the original cloud security
Showing 1 - 25 of 32 RSS Feed

Files Date: 2017-04-20

Ubuntu Security Notice USN-3261-1
Posted Apr 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-7907, CVE-2016-8667, CVE-2016-8669, CVE-2016-9381, CVE-2016-9602, CVE-2016-9603, CVE-2016-9776, CVE-2016-9845, CVE-2016-9846, CVE-2016-9907, CVE-2016-9908, CVE-2016-9911, CVE-2016-9912, CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552
MD5 | 915cb728441d7f074c130ac020c5589b
WordPress Connection Information Cross Site Request Forgery
Posted Apr 20, 2017
Authored by Yorick Koster, Securify B.V.

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.

tags | exploit, csrf
MD5 | 25a2023423f7860059c0e4cb8e179437
Safari Browser Memory Corruption
Posted Apr 20, 2017
Authored by Google Security Research, natashenka

Safari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.

tags | exploit
advisories | CVE-2017-2464
MD5 | b828734a574ca2428bb6b25dbf91a124
Oracle PeopleSoft ToolsRelease / ToolsReleaseDB / HCM SSRF
Posted Apr 20, 2017
Authored by Roman Shalymov

Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2017-3546
MD5 | 1c066239dfe2408203084a2f7628f172
Oracle E-Business Suite 12.2.3 SQL Injection
Posted Apr 20, 2017
Authored by Dmitry Chastuhin

Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-3549
MD5 | 80d90c7ada0dc88ced327bfe102d0638
Oracle PeopleSoft HCM 9.2 XXE Injection
Posted Apr 20, 2017
Authored by Nadya Krivdyuk

Oracle PeopleSoft HCM version 9.2 on PeopleTools version 8.55 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2017-3548
MD5 | 2d8f4923676b948571c9249b362d7b59
Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit
Posted Apr 20, 2017
Authored by Todor Donev

Microsoft Windows IFEO Winlogin SYSTEM backdooring exploit.

tags | exploit
systems | windows
MD5 | 4df690666f51efeb0d89fa0b54a2241c
Hack In The Box GSEC 3 Call For Papers
Posted Apr 20, 2017
Site gsec.hitb.org

Final call for the third annual Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.

tags | paper, conference
MD5 | b2356a36a9744a3e5bec326c67502810
October CMS 1.0.412 Code Execution / Shell Upload
Posted Apr 20, 2017
Authored by Anti Rais

October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss
MD5 | e702737b1f0f3d12d56ab625156a9afc
Red Hat Security Advisory 2017-1105-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1105-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2017-3136, CVE-2017-3137
MD5 | 4efc415cf40b0a9368a3ec5245512228
Debian Security Advisory 3831-1
Posted Apr 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, web, denial of service, overflow, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469
MD5 | e8e4d6d84d9ead16c475d109c46cf94a
Red Hat Security Advisory 2017-1104-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1104-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469
MD5 | 51ab8e218dea5199a29677ce1c7a1a15
Red Hat Security Advisory 2017-1103-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b6f69ed4eecd4dfe84f0bfbb69295cf7
Red Hat Security Advisory 2017-1102-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b47daff0d9117701e6eeb7115d2b0967
Red Hat Security Advisory 2017-1101-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | dbfff630772fa1291b105e6b0d746891
Red Hat Security Advisory 2017-1100-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b22531328401a1a5172c9103b1791b28
Packet Fence 7.0.0
Posted Apr 20, 2017
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Added provisioning support for SentinelOne. Added MariaDB Galera cluster support. All services are now handled by systemd. Various other updates and improvements.
tags | tool, remote
systems | unix
MD5 | de39bf9e6741b6e2f5a5fdeadfe99e93
VirtualBox 5.0.32 Windows Process COM Injection Privilege Escalation
Posted Apr 20, 2017
Authored by Google Security Research, forshaw

The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.

tags | exploit, arbitrary
advisories | CVE-2017-3563
MD5 | 827e5e747d1adace7588fea8541830f2
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-8584
MD5 | 005e0bebe474fcf55e7c7e59c977ddc0
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
MD5 | 1adf882631024240e0ddc894cd726f0b
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
MD5 | e64dcba98301f1ab384f8984e9224a9b
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 3cf21d2a823e33a734b8a40da596090a
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 7f4e75e562a262a818281920334a6854
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
MD5 | aa20468f976a8f6eddbfec0fe9caa436
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
MD5 | 60527f7fa635a3aa1bf0b3ea132bd026
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close