what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 436 RSS Feed

Files Date: 2017-04-01 to 2017-04-30

HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation
Posted Apr 29, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
SHA-256 | afad6aec8c41a7fdc2956fc606d1e979cc75e625296147faf54c0cf49979be05
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting
Posted Apr 29, 2017
Authored by Yorick Koster, Securify B.V.

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.

tags | exploit, arbitrary, php, xss
advisories | CVE-2017-0372
SHA-256 | 50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253
Tuleap 9.6.99.86 Command Injection
Posted Apr 29, 2017
Authored by Ben N

Tuleap versions between 8.3 and 9.6.99.86 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2017-7981
SHA-256 | aa75951262599da5e40d299b63d899b5b87a79c6c4b4b9ab02c89d781c180f0f
IML 2017 Call For Papers
Posted Apr 29, 2017
Site bindscience.com

The International Conference on Internet of Things and Machine Learning (IML 2017) will be held from October 17th through the 18th, 2017 in Liverpool John Moores University, Liverpool city, United Kingdom. Through its technical program, the conference aims to provide an outstanding opportunity for both academic and industrial communities alike to address new trends and challenges, emerging technologies and progress in standards on topics relevant to today's fast moving areas of Internet of Things and Machine Learning. This workshop will discuss new results in the field of Internet of things and machine learning.

tags | paper, conference
SHA-256 | 4a3a6000dcf4d1550de47ee295b23371a6f2dd3059a12c5b3577b059f8f4610c
Panda Cloud Antivirus Free 18.0 Denial Of Service
Posted Apr 29, 2017
Authored by Peter Baris

Panda Cloud Antivirus Free version 18.0 suffers from a PSKMAD.sys denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a6bac1e24962b0e5e457f5b1f41cfd2f18bc6f49630f5250be3fb14fadab90ef
IrfanView 4.44 Denial Of Service
Posted Apr 29, 2017
Authored by Dreivan Orprecio

IrfanView version 4.44 suffers from an overflow vulnerability.

tags | exploit, denial of service, overflow
SHA-256 | 733c379ee42e567d696579edf278a3b20d3e2978a16e590732cfd712a558e9a1
HPE Security Bulletin HPESBHF03738 1
Posted Apr 28, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03738 1 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. These vulnerabilities could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, vulnerability, code execution
advisories | CVE-2017-5804, CVE-2017-5805, CVE-2017-5806
SHA-256 | e37af6fda3086190693197fc3686cee7e79823adc2878ebe34be309798c6f1a3
Debian Security Advisory 3838-1
Posted Apr 28, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3838-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291
SHA-256 | 51705242c8063924dd932d702cadd8ae9313aada99ea450bb47fd72ebff518af
Ubuntu Security Notice USN-3270-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-5461
SHA-256 | 44be071f187a0942450fff54f9c82abbf62b4771273b8f124a15a42e6b7d3d03
Ubuntu Security Notice USN-3272-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-1 - It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291
SHA-256 | 4015e0f3946b15d5f86b1f9f2e921a3c57df6d8cc654f08da49a0578dcfed0a9
Ubuntu Security Notice USN-3271-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3271-1 - Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possible execute arbitrary code. Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841, CVE-2016-4738, CVE-2017-5029
SHA-256 | 5b9baa4caca5baf512247834862d3d2f28d5caca515396d8ef5d295c535b59b1
Debian Security Advisory 3836-1
Posted Apr 27, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3836-1 - It was discovered that weechat, a fast and light chat client, is prone to a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.

tags | advisory, remote, overflow
systems | linux, debian
advisories | CVE-2017-8073
SHA-256 | 7f2901b36e641f312f34c381cfe95943ab367a5b73419cc336b2972cfdea9cf2
Live Helper Chat 2.58v Cross Site Scripting
Posted Apr 27, 2017
Authored by Sylvain Heiniger

