Exploit the possiblities
Showing 1 - 25 of 27 RSS Feed

Files Date: 2017-05-10

SAP SAPCAR 721.510 Buffer Overflow
Posted May 10, 2017
Authored by Core Security Technologies, Martin Gallo, Maximiliano Vidal

Core Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.

tags | exploit, local, code execution
advisories | CVE-2017-8852
MD5 | 3d6f950a9eef0caafbc05be378131051
Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
Posted May 10, 2017
Authored by Tim Herres, Stefan Pietsch | Site foxmole.com

Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2017-7886, CVE-2017-7887, CVE-2017-7888, CVE-2017-8879
MD5 | a4c8a7af79d0f44749e922bf00036613
Side Channel Attack Countermeasures In Cryptographic Systems
Posted May 10, 2017
Authored by James Fell

Side channel attacks against cryptographic systems involve identifying ways in which their physical implementations leak useful information. A cryptographic algorithm may be secure on paper but when implemented on physical hardware some of the secret data, such as key bits, may potentially be recovered by an attacker by measuring various physical properties whilst encryption or decryption is being performed. This essay reviews the most successful countermeasures that can be used to make different classes of side channel attacks as difficult as possible. An understanding of basic principles of cryptography is assumed.

tags | paper
MD5 | cac393efbdd310e9a2ca73805bcb9ebd
ASUS Routers CSRF / Information Disclosure
Posted May 10, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
advisories | CVE-2017-5891, CVE-2017-5892
MD5 | 3d95db7d42745579a0c76b4da4866297
MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution
Posted May 10, 2017
Authored by Juan Sacco

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.

tags | exploit, remote, code execution
MD5 | 27aed1d2f12f7dbbf27284d6b7558bd7
Microsoft OneDrive iOS App 8.13 Insecure URI Scheme Handling
Posted May 10, 2017
Authored by Siddhartha Tripathy | Site sec-consult.com

Microsoft OneDrive iOS App version 8.13 suffers from insecure handling of URI schemes.

tags | exploit
systems | ios
MD5 | da936eae0a4879da17612c7669145131
Apache Cordova Android 5.2.2 Information Leak
Posted May 10, 2017
Authored by Mark Ward

Apache Cordova Android versions 5.2.2 and below suffer from an internal system information leak.

tags | advisory
advisories | CVE-2016-6799
MD5 | c109b481f4c903a3ee8516c0d4a9ab9d
Microsoft Security Bulletin Summary For May, 2017
Posted May 10, 2017
Site microsoft.com

This bulletin summary lists 65 critical and 9 important security updates in May, 2017.

tags | advisory
MD5 | 5bb358ebd6c943e889d6ca01b6034913
Red Hat Security Advisory 2017-1206-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1206-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
MD5 | 54bdd32f200ad9078d2fc5c08d01724d
Red Hat Security Advisory 2017-1205-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1205-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
MD5 | 0df480974dac7b71d873a004e4e3978c
Red Hat Security Advisory 2017-1218-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1218-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.3 serves as a replacement for Red Hat JBoss BPM Suite 6.4.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-2674, CVE-2017-7463
MD5 | 101e47c9d8771c3e9364da2a8208a8fe
Red Hat Security Advisory 2017-1217-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1217-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.3 serves as a replacement for Red Hat JBoss BRMS 6.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-2674, CVE-2017-7463
MD5 | 427dd241404cd32ba2fc3458920ee2a5
Red Hat Security Advisory 2017-1216-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1216-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-2183, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3511, CVE-2016-3598, CVE-2016-5542, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259
MD5 | 1b1c3e015433b4147e439e0d3b85f20e
Red Hat Security Advisory 2017-1209-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1209-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Security Fix: A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.

tags | advisory, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2017-6074
MD5 | 93672f4ccb6661358bda7b9f2c04ec3f
Red Hat Security Advisory 2017-1220-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1220-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 1942477d49243e1ffe2094937b0c15b8
Red Hat Security Advisory 2017-1221-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1221-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 3ac3544374a1cd3134a6cf805e2c55b7
Red Hat Security Advisory 2017-1222-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1222-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | d93c1be428e604e3321fa97d59b20ebb
Debian Security Advisory 3848-1
Posted May 10, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3848-1 - Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

tags | advisory, shell
systems | linux, debian
advisories | CVE-2017-8386
MD5 | e60c0d507349db5ea9c6655ff7195174
Ubuntu Security Notice USN-3283-1
Posted May 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3283-1 - Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8270, CVE-2015-8271, CVE-2015-8272
MD5 | 47b6c119d9009315fc0c3b4f75ab4ca4
Debian Security Advisory 3847-1
Posted May 10, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3847-1 - Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2016-10013, CVE-2016-10024, CVE-2016-9932, CVE-2017-7228
MD5 | 46b33a3c85b762ad3077f102ed02350f
HP Security Bulletin HPESBST03739 1
Posted May 10, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBST03739 1 - A potential security vulnerability with Brocade Fabric OS (FOS) has been addressed in HPE StoreFabric B-series Switches. The vulnerability could be remotely exploited to allow an authenticated attacker to elevate the privileges of user accounts. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-8202
MD5 | 2a6c3a747caaca67a1dee85b257aeade
Red Hat Security Advisory 2017-1219-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1219-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.171. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
MD5 | a22b0c723019e685755ca86a79a1922f
Gentoo Linux Security Advisory 201705-08
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-8 - Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. Versions less than 11.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-3395, CVE-2015-3417, CVE-2016-1897, CVE-2016-1898, CVE-2016-2326, CVE-2016-3062
MD5 | 43e76f7cf6ac43c9904b5abf0a7d455e
Gentoo Linux Security Advisory 201705-07
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-7 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 45.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
MD5 | 7b67bfcdf50dbecf9a4bdfc2dfe0e026
Gentoo Linux Security Advisory 201705-06
Posted May 10, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-6 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 45.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410
MD5 | 8d3ea9deea572224d3a7687475928176
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close