5416b8c892
Social Directory Script 2.0 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

Social Directory Script version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7af8ea682ced941c4c989da44ea01cb3
Classified Portal Software 5.1 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

Classified Portal Software version 5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0bdcfe784e3f3dba168cc3cfa1d95ac9
Microsoft Security Bulletin Summary For April, 2017
Posted Apr 11, 2017
Site microsoft.com

This bulletin summary lists 59 critical and 18 important security bulletins for April, 2017.

tags | advisory
MD5 | e5dffcded3ef03a8922303313ef601c9
Microsoft Office OneNote 2007 DLL Hijacking
Posted Apr 11, 2017
Authored by Yorick Koster, Securify B.V.

Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | b33e14dcb95985bd6976931c23b1f515
Microsoft Security Bulletin Revision Increment For April, 2017
Posted Apr 11, 2017
Site microsoft.com

This bulletin summary lists six bulletins that have undergone a major revision increment.

tags | advisory
MD5 | 3109c6bcc2dd5697acebf2e4577bbc43
FAQ Script 3.1.3 SQL Injection
Posted Apr 11, 2017
Authored by Ihsan Sencan

FAQ Script version 3.1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1f8071ac26d0d01519b0eb0631ac975a
Ubuntu Security Notice USN-3257-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3257-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468
MD5 | cfcad6a0754304b4fab8d7a9aa55d3f6
Ubuntu Security Notice USN-3258-1
Posted Apr 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3258-1 - It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-2669
MD5 | af7008a864a44cf5989e2b4c2c000f8a
Gentoo Linux Security Advisory 201704-03
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-3 - Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7953, CVE-2017-2624, CVE-2017-2625, CVE-2017-2626
MD5 | 3bf20a520b63a7b145acb37348c6bd49
Gentoo Linux Security Advisory 201704-02
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-2 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 57.0.2987.133 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056
MD5 | 5957e408ccffd593df57f80275cb4b9d
Gentoo Linux Security Advisory 201704-01
Posted Apr 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.8.0-r9 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2016-9602, CVE-2017-2620, CVE-2017-2630, CVE-2017-5973, CVE-2017-5987, CVE-2017-6058, CVE-2017-6505
MD5 | b43e83a8132603e1a07d80cd66e4737a
Slackware Security Advisory - libtiff Updates
Posted Apr 11, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libtiff packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-8127, CVE-2015-8665, CVE-2015-8683, CVE-2016-3622, CVE-2016-3623, CVE-2016-3658, CVE-2016-5321, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-9273, CVE-2016-9448
MD5 | 959eb9c7319f95c3bb8cf941a2f9db49
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close