Live Helper Chat versions 2.06v through 2.58v suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8c2cd541af72808587c847fb2ea925e85c34d97b7a65f6b07c7762f3b0e35605
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
Posted Apr 27, 2017
Authored by David Tomaschik

Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
SHA-256 | be96769dc81301b02252f6d8006cd1b6c3c22bae6c57e3450ff6953e9cded4f6
TOR Virtual Network Tunneling Tool 0.3.0.6
Posted Apr 27, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. With the 0.3.0 series, clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. (Circuit crypto has been Curve25519-authenticated since 0.2.4.8-alpha.) This series also includes numerous other small features and bugfixes, along with more groundwork for the upcoming hidden-services revamp.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | a3e512e93cb555601fd207d914d7c5fe981d66d6ebb5821ecdf5dea738c2fb14
Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
Posted Apr 27, 2017
Authored by Ivan Fratric, Google Security Research

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.

tags | exploit
systems | windows
advisories | CVE-2017-0202
SHA-256 | 149166f2d66d26f641ea07d704e2cf7bd66635da58a4980d0fd218ed33ccaddd
Ubuntu Security Notice USN-3269-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3269-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3331, CVE-2017-3450, CVE-2017-3453, CVE-2017-3454, CVE-2017-3455, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458, CVE-2017-3459, CVE-2017-3460, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3465, CVE-2017-3467, CVE-2017-3468, CVE-2017-3599, CVE-2017-3600
SHA-256 | faa4cb06a63e88b6cc80f14511115fca41abcfc7e1856617f6415bde543ea9cf
FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
Posted Apr 27, 2017
Authored by Cy Schubert | Site security.freebsd.org

FreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack.

tags | advisory, denial of service, udp, tcp, memory leak
systems | freebsd
advisories | CVE-2017-1081
SHA-256 | b89fc05b57fe99553d6a74a79295d9f06af2e8419b5f1dde9462382576ce7f24
Gentoo Linux Security Advisory 201704-04
Posted Apr 27, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201704-4 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.148 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
SHA-256 | 490c2c681bc25ea71d983c03704a7c944125bc080deea683949220ed88b28a4a
Simple File Uploader Arbitrary File Download
Posted Apr 27, 2017
Authored by Daniel Godoy

Simple File Uploader suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 997c4b9ae11b593d913fe5d1e54ba62c788bb4e17866a7ef3743863d6799d051
Easy File Uploader Remote Shell Upload
Posted Apr 27, 2017
Authored by Daniel Godoy

Easy File Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 3352f635424a1c854fdc560ad724e93227e49110bd4e645b6b76df1decf178e9
TYPO3 News Module SQL Injection
Posted Apr 27, 2017
Authored by Charles FOL

The TYPO3 News module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb71657eaa7e4ca543ead5df7415208b7f27687d4255a45a2c042482a48a7805
Mercurial Custom hg-ssh Wrapper Remote Code Execution
Posted Apr 26, 2017
Authored by claudijd | Site metasploit.com

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

tags | exploit, arbitrary, code execution, python
SHA-256 | 3acc84b6f8e63aa4048c020f1cbb6715f0ebe485e8a5e708cb011992316f75e9
Confluence 6.0.x Information Disclosure
Posted Apr 26, 2017
Authored by David Black | Site atlassian.com

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.

tags | advisory, web, info disclosure
advisories | CVE-2017-7415
SHA-256 | 81936b182168b27dc4d9e1c13e26ed7b479fb032c93be23162cb3365c172323e
Apache Hadoop DataNode Missed Validation
Posted Apr 26, 2017
Authored by Sunil Yadav

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Apache Hadoop versions 2.6.x and earlier are affected.

tags | advisory
advisories | CVE-2017-3162
SHA-256 | 9b5a91772515b1e4ae857e6ca6ac791ebbdaa6bbd1627cc0c0adba28beade403
Page 1 of 18
Back12345Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close