Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-05-16

Ubuntu Security Notice USN-3275-2
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.

tags | advisory, java, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544
MD5 | 96e6c619edd93d2cedb3a6d444ee9083
Red Hat Security Advisory 2017-1232-01
Posted May 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
MD5 | 8a6b8657502d2b08375c8eda6da0718e
Red Hat Security Advisory 2017-1233-01
Posted May 16, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-2636
MD5 | 56aab8e44a93d682dc27d380f5a06ece
Ubuntu Security Notice USN-3272-2
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-10217, CVE-2016-10219, CVE-2017-8291
MD5 | 8e1c7616b7cebb7f13d6f9962e89f7aa
Ubuntu Security Notice USN-3289-1
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7377, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8309, CVE-2017-8379
MD5 | 7abf3f0ebbce10a558a97193bc0130eb
NextCloud / OwnCloud Cross Site Scripting
Posted May 16, 2017
Authored by Manuel Mancera

NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.

tags | exploit, xss
advisories | CVE-2017-0891
MD5 | 90a88078574ed841e7ddfd88ba6d1a4e
HP Wireless Mouse Spoofing Issue
Posted May 16, 2017
Authored by Micha Borrmann, Matthias Deeg

HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.

tags | advisory
MD5 | c2aa6929abe16f687a30bf704401e63e
Microsoft Windows win32k!xxxClientLpkDrawTextEx Memory Disclosure
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows suffers from a stack memory disclosure vulnerability in win32k!xxxClientLpkDrawTextEx.

tags | exploit
systems | windows
advisories | CVE-2017-0245
MD5 | e28d56ebf83a884d63fcc05a4f318288
Microsoft Windows Kernel nt!NtTraceControl Memory Disclosure
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

The handler of the nt!NtTraceControl system call (specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E) discloses portions of uninitialized pool memory to user-mode clients on Microsoft Windows 10 systems.

tags | exploit
systems | windows
advisories | CVE-2017-0259
MD5 | 699f4cfcc05dedec9020e6ad6bfac9f4
Microsoft Windows Kernel DACL Descriptor Uninitialized Memory
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from an uninitialized memory issue in the default DACL descriptor of system processes token.

tags | exploit, kernel
systems | windows
advisories | CVE-2017-0258
MD5 | 360c787ff1a36b6077f7619614ae0805
Microsoft Windows Kernel bind() Out-Of-Bounds Read
Posted May 16, 2017
Authored by Google Security Research, mjurczyk

Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.

tags | exploit, denial of service, kernel
systems | windows
advisories | CVE-2017-0175, CVE-2017-0220
MD5 | fb714457eb0672ef6032af4d1179f3ea
Falco 0.6.1
Posted May 16, 2017
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: Small changes to token bucket used to throttle falco events. Various other fixes and changes.
tags | tool, intrusion detection
systems | unix
MD5 | 5cff672d550bdd68a80566fdd54b00cf
Payload Mask 0.2
Posted May 16, 2017
Authored by coolervoid

Payload Mask is a payload editor that can mutate an initial dataset.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 4c486a7c8a5ddaa85bf3285200b14335
TOR Virtual Network Tunneling Tool 0.3.0.7
Posted May 16, 2017
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions of Tor 0.3.0.x, where an attacker could cause a Tor relay process to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; clients are not affected.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | fee12ede9172905ba3258db871b6c499
Apple Security Advisory 2017-05-15-7
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.

tags | advisory, denial of service, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
MD5 | 725655eec756ea4992a71043d722719d
Apple Security Advisory 2017-05-15-6
Posted May 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-05-15-6 - iTunes 12.6.1 is now available and addresses memory corruption issues.

tags | advisory
systems | apple
advisories | CVE-2017-6984
MD5 | a8ca048d604ac908793b969319240f49
Ubuntu Security Notice USN-3288-1
Posted May 16, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3288-1 - It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802
MD5 | 9f4d7b18f8b58d9cedfaf10ddbee5634
PlaySms 1.4 Remote Code Execution
Posted May 16, 2017
Authored by Touhid M.Shaikh

PlaySms version 1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | e424148e741d37bb81caa355da3894ce
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close