what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-04-12

Red Hat Security Advisory 2017-0936-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0936-01 - The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieval issues. PySAML2 is the python implementation of SAML Version 2, containing all the functionality for building a SAML2 service provider or an identity provider, to be used in a WSGI environment. Multiple security issues have been addressed.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2016-10149
SHA-256 | 662dffaf8f6e55cecb0ddb566622801eaa0350c3b9637399e795569b5355dc9f
Red Hat Security Advisory 2017-0920-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0920-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-2668
SHA-256 | 9a89fcf7dbffc196f1e649194d2447be6acb493274f5cfc165ae60fa8c0d9f6c
Red Hat Security Advisory 2017-0934-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0934-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.148. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
SHA-256 | 01f9352334b56904c1d1b459f0dd3e5079623a4fef46d19ec4b26cab953ef528
Red Hat Security Advisory 2017-0914-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0914-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix: It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-3157
SHA-256 | 69ee0cc42a4fcedd8fc7dcc4795dc5b534d041f3475467e024d2d3b599e78c7c
Red Hat Security Advisory 2017-0906-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0906-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-8743
SHA-256 | 7c210a8b37d4cd2e91b8ab709f2b9b1b488e62df7478fbcbd90bdcf5da29873e
Red Hat Security Advisory 2017-0938-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0938-01 - The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieval issues. PySAML2 is the python implementation of SAML Version 2, containing all the functionality for building a SAML2 service provider or an identity provider, to be used in a WSGI environment. Multiple security issues have been addressed.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2016-10149
SHA-256 | de7ff30aa1d4e968679ee073b9115f366ede425ba624d05dec230cdc4fbc6e9a
Red Hat Security Advisory 2017-0937-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0937-01 - The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes can be used instead of the originals to protect against entity-expansion and DTD-retrieval issues. PySAML2 is the python implementation of SAML Version 2, containing all the functionality for building a SAML2 service provider or an identity provider, to be used in a WSGI environment. Multiple security issues have been addressed.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2016-10149
SHA-256 | 184cc9c785bfb021433d3cc8885481e8aa8e742e95c1a94e4abd7c0ef75d9159
Red Hat Security Advisory 2017-0935-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0935-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
SHA-256 | dfeba34f99d8b5928fb61824dc2cceb09d386051458b8e2eadebba75d6d3cd9a
Red Hat Security Advisory 2017-0898-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0898-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.

tags | advisory, web, xss, ruby
systems | linux, redhat
advisories | CVE-2017-2653
SHA-256 | 4fb7e840da60c5dd31a9dca1157ce3e5bb64bcb5760125959af531a7970d6266
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
Posted Apr 12, 2017
Authored by Project Insecurity, sxcurity | Site insecurity.zone

uc-httpd is an HTTP daemon used by a wide array of IoT devices and is vulnerable to local file inclusion and directory traversal bugs.

tags | exploit, web, local, file inclusion
SHA-256 | d583ce6e0faa99e3ff30f47b816c36a63c1e1af19c12d7218a3f30aaf3d64676
Red Hat Security Advisory 2017-0933-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0933-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636
SHA-256 | d62a22056f77c69b85be3432a3ddad3618fb07b8bf190c3dd156126b15c687aa
Red Hat Security Advisory 2017-0932-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0932-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636, CVE-2017-6074
SHA-256 | b6e837c5c6ec5d457e2ca9d9145c07e4d2242405330b287dec280775937eae69
Red Hat Security Advisory 2017-0931-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0931-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636
SHA-256 | 714e1be0b6af4319eb0e7f445bb8e74fce8c80e69b24a9160355e5649e77166a
FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
Posted Apr 12, 2017
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service.

tags | advisory, remote, denial of service, spoof
systems | freebsd, bsd
advisories | CVE-2016-9042, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
SHA-256 | 92abc0111893b4eeb3b063ef449923e64c15b3e5a16cf8dcda93aa8f0dc6e37f
Debian Security Advisory 3829-1
Posted Apr 12, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3829-1 - Quan Nguyen discovered that a missing boundary check in the Galois/Counter mode implementation of Bouncy Castle (a Java implementation of cryptographic algorithms) may result in information disclosure.

tags | advisory, java, info disclosure
systems | linux, debian
advisories | CVE-2015-6644
SHA-256 | d98f1156ad17e6e618055ad721d75530eee12f746653a8467f5ef500b7224c50
Horde Groupware Webmail 3 / 4 / 5 Code Execution
Posted Apr 12, 2017
Site securiteam.com

Horde Groupware Webmail versions 3, 4, and 5 suffer from multiple remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | 8e4f52da4fb8f8d076ad0acdbf92ed0cab5370ebe082eb4c7c746bda8d6b5728
Proxifier 2.19 Privilege Escalation / Code Execution
Posted Apr 12, 2017
Authored by Mark Wadham

Proxifier version 2.19 introduced a kext signature verification to the KLoader binary as a fix for CVE-2017-7643 but Proxifier.app performs no verification of the KLoader binary that gets executed as root.

tags | exploit, root
advisories | CVE-2017-7643
SHA-256 | 36b64d6583f82f0faba0e74037d1b6ae26b4edc361fd2e029c46e9d3918f1e85
Brother MFC-J6520DW Password Change Authentication Bypass
Posted Apr 12, 2017
Authored by Patryk Bogdan

Brother MFC-J6520DW suffers from a password changing authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2017-7588
SHA-256 | 5ab11ab0d2d1f2c90582e2e399ab1ef0360bb9c0644b49b79be53953178a9c00
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close