all things security
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-04-19

Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
MD5 | 4f9ee58cfbe5fe18bbb4aa1a4926eca7
WordPress Ultimate Form Builder Cross Site Scripting
Posted Apr 19, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ultimate Form Builder plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b73d6d904bedc435f3d2dff13d9d57eb
OpenText Documentum Content Server Privilege Evaluation
Posted Apr 19, 2017
Authored by Andrey B. Panfilov

OpenText Documentum Content Server suffers from a privilege evaluation issue using crafted RPC save commands. Two proof of concepts included.

tags | exploit, proof of concept
advisories | CVE-2017-7220
MD5 | 26b6a71c9dc0176316872546a0152528
Squirrelmail 1.4.22 Remote Code Execution
Posted Apr 19, 2017
Authored by Filippo Cavallarin

Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
MD5 | 800720d25684ef211bcc844e0901eb71
Slackware Security Advisory - minicom Updates
Posted Apr 19, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-7467
MD5 | 9019dd3473360b1958843318da9db025
Red Hat Security Advisory 2017-1095-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1095-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3136, CVE-2017-3137
MD5 | 8f368c8bc500e20cefdf34889502d0b2
Red Hat Security Advisory 2017-1097-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1097-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.0 serves as a replacement for Red Hat JBoss Data Grid 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: An infinite-loop vulnerability was discovered in Netty's OpenSslEngine handling of renegotiation. An attacker could exploit this flaw to cause a denial of service. Note: Netty is only vulnerable if renegotiation is enabled.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-4970, CVE-2017-2638
MD5 | aea66c2d9170d5cece79d261b76067e0
Dmitry 1.3a Local Stack Buffer Overflow
Posted Apr 19, 2017
Authored by Hosein Askari

Dmitry (Deepmagic Information Gathering Tool) version 1.3a suffers from a local stack buffer overflow vulnerability.

tags | exploit, overflow, local
advisories | CVE-2017-7938
MD5 | 133defca755e7827e7185773d2a9c197
Microsoft RTF Remote Code Execution
Posted Apr 19, 2017
Authored by Bhadresh Patel

Microsoft RTF CVE-2017-0199 proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2017-0199
MD5 | 11916c46b31efd35dcb2b963e50c23ca
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.

tags | exploit, kernel
advisories | CVE-2017-3576
MD5 | dca9d69e8a8c16f4ac99724d454653cf
VirtualBox Guest-To-Host Out-Of-Bounds Write
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from a guest-to-host out-of-bounds write via virtio-net.

tags | advisory
advisories | CVE-2017-3575
MD5 | 0748ee091b775b94daca046bf551edc0
WebKit operationSpreadGeneric Universal Cross Site Scripting
Posted Apr 19, 2017
Authored by Google Security Research, lokihardt

WebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.

tags | exploit, xss
MD5 | 74e0f69b83604b02e982c2ee87385931
Microsoft Windows IEETWCollector Arbitrary Directory / File Deletion Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, forshaw

Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-0165
MD5 | 53897bcfcd358cb90680438311e7af9f
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
MD5 | 3eb4ddb8e86d4a0dab985176c6c1a683
VirtualBox Host User To Host Kernel Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.

tags | exploit, kernel
advisories | CVE-2017-3561
MD5 | 5f5257c0521f76504084b603e8ef11c6
VirtualBox Guest-To-Host Local Privilege Escalation
Posted Apr 19, 2017
Authored by Google Security Research, jannh

VirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.

tags | exploit, local
advisories | CVE-2017-3558
MD5 | a88ca7fea026237f49504743f2ebd524
Red Hat Security Advisory 2017-0988-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0988-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
MD5 | 7438d75d09213a841e69c5491e5e6d7b
Red Hat Security Advisory 2017-0987-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0987-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603
MD5 | 7cb2388ce1e9408e158e055f6e7ecd2c
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